The IT Law Wiki


Board of Governors of the Federal Reserve System, Div. of Banking Supervision and Regulation, Outsourcing of Information and Transaction Processing (Supervisory Letter SR 00-04) (Feb. 29, 2000) (full-text).


This letter reiterates and clarifies the Federal Reserve's expectations regarding the management of risks that may arise from the outsourcing of critical information and transaction processing activities by banking organization. Operations addressed under this supervisory letter include the origination, processing, and settlement of payments and financial transactions, information processing related to customer account creation and maintenance, as well as other information and transaction processing activities that support critical banking functions, such as lending, deposit-taking, fiduciary, or trading activities.

While these guidelines apply to outsourced services, rather than products purchased or [license]]d from technology vendors (such as systems and software), many of the risk management techniques may also be applicable to the use and maintenance of such products.