Some of the largest financial services firms in the US are banding together to develop a set of best practices for outsourcing their real-time IT processes overseas.
Members of the New York-based Financial Services Technology Consortium (FSTC) - a who's who of financial services companies, including JP Morgan Chase, Bank of America, Citigroup and Wells Fargo - have been examining offshore security, privacy, business continuity and contract-cancellation issues associated with offshore management of onshore applications. The goal is to complete a best-practices report by the end of the year.
The FSTC will also work with suppliers and financial services groups such as the financial industry consortium BITS in Washington. The group recently updated two outsourcing guideline documents to include overseas production support.
The BITS reports offer guidelines for complying with regulations. The second of the two documents, available for public comment until 28 October, suggests guidelines for security audits, supplier management and cross-border relationships.
"What we were looking to do for our members is develop risk mitigation tools that the industry can use to identify and understand the controls service providers are using . . . around things like access and communications," said Faith Boettger, the senior consultant in charge of the BITS initiative.
The FSTC seems to be taking a more tactical approach. For instance, it will look at data-masking technologies and offer guidelines on technology features.
By participating in this effort, companies may be sharing competitive information. But Jim Salters, director of technology initiatives and project development at the FSTC, said that if any firm makes a mistake in managing offshore operations, there could be ramifications from lawmakers and regulators for everyone in the industry. "It's really not considered a proprietary issue at this point," he said.
Patrick Thibodeau and Lucas Mearian write for Computerworld