New standards apply when assessing your service provider’s security and controls

frtAdmin
FRT Admin
Site administrator
August 5, 2011

For institutional investors, the ground rules for assessing the security, confidentiality, and processing integrity of their third-party service providers has fundamentally changed.

Most major financial institutions today work with numerous third-party service providers in the course of their day-to-day business. In many cases, this involves the exchange of sensitive information and requires the institution to ensure that its service providers have adequate controls in place to assure that security and confidentiality are maintained, and that any associated operational risks are mitigated appropriately. As the number of such service providers for the average institution now numbers in the dozens, most organizations must now rely on independent auditors (typically CPA firms) to assess and report on their service provider’s controls and processes.

In the past, financial institutions have looked to Statement on Auditing Standards No. 70 (“SAS 70”) reports as the primary standard for understanding their service provider’s controls. However, while the SAS 70 was a relevant means to assess the financial controls (and therefore the reliability of their service providers financial statements), many firms failed to realize that it was not appropriate to use or rely on those reports as a means to obtain assurance regarding their compliance and operations.

As a result, the American Institute of Certified Public Accountants (AICPA) has retired the SAS 70 standard and has issued a new, comprehensive set of Service Organization Control (SOC) reporting options (SOC 1, SOC 2 and SOC 3 reports). Organizations seeking to assess their service providers’ internal control over financial reporting will likely look for the SOC 1 report (which is performed in accordance with Statement on Standards for Attestation Engagements (SSAE) 16, arguably the closest analog to the original SAS 70).

describe the image

Organizations looking to obtain an in-depth understanding of the controls in place at their service providers that relate to security, availability, confidentiality, and privacy will likely turn to the SOC 2 reporting option. For service providers that serve large audiences and seek to provide a general public statement, the SOC 3 will likely be the format of choice. As a securities class action settlement claim service provider, Financial Recovery Technologies (FRT) has been proactive in establishing the necessary controls, policies, and procedures to assure the security, confidentiality, and processing integrity necessary to meet the requirements of some of the world’s largest financial institutions. With the introduction of the new SOC reporting options, the organization has initiated the process of working with auditors to examine and report on these controls in utilizing the new SOC framework.

Contact us today to find out how FRT can deliver value to your firm by recovering incremental settlement dollars while simultaneously lowering the operational overhead of filing securities class action settlement claims.

For more information about service providers’ risk management control, read this report from the American Institute of Certified Public Accountants.

ABOUT FINANCIAL RECOVERY TECHNOLOGIES
SETTLED  I  NON-US GLOBAL OPT-IN  I  ANTITRUST  I  GLOBAL PASSIVE  I  DIRECT OPT-OUT  I  BUYOUTS

Founded in 2008, Financial Recovery Technologies (FRT) is a leading technology-based services firm that helps the investment community identify eligibility, file claims and collect funds made available in securities and other class action settlements. Offering the most comprehensive range of claim filing and monitoring services available, we provide best-in-class eligibility analysis, disbursement auditing and client reporting, and deliver the highest level of accuracy, accountability and transparency available. For more information, go to www.frtservices.com.

 

This communication and the content found by following any link herein are being provided to you by Financial Recovery Technologies (FRT) for informational purposes only and does not constitute advice. All material presented herein is believed to be reliable but FRT makes no representation or warranty with respect to this communication or such content and expressly disclaims any implied warranty under law. Opinions expressed in this communication may change without prior notice. Firms should always seek legal and financial advice specific to their unique situation and objectives.