ABSTRACT
S Reimbursement for costs, notice, investigation, identity theft insurance
☐ Avoid data aggregation rights S Obligation to cleanse/scrub the data S As-is
S Indemnity for failure to cleanse and all use of data ☐ Information security
S Best industry practices S Compliance with applicable laws and regulations S Prompt reporting of potential or actual breaches S Maintain and provide log files and other forensic evidence S Audit rights S Testing, including penetration testing S Right to SAS 70 Type II or similar audits (e.g., SSAE 16) S Requirements for secure deletion and data removal
☐ Background checks ☐ Indemnification for breach of confidentiality ☐ Breaches of confidentiality and indemnifications obligations excluded from limitations of liability
☐ Audit rights S Security S Contract performance S Confirm charges and fees S Regulators
☐ Termination for regulatory issues ☐ Reject vendor audit rights in favor of offsite record review ☐ Review pricing and tying arrangements between and among products and services
☐ Compliance of software and services with relevant laws and regulations
S Right to updates without charge ☐ Limit subcontractors
S Offshore S Due diligence S Potential separate NDA
Techniques ☐ Be ready to explain the unique legal and regulatory requirements ☐ Be familiar with the Federal Financial Institutions Examination Council Handbook
☐ Review checklist of regulatory considerations at the end of this chapter
☐ Make your own checklist of key issues
This chapter discusses the unique challenges faced by financial services companies (e.g., banks, broker-dealers, insurance companies) when they enter into technology contracts. As with any customer entering into a contract for the use or acquisition of technology, financial services companies must be concerned with warranties, indemnities, scope of license, statements of work, intellectual property ownership, and the dozens of other issues common to agreements of this kind. These issues are discussed in depth in other chapters of this book. Here, however, we are going to focus on the additional, unique risks and concerns financial services companies must address in contracting for technology.
