1. Roles of Central Banks
Central Bank, which regulates all the banks in the country, has the power to dictate banks to avoid undertaking risky activities such as outsourcing. That’s because when outsourcing, both sides’ vulnerable points go together bearing the same risk for two companies. Even the side strong and free of risk can fail in secureness, as it will share its information with its partner company that might be less trusty and secure.
In order to maintain the security of the customer’s information and to mitigate the future unexpected risks the Central Banks almost in every country have to inspect the third party’s information security program. Determine whether the third party (Fuji Xerox) has sufficient experience in assessing, identifying and emerging vulnerabilities and threats. Moreover, when technology is essential for maintenance of service delivery, assess the third party’s application security programs and infrastructure, containing the software growth life cycle and results of vulnerability and penetration tests. Estimate the third party’s ability to implement effective and sustainable corrective actions to address deficiencies observed during testing. Which these actions in the following case with Standard Chartered Bank and Fuji Xerox were not performed well and as the consequence there was occurred illegal accessing of Bank’s 647 client’s private statements by hacking with the help of one of the servers of the Fuji Xerox’s IT Company.
In addition, use of third parties reduces management’s direct control of activities and may introduce new or augment existing risks, particularly, reputation, compliance, strategic, operational, as well as credit risks and the interrelationship of all mentioned above risks. Increased risk mostly stems from greater complexity, inferior implementation by the third party (Fuji Xerox) and poor risk management by the bank (Standard Chartered).
Using third parties does not reduce the responsibility of bank’s senior management and board of directors to guarantee that the activity is implemented in an appropriate way and in fulfillment with applicable laws.
2. Key risks involved in outsourcing
While the outsourcing of certain activities can create a number of priorities to a financial services organization, however there are a number of risks which need to be investigated carefully and need to be managed effectively. Many banks use a third party to perform certain activities that would have been usually performed by the banks themselves. Some activities are outsourced by them to a party, which may or may not be associated with the outsourcer financial institution. Financial service outsourcing is a broad based activity that encompasses credit card processing, document processing, processing of loans at the original stage, marketing and research, supervision of loans, data processing and back office activities.
However, the banks are exposed to many risks doing outsourcing. The...