Financial Services Industry Outsourcing and Enforcement of Privacy Laws Page: 1 of 6
The following text was automatically extracted from the image on this page using optical character recognition software:
Order Code RS21809
Updated June 9, 2004
CR8 Report for Congress
Received through the CRS Web
Financial Services Industry Outsourcing and
Enforcement of Privacy Laws
M. Maureen Murphy and Angie A. Welborn
American Law Division
Concerns about enforcement of customer privacy laws across international
boundaries have been raised as the perception grows that more U.S. financial service
companies are outsourcing to foreign service providers. This report addresses some
frequently asked questions about the enforcement of federal laws requiring the
safeguarding of customer financial information in the context of this outsourcing. This
report will be updated as events warrant.
What is Outsourcing? Outsourcing refers to a business practice of securing
outside providers for functions once performed internally or for new functions that
support or augment internal operations and otherwise would be performed inside the
business, itself. Retaining core functions and farming out peripheral operations is known
as strategic outsourcing and is usually a means of maintaining a "competitive edge."'
What Functions May Be Outsourced? Unless a statute, regulatory mandate,
a company's charter, or other legal constraint precludes it, outsourcing of any function or
operation is possible. Financial services companies, particularly depository institutions,
are accustomed to close regulatory scrutiny and have been provided with various forms
of regulatory guidance on outsourcing.2 Functions that are commonly outsourced are
"core processing; information and transaction processing and settlement and activities for
lending; deposit-taking, funds transfer, fiduciary, or trading activities; Internet related
services; security monitoring; systems development and maintenance; aggregation
services; digital certification services; and call centers.... [and] human resources
administration and internal audit."3 Among the few functions that may not be outsourced
'Ann H. Spiotto and James E. Spiotto, "The Ultimate Downside of Outsourcing: Bankruptcy of
the Service Provider," 11 Am. Bankr. Inst. L. Rev. 47 (2003).
2 See, e.g., Federal Financial Institutions Examination Council (FFIEC), FFIEC TSP,
"Supervision of Technology Service Providers (March 2003).
3 Julie L. Williams and James. F. E. Gillespie, Jr., "The Impact of Technology on Banking: The
Congressional Research Service V The Library of Congress
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Financial Services Industry Outsourcing and Enforcement of Privacy Laws, report, June 9, 2004; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc815780/m1/1/: accessed May 27, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.