InfoBytes Blog
Security at Financial Institution Service Provider Scrutinized by Regulators
Recently, Fidelity National Information Services, Inc. (FIS), a company providing payment processing and other services to banks and other financial institutions, reportedly was the subject of a critical assessment by the FDIC. The FDIC report comes in the aftermath of a 2011 security breach at the company and a subsequent examination by the FDIC, OCC, and the Federal Reserve Bank of Atlanta. According to the report, the FDIC demanded that FIS immediately address eight issues, including risk management and information security issues. The FDIC allegedly also stated that actions taken by the company to date were insufficient given the regulatory concerns and weaknesses identified by the FDIC. The NCUA received the FDIC report and forwarded to credit unions with an advisory note to use the report in managing vendor relations with FIS. The report on FIS comes as regulators are placing enhanced scrutiny on financial institutions relationships with third party service providers. In April, the CFPB issued Bulletin 2012-03, providing guidance to regulated entities on the oversight of business relationships with service providers. The CFPB bulletin states that [t]he CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships and lists specific minimum steps that should be a part of service provider oversight.