BITS endorses Framework for managing outsourcing Risk

WASHINGTON, DC, October 25, 2001. BITS, the Technology Group for The Financial Services Roundtable, today announced that its Board of Directors has unanimously endorsed industry guidelines for selecting and managing information technology (IT) service provider relationships. The BITS Framework for Managing Technology Risk for Information Technology (IT) Service Provider Relationships establishes a framework that closely follows regulatory requirements and sets voluntary industry guidelines. These guidelines are critical in the current business environment, as the financial services industry increasingly relies on IT service providers and outsourcing to support the online delivery of financial services and core technology processes.

Providing dimension to this dramatic growth, the Gartner Group projects that worldwide markets for outsourcing professional services will break the $1 trillion mark within the next four years. The North American professional services market is expected to grow from $229 billion in 1999 to $539 billion in 2004. Narrowing the focus to financial services, Gartner reports that the total annual dollars spent on outsourcing of retail financial services has grown from $8 billion in 1998 to a projected $22 billion in 2002. The average annual growth rate for outsourcing retail financial services is projected at 27% for 1998 – 2002.

Outsourcing is defined as any circumstance where customer information or critical company data are outside the direct control of the financial services company. There are many tradeoffs an institution must consider when making decisions about outsourcing, including cost considerations, liabilities and efficiency issues. BITS launched this initiative to help financial services companies satisfy regulatory requirements as well as identify and mitigate the risks associated with outsourcing.

The BITS Framework for Managing Technology Risk for Information Technology (IT) Service Provider Relationships is the result of an intense industry effort that required the collaboration and cooperation of numerous representatives of the financial services industry, regulators and service providers. During the development process, the document was presented to a range of audiences and submitted for public comment. The resulting Framework covers most aspects of control, design and management practices for which IT services are under consideration for outsourcing or have been outsourced. The BITS Working Group was composed of financial services companies of all sizes, and included representatives from the American Bankers Association, America’s Community Bankers, Credit Union National Association, and the Independent Community Bankers of America. Co-Chairs of the Working Group were Sharon O’Bryan, ABN AMRO, Jim Dempster, Metavante and Viveca Ware, Independent Community Bankers of America.

"Our customers rely on financial institutions to provide secure services whether they are provided by our companies or our outsourcing partners. As an industry, through BITS, we stepped up to establish a common understanding of our requirements," said James H. Blanchard, Chairman and CEO of Synovus Financial Corp. and Chairman of the BITS Board of Directors.

"BITS identified the need to understand the control, security and privacy issues related to outsourced services. The result is a framework and set of guidelines that each institution can use to incorporate regulatory guidance, establish a risk management program and evaluate service provider relationships," said Gene Miller, Chairman, President and CEO of Comerica Incorporated and Chairman of the Board of Directors of The Financial Services Roundtable.


"With the increased complexity of outsourced services and relationships, the financial services industry faced the dilemma of having to find a way to establish industry guidelines for our service provider partners," said Sharon O’Bryan, Senior Vice President and Chief Technology Security Officer at ABN AMRO and Co-Chair of the BITS IT Service Provider Working Group. "Outsourcing issues have intensified as technologies have become more sophisticated, start-up vendors have entered this lucrative market and financial regulators have increased their scrutiny of outsourced relationships."

"The outsourcing of banking products, even to the point of customer interface, is becoming ever more common in the industry, particularly among community banks. In that environment, there is a benefit, indeed a need, for financial institutions to have a framework for vendor oversight as part of their risk management programs," stated Christie A. Sciacca, Director, FDIC’s Bank Technology Group.

"Outsourcing is strategically important to community banks as they serve their customers and strive to offer access to the latest technologies and services. The BITS Framework provides an invaluable tool to assist community banks in evaluating and managing service provider risk as prescribed by federal banking regulators," said Viveca Ware, Co-Chair of the BITS Working Group and Director of Payment Systems, Independent Community Bankers of America.

BITS offers this Framework in the full spirit of the Federal Financial Institutions Examination Council (FFIEC) Guidance on Technology Outsourcing, which is characterized by the Council as intended for consideration in conjunction with an organization’s overall risk management program, rather than as a prescriptive measure. The BITS Framework for Managing Technology Risk for Information Technology (IT) Service Provider Relationships can be obtained at the BITS website, Please send comments or questions to Faith Boettger, BITS,

About BITS

BITS, The Technology Group for The Financial Services Roundtable, was created in 1996 to foster the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers. Throughout its work, BITS seeks to sustain consumer confidence and trust by ensuring the security, privacy and integrity of financial transactions. BITS works as a strategic brain trust to provide intellectual capital and address emerging issues where financial services, technology and commerce intersect. Major areas of emphasis are security, privacy, standards, leveraging industry infrastructure and e-commerce market development. BITS' Board of Directors comprises the Chairmen and CEOs of some of the largest U.S. financial services holding companies as well as representatives of the American Bankers Association and the Independent Community Bankers of America.

For additional information, contact:

Cheryl Charles, Senior Director, BITS, (202) 289-4322;

BITS IT Service Provider Working Group

Co-Chairs: Sharon O’Bryan, ABN AMRO; Jim Dempster, Metavante; and Viveca Ware, Independent Community Bankers of America

Participating Institutions

ABN AMRO North America, Inc.

Allfirst Financial, Inc.

America’s Community Bankers

American Bankers Association

AmSouth Bancorporation

AMCORE Financial, Inc.

Associated Banc-Corp

Bank of America Corporation


BB&T Corporation

Capital One Financial Corporation

Centura Banks, Inc.

Charles Schwab Corporation, The

Citigroup, Inc.

City National Corporation

Comerica, Incorporated

Compass Bancshares, Inc.

Cullen/Frost Bankers, Inc.

Credit Union National Association

Edward Jones Investments

Fidelity Investments

First National Nebraska, Inc.

First Tennessee National Corporation

First Union Corporation

First Virginia Banks, Inc.

FleetBoston Financial Corporation

Ford Financial Corporation

Fortis, Inc./ Assurant Group

Goldman Sachs Group, Inc.

Harris Bankcorp, Inc.

Hibernia Corporation

Home Street Bank

IBJ Whitehall Financial Group

Independent Community Bankers of America


M&T Bank Corporation

Mellon Financial Corporation

Mercantile Bankshares Corporation

Metavante Corporation


Northern Trust Corporation

PNC Financial Services Group, Inc.

Regions Financial Corp.

State Farm Mutual Insurance Companies

SunTrust Banks, Inc.

Synovus Financial Corp.

The Chubb Corporation

Wachovia Corporation

Whitney National Bank

Zurich U.S.


Participating Associations

American Institute for Certified Public Accountants (AICPA)

Association for Financial Technology (AFT)

Bank Administration Institute (BAI)

International Security Trust & Privacy Alliance (ISTPA)

Information Technology Association of America (ITAA)

National Automated Clearing House Association (NACHA)

Securities Industry Association (SIA)

Participating Service Providers


Arthur Andersen


Axys Solution


Computer Sciences Corporation



Digital Insight

DynCorp Information Systems


EMC Corporation

Ernst & Young

First Data


Gartner Group

Grant Thornton





Jordan & Jordan





Online Resources




TPI Sourcing

Unisys Financial Services


Wave Systems