The Federal Reserve Board is the latest regulatory body to update its guidance to remind financial institutions to exercise the appropriate risk management and oversight when managing outside vendors.
Available online, the guidance covers the risks associated with outside service providers and explains the responsibilities of boards of directors and senior management. The guidance also covers factors that should be considered by financial institutions in performing due diligence and provides details on vendor oversight. According to the Federal Reserve press release issued with the new guidance:
“The guidance does not discourage financial institutions from outsourcing activities to service providers, but says firms should be aware of the potential risks. If service provider relationships are not managed effectively, they may expose financial institutions to risks that can result in reputational problems, financial loss, or regulatory actions, according to the guidance.”
The Fed’s guidance is another reminder that while you can outsource various functions of a financial institution, you can’t outsource risk. Whether a financial institution is managing its own technology and services or relies on a vendor for support, the institution is responsible for ensuring everything is done in compliance with all applicable regulations and laws.
Vendor management has indeed been a hot topic in the final months of 2014, and is a trend that will likely continue. The Federal Reserve is the latest organization to update its guidance on vendor management. The Office of the Comptroller of the Currency updated its own guidance in October.