• Financial institutions that have outsourcing relationships with third-party service providers face reputational, operational/transactional, compliance and strategic risks.
• When the third-party service provider resides or performs contractual work outside of the United States, an additional element of risk – "country risk" – is introduced.
• Financial institutions have the opportunity to enter into contractual arrangements with foreign-based third-party service providers with increasing frequency to handle such services as technology and data processing.
• U.S.-based third-party service providers are subcontracting substantial portions of their work to entities located outside of the United States. Many financial institutions may be unaware of these subcontracting arrangements or not adequately monitoring these relationships.
• Prior to selecting a third-party service provider, financial institutions should complete thorough due diligence.
• The financial institution's management should identify any undisclosed foreign-based subcontracting arrangements prior to entering into a contract with a foreign-based third-party service provider.
• Contracts with a third-party service provider should be written to protect the financial institution's interests.
• After the contract is signed, management should continually monitor the condition of the foreign-based third-party service provider and the country in which it is located.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Board of Directors
Chief Executive Officer
Executive Officers

Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2006/index.html .

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or 703-562-2200).