Jump to Content
ABA: The American Bankers Association
Compliance News

FDIC Warns on 'Gaps' in Tech Vendor Contracts

The FDIC issued a letter to all banks outlining gaps that some examiners had noted in banks’ contracts with technology vendors and reiterating regulatory requirements for these contracts.

Some contracts did not require the vendor to have a business continuity plan, establish recovery standards, define remedies if a vendor misses a standard, detail a vendor’s post-incident notification duties or define key terms related to business continuity and incident response. The letter reminded banks about the interagency guidelines setting information security standards, which were issued under the Gramm-Leach-Bliley Act and the notification requirements under Section 7 of the Bank Service Company Act.