 |
 |
electronic
data processing |
 |
|
|
|
|
|||||||||||||||||||||||||||||||
|
|
|
|
||||||||||||||||||||||||||||||||
|
Written by: Jason Dollar As the role of information technology (IT) becomes more and more vital in today’s workplace, businesses are relying heavily on those who are trained and equipped to stay up to date with new changes. For this major reason, many of today’s Financial Institutions and more importantly community banks have chosen to outsource their IT services. Many do so because they lack the human capital to provide quality in-house IT functions, and others do so because they lack the financial capital needed to pay these individuals. It seems as though it is a win-win relationship for the Bank and the IT firm, but while this practice is becoming more commonly accepted in today’s banking environment, it should be noted that it does not come without certain risks associated with all forms of outsourcing. Financial Institutions are not the only entities who are looking to outsource much of their Information Technology Services. According to a report from INPUT, it is estimated that the U.S. Government outsourcing is scheduled to grow by 55% by the year 2009. If this is true, outsourcing will be one of the fastest-growing segments of the federal IT budget over the next few years. According to Chris Campbell, a Senior Analyst of Federal Market Analysis, “An organization will be most effective when it focuses on things that it does best. In other words, the Department of Defense is best at fighting military actions, not administering data centers. The Federal Bureau of Investigation is best at investigating crimes, not developing software.” As for Banks, the same rational is held true. Many banks feel that their time is better spent focusing on lending and interest rate risk analysis rather than concerning themselves with an area such as information technology that is foreign to most. This explains why roughly 75% of bank’s outsourcing costs are related to information technology, while the other 25% is comprised of outsourcing in the areas of check processing, mortgage processing, and credit card processing. Going along with this pattern, we find that IT outsourcing is not only a North American phenomenon. According to a report by OutsourcingFinancialServices.com, of the Total Contract Value of all outsourcing done by financial institutions during the time period from 1999-2004, North America accounted for only 36% of the $90.5 billion. Europe, the Middle East, and Africa accounted for 35%, Asia/Pacific for 13%, and other multi-regional regions accounting for the other 16%. Although outsourcing has become the norm rather than the exception
for community banks, there are certain factors and risks that should
be considered when deciding whether or not to outsource and who
to use. According to the Federal Financial Institutions Examination
Council (FFIEC) Information Technology Examination Handbook, management
may choose to outsource its operations for any of the following
reasons: According to the FFIEC, “Outsourcing of technology-related services may improve quality, reduce costs, strengthen controls, and achieve the objectives listed previously. Ultimately, the decision to outsource should fit into the institution’s overall strategic plan and objectives.” Along with the decision to outsource, the FFIEC notes that the financial institution should conduct a risk assessment. Understood in the risk assessment is the fact that “the Board of Directors and Senior Management are responsible for understanding the risks associated with outsourcing arrangements for technology services and ensuring that effective risk management practices are in place. In addition, the nature of the service provided, such as bill payment, funds transfer, or emerging electronic services, may result in entities performing transactions on behalf of the institution, such as collection or disbursement of funds, that can increase the levels of credit, liquidity, transactions, and reputation risks.” The FFIEC points out that an outsourcing risk assessment should consider the following: Strategic goals, objectives, and business needs of the financial
institution It is critical that financial institutions consider all of these factors and all of its risks when choosing an outsourcing firm, because for banks, the information that it outsourced not only affects the bank, but also all of its customer’s personal information. A good idea may be to obtain a SAS 70 report on your potential vendor. This report will help you analyze the strength of the business and its ability to support your needs as an organization. The need to be thorough has never been more evident than with the current stringent IT exams being conducted throughout the Community Bank Sector. Related Articles
Contact Nichols, Cauley & Associates by Email, phone, or online form with your questions. Site visitors should keep in mind that the content is generally designed to be of general applicability. Particular state laws, regulations and special contractual provisions can greatly impact rights, responsibilities and legal obligations. Only a competent attorney, accountant or other professional looking at all the pertinent facts and circumstances of a particular situation can provide definitive guidance for you. Please refer to our important legal discalimer which can be accessed from the bottom of any BankAudit.net webpage. |
|
|
|
|||||||||||||||||||||||||||||||
 |
|
|
|
|
|||||||||||||||||||||||||||||||
|
|
|
|
 |
|