Technology Service Provider Contracts with Banks
The Federal Deposit Insurance Corporation has issued a Financial Institution Letter identifying gaps, particularly involving business continuity and incident response risks, that some examiners had noted in their review of contracts between banks and technology services vendors, points out Ropes & Gray in a client alert.
“These gaps may require banks to take additional steps to mitigate the risks that arise from them,” the authors write. “The FDIC took the opportunity to reiterate regulatory requirements for these contracts, noting that banks remain ultimately responsible when contracts do not adequately address certain risks. Cybersecurity threats remain at or near the top of risks of concern to federal banking regulators.”