CSI and BITS cut outsource risk

PORTLAND, OREGON – The Collaborative Software Initiative (CSI) has licensed the content of the BITS Shared Assessments Program to develop a product that facilitates compliance for outsourcing investment banks and their vendors.

CSI aims to use the new licence to create an open-source, front-end data-gathering application to enable efficient use of the shared assessments vendor questionnaire.

The application is designed to reduce risks over protecting financial data in the hands of vendors while freeing up budgets and resources for competitive operations elsewhere.

“A number of banks participated in the programme and documented a technical specification for vendor assessment. They then approached CSI to design and develop the questionnaire, which could be deployed in multiple environments – Windows, Linux, Unix – with technical support provided by CSI,” says Stuart Cohen, chief executive officer of CSI.

The Shared Assessments Program was created by BITS, a non-profit industry consortium whose members include Citibank, Morgan Stanley, JP Morgan and Goldman Sachs. Cohen stresses that collaboration with the large Wall Street firms as well as regional banks already used to working together in the same trade associations leads to lower development and support costs, and provides broad applicability for industry standards.

“The bigger banks will have to develop and implement sooner, but we anticipate them all using the same questionnaire because, from the regulators’ standpoint, if the big banks are using a broader set of questions for compliance, they would expect the regional banks to do that as well,” said Cohen.

All financial institutions require vendors to complete assessment questionnaires, and CSI hopes to provide across-the-board efficiency by allowing vendors to complete the same questionnaires and submit them to a range of financial institutions.

“The goal of the Shared Assessments Program is to be the industry’s de facto standard,” adds Cohen. “CSI’s XML format and the Regulation Q application provide a substantial productivity gain both to outsourcing vendors and financial institutions, versus working through a static spreadsheet format for the SIG.”

The questionnaire is designed to operate independently or can be integrated into existing operational risk management systems, with an interchange mechanism offered to streamline participation in the programme.

“Our intention is to begin beta tests with banks and vendors in November,” said Cohen. “Some of the largest banks will have 3,000 – 5,000 questionnaires submitted to them over the next few years. Additionally, the major vendors will have to submit this questionnaire hundreds of times a year.”