May 30, 2019
American Bankers Association’s Risk and Compliance
In an article published on May 30 in ABA Banking Journal, Brad Rustin and Samer Roshdy discuss FDIC’s financial institutions letter FIL-19-2019, highlighting contractual deficiencies in banks’ contracts with technology service providers.
The FDIC letter reaffirms the long-standing regulatory notion that a financial institution cannot discharge its responsibilities, which includes managing its business continuity and incident response processes, by outsourcing activities to third-party service providers. “Thus, banks, as part of their due diligence and ongoing monitoring, must ensure that business continuity and incident response risks are adequately addressed in service provider contracts,” the attorneys share. “Adding the contractual provisions noted above forces financial intuitions to identify and mitigate some of the inherent risks related to technology service provider contracts.”
The FDIC’s letter also serves as a reminder to the industry that federal banking regulators will continue to scrutinize relationships with technology service providers. The latest fintech wave within the industry has proven that financial institutions find it worthwhile to enter into partnerships with technology service providers. Rustin and Roshdy explain, “Banks participating in this fintech wave should, at a minimum, establish a first line of defense against regulatory scrutiny by including effective protections in their technology service provider contracts.”
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.