The Outsourcing Technology Services Booklet provides guidance for financial institutions on outsourcing technology services to third-party service providers. It covers topics such as board and management responsibilities, risk management, risk assessment, service provider selection, contract issues, ongoing monitoring, business continuity planning, information security, and outsourcing to foreign service providers. The booklet includes examination procedures, laws, regulations, and guidance, as well as appendices on foreign-based third-party service providers and managed security service providers.

“When outsourcing to a subsidiary or affiliate is considered, management must assure that the components outlined above evidence an arms-length transaction. An arrangement between a financial institution and an affiliate or subsidiary should be on terms that are substantially the same, or at least as favorable to the institution, as those prevailing at the time for comparable transactions with a non-affiliated third party.” (Page 11)

Source Regulation