Welcome » IT Booklets » E-Banking » Risk Management of E-Banking Activities » Managing Outsourcing Relationships » Contracts for Third-Party Services
As with all outsourced financial services, institutions must have a formal contract with the TSP that clearly addresses the duties and responsibilities of the parties involved. In the past, some institutions have had informal security expectations for software vendors or Internet access providers that had never been committed to writing. This lack of clear responsibilities and consensus has lead to breakdowns in internal controls and allowed security incidents to occur. The IT Handbook's "Outsourcing Technology Services Booklet" lists detailed contract recommendations for TSPs. Institutions should tailor these recommendations to e-banking services as necessary. Specific examples of e-banking contract issues include: