How is your community bank addressing its IT needs? If you’re working with third-party IT vendors, ICBA’s IT Outsourcing Toolkit can help ease and support the process. It offers a collection of resources from each stage in the outsourcing process—decisioning to execution to evaluation.
Not sure if you want or need to outsource your IT? To help you figure that out, the ICBA IT Outsourcing Pre-Decisioning Questionnaire will ask questions regarding your bank’s specific circumstances, capabilities and other considerations. And from there, the toolkit can become a platform for you to jumpstart your IT strategy. These resources are available to members.
This flowchart shows the path for IT outsourcing and handling vendors. It gives you a step-by-step overview of the process, so you can understand the overall workflow of evaluating, establishing and working with a third-party vendor.
Guide to IT outsourcing
ICBA’s The Outsourcing Lifecycle whitepaper is an overview of IT outsourcing and explains why community banks may choose to outsource instead of relying on in-house capabilities. It breaks down the pre-engagement stage: how community banks can assess their IT needs, determine if a third party can fulfill those needs and evaluate the associated risk. It also tackles the ins and outs of project management, vendor selection, request for proposal, due diligence, contracting and the criteria community banks may require from their vendors.
Vendor contract checklist
This list helps clarify what you desire out of your IT vendor and the questions you need to ask as you draft a contract with them.
What’s the scope of service for the vendor? Do they have an incident response plan, and what does notification look like for that? What fees should factor into the cost structure? Each box on this checklist includes important criteria and checking them off can help you analyze and confirm if a vendor will effectively facilitate your IT.
SOC report selection
SOC reports are essential for vendors when they provide services that can directly affect your bank’s financial reporting. Depending on factors like data storage and your specific requirements, the type of SOC can vary. This flowchart helps you understand which one your vendor should provide.
SOC report evaluation
A supplement to the report selection, this resource evaluates what a SOC report must cover. Using this SOC report evaluation flowchart can assist in proving and ensuring that a vendor’s internal controls are present, relevant, effective and operating efficiently. It’s also a good tool for assessing if there’s any risk within this vendor relationship and the outsourced services.
A guide to due diligence for fintechs
Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks helps community banks evaluate the risk that may come with a third-party relationship. In addition, it details considerations for banks when surveying a fintech partnership, including:
Business factors: client references, complaints, experience with other community banks, media reports and banking-specific experience
Market information: publicly available market information regarding competitors
Financial analysis and funding: annual reports, financial statement, auditors’ opinions as available and list of funding sources
Legal and regulatory compliance: charters, certificates of good standing, licenses, patents, intellectual property, lawsuits, settlements and consumer complaints
Risk management: policies, procedures, risk and compliance staffing, results of control reviews and audit reports, issue management policies, schedule of planned control reviews and audits, and inventory of key risk, performance and control indicators
Information security: complete information security controls assessments, incident management and response policies, incident reports and policies regarding relevant safeguarding and privacy laws and regulations
Operational resilience: business continuity plans, incident response plans, documented system backup processes and insurance documents
Watch the Webinar
If you want a more immersive way to learn what IT outsourcing can do for you and your bank, check out the IT Outsourcing: Navigating the Decision Process webinar, accessible through the ICBA IT Outsourcing Toolkit at no additional cost.