O'Reilly logo

A Guide to IT Contracting by Michael R. Overly, Matthew A. Karlyn

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

225
20
Transactions Involving Financial
Services Companies as the Customer
CHECKLIST
Form and Type of Agreement
Companys form or vendor’s form
Denitions
Denition of “condential information
S Personally identiable information
S Trading and account information
S “Insider information”
Denition of “aggregated data,” if applicable
General Requirements
Include all standard requirements discussed elsewhere in this
book for the particular type of contract under consideration
Strong condentiality clause
S Perpetual protection for personal information
S Ongoing protection for trade secrets
Compliance with customers privacy policy, including updates
Control over notices for data breaches
S Reimbursement for costs, notice, investigation, identity the
insurance
Avoid data aggregation rights
S Obligation to cleanse/scrub the data
S As-is
226  •  A Guide to IT Contracting: Checklists, Tools, and Techniques
S Indemnity for failure to cleanse and all use of data
Information security
S Best industry practices
S Compliance with applicable laws and regulations
S Prompt reporting of potential or actual breaches
S Maintain and provide log les and other forensic evidence
S Audit rights
S Testing, including penetration testing
S Right to SAS 70 Type II or similar audits (e.g., SSAE 16)
S Requirements for secure deletion and data removal
Background checks
Indemnication for breach of condentiality
Breaches of condentiality and indemnications obligations
excluded from limitations of liability
Audit rights
S Security
S Contract performance
S Conrm charges and fees
S Regulators
Termination for regulatory issues
Reject vendor audit rights in favor of osite record review
Review pricing and tying arrangements between and among
products and services
Compliance of soware and services with relevant laws and
regulations
S Right to updates without charge
Limit subcontractors
S Oshore
S Due diligence
S Potential separate NDA
Techniques
Be ready to explain the unique legal and regulatory requirements
Be familiar with the Federal Financial Institutions Examination
Council Handbook
Review checklist of regulatory considerations at the end of this
chapter
Make your own checklist of key issues
Transactions Involving Financial Services Companies • 227
OVERVIEW
is chapter discusses the unique challenges faced by nancial services
companies (e.g., banks, broker-dealers, insurance companies) when they
enter into technology contracts. As with any customer entering into a con-
tract for the use or acquisition of technology, nancial services companies
must be concerned with warranties, indemnities, scope of license, state-
ments of work, intellectual property ownership, and the dozens of other
issues common to agreements of this kind. ese issues are discussed in
depth in other chapters of this book. Here, however, we are going to focus
on the additional, unique risks and concerns nancial services companies
must address in contracting for technology.
ere are essentially two driving forces behind these unique risks and
concerns. First, these types of entities are in the business of handling very
sensitive data. As such, their attention to issues such as condentiality
and information security is greatly heightened. Second, nancial services
companies are some of the most highly regulated entities in the world.
ey are subject to a wide range of state, federal, and in some instances,
international laws and regulations regarding almost every aspect of their
operations. In addition, they receive frequent “guidances” or recommen-
dations from their regulators that must generally be followed. Some of
these laws, regulations, and guidances impose obligations on nancial ser-
vices companies to seek specic protections in their technology contracts.
Finally, nancial services companies are generally very conservative in
their approach to vendor contracting. e foregoing, however, frequently
creates signicant tension between the need to control risk and the busi-
ness imperative to “get deals done” and ensure the company’s products
and services get to market in a timely fashion.
Many technology vendors are unfamiliar with the unique nature and
strict regulatory requirements under which nancial services companies
operate. It frequently comes as a surprise to the vendor that regulators of
nancial services companies conduct audits of the nancial service com-
pany’s technology contracts to ensure they conform to applicable law and
provide the level of protection appropriate for these heavily regulated enti-
ties. Because of the foregoing, customers must be ready to explain their
unique requirements to their vendors and even provide documentation
from their regulators to establish the basis for their concerns.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required