facebook linked in twitter youtube instagram


May 30, 2019

Is Your Bank Reviewing Its Technology Contracts?

By Dowse Bradwell "Brad" Rustin, IV, Samer A. Roshdy

American Bankers Association’s Risk and Compliance

In an article published on May 30 in ABA Banking Journal, Brad Rustin and Samer Roshdy discuss FDIC’s financial institutions letter FIL-19-2019, highlighting contractual deficiencies in banks’ contracts with technology service providers.

The FDIC letter reaffirms the long-standing regulatory notion that a financial institution cannot discharge its responsibilities, which includes managing its business continuity and incident response processes, by outsourcing activities to third-party service providers. “Thus, banks, as part of their due diligence and ongoing monitoring, must ensure that business continuity and incident response risks are adequately addressed in service provider contracts,” the attorneys share. “Adding the contractual provisions noted above forces financial intuitions to identify and mitigate some of the inherent risks related to technology service provider contracts.”

The FDIC’s letter also serves as a reminder to the industry that federal banking regulators will continue to scrutinize relationships with technology service providers. The latest fintech wave within the industry has proven that financial institutions find it worthwhile to enter into partnerships with technology service providers. Rustin and Roshdy explain, “Banks participating in this fintech wave should, at a minimum, establish a first line of defense against regulatory scrutiny by including effective protections in their technology service provider contracts.”