> > >
Video for this Topic
Sections in this Topic
Outsourcing is the use of a third-party vendor to perform activities on a continuing basis that would normally be undertaken by the bank. The third party could be an affiliated entity within the bank's corporate group or an entity external to the bank's corporate group. Many minority and de novo bank officials have said that the selection and management of vendors has been more complicated and more costly than they expected. It is important to understand how to select vendors and how to mitigate associated risks.
Banks outsource to take advantage of many different benefits. By outsourcing through experienced service providers, a bank can quickly improve the quality of its services, increase its operational or financial efficiencies, and, in many cases, reduce costs. Outsourcing may also allow bank management to increase its focus on the core business functions, expand the availability of bank services, and accelerate the delivery of such services.
Several risks associated with outsourcing must be understood and carefully managed; for example, strategic risk, reputational risk, compliance risk, and operational risk.
The board of directors must maintain effective oversight and ensure that effective controls are in place. Management must maintain effective oversight but must also effectively manage any outsourcing relationships. At the start, management must be prepared to select a qualified vendor, manage and monitor the outsourcing agreement, ensure that controls are in place and validated independently, and ensure that a contingency plan is in place.
Managing an outsourcing relationship involves several key steps, including risk assessments, service provider selection, contract documentation, and ongoing monitoring. In the risk assessment, management will evaluate the capability of the service provider to provide the necessary level of service. The service provider selection process must allow time for bank management to evaluate proposals and present necessary information to executive management or the board of directors for review. The contract should clearly define the rights and responsibilities of both parties and contain adequate and measurable service level requirements. As part of ongoing monitoring, the bank should periodically evaluate the vendor's compliance with service level expectations and conduct an annual performance evaluation. In addition, the bank should consider whether the financial condition of the vendor has changed and confirm that the disaster recovery plan is still adequate and updated to accommodate operational changes that may have occurred.
The bank should follow seven principles for outsourcing: