Is outsourcing IT worth the compliance risk? 

Banking has changed since the global financial crisis in 2008. The steady increase in regulations from Washington, the states and international organizations are now impacting IT leaders. As regulators examine vendor relationships and outsourcing arrangements more closely, there is a significant risk that poorly managed IT could trigger an audit finding, a fine or negative publicity. As IT leaders plan to review and renew IT service providers in 2016, here are some of the risks to manage.Download the March 2016 digital issueInside: What you need to know about staffing up for IoT, how cloud and SDN set Veritas free & much more!READ NOWIn 2013, the Federal Reserve published a document that became required reading for IT leaders. This publication – Guidance on Managing Outsourcing Risk – highlighted the fact that outsourcing a service to a third party does not eliminate responsibility. What happens if a bank fails to properly manage a third party service provider? The Federal Reserve has identified six risks that arise from outsourcing: compliance risk, concentration risk, country risk, legal risk, operational risk and reputational risk.The Office of the Comptroller of the Currency (OCC), another key U.S. financial regulator, also published guidance related to outsourcing in 2013. In OCC BULLETIN 2013-29, the organization stated, “The OCC is concerned that the quality of risk management over third-party relationships may not be keeping pace with the level of risk and complexity of these relationships.” Specifically, the OCC has noted ineffective practices such as entering into outsourcing without a contract and incentivizing a third party provider to “take risks that are detrimental to the bank.” In the view of regulators, rushing into an outsourcing arrangement to cut expenses is likely to trigger unpleasant regulatory attention.

Source: Is outsourcing IT worth the compliance risk? | CIO

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *