Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



 Home > News & Events > Inactive Financial Institution Letters



Printer Friendly IconPrinter Friendly

Inactive Financial Institution Letters

Supervision of Technology Service Providers and Outsourcing Technology Services
FIL-46-2012
November 6, 2012


Printable Format:
FIL-46-2012 - PDF (PDF Help)

Summary: The Federal Financial Institutions Examination Council (FFIEC) issued the revised Information Technology (IT) Examination Booklet on the Supervision of Technology Service Providers (TSP Booklet) and the updated IT Examination Booklet on Outsourcing Technology Services. The Board of Governors of the Federal Reserve System (FRS), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (collectively the Agencies) issued new Administrative Guidelines—Implementation of Interagency Programs for the Supervision of Technology Service Providers (Guidelines).

Statement of Applicability to Institutions with Total Assets Under $1 Billion: These documents apply to all FDIC-supervised financial institutions.

Highlights:
  • The FFIEC has issued a revised Information Technology (IT) Examination Booklet on the Supervision of Technology Service Providers (TSP Booklet), which addresses the supervision of third-party servicers that enter into contracts with regulated financial institutions and outlines the FFIEC's risk-based supervisory program related to the oversight of TSPs.
  • The revised TSP Booklet replaces the March 2003 edition and rescinds Supervisory Policy 1, "Interagency EDP Examination, Scheduling and Distribution Policy," September 1991 (Revised) and Supervisory Policy 11, "Enhanced Supervision Program for Multidistrict Data Processing Servicers," January 1995.
  • The Agencies have issued new Administrative Guidelines—Implementation of Interagency Programs for the Supervision of Technology Service Providers, which explain how the Agencies implement TSP supervisory programs. The Guidelines include examiner reporting templates.
  • The FFIEC has also updated the Outsourcing Technology Services Booklet, which details engagement criteria and examination procedures a financial institution should use when outsourcing the security management function to third parties (Managed Security Service Providers).

Distribution:
FDIC-Supervised Institutions

Suggested Routing:
Chief Executive Officer
Chief Operating Officer
Chief Information Officer

Related Topics:
FFIEC Information Technology Handbook

Attachment:
None

Contact:
Thomas Tuzinski, Senior IT Risk Examiner, Division of Risk Management Supervision,
at ttuzinski@fdic.gov or (703) 254-2235
Laura Lapin, Chief, Information Technology, Division of Risk Management Supervision,
at lalapin@fdic.gov or (703) 254-0460

Note:
An electronic version of the FFIEC press release announcing the TSP Booklet is available at http://www.ffiec.gov/press.htm. Electronic versions of the booklets are available at http://ithandbook.ffiec.gov/it-booklets.aspx. The Guidelines are available at http://ithandbook.ffiec.gov/reference-materials.aspx.

FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2012/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html. Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (877-275-3342 or 703-562-2200).


Last Updated 11/6/2012 communications@fdic.gov

Skip Footer back to content