Federal banking regulators today issued long-awaited joint guidance for financial institutions when managing risks associated with third-party relationships, including relationships with technology providers. The three agencies—the Federal Reserve, FDIC and OCC—also said they plan to develop additional resources to assist community banks in managing third-party risks. The guidance replaces each agency’s existing guidance on third-party risk management.
The guidance establishes principles for all banking organizations to consider when developing and implementing risk management practices governing third-party relationships, according to the agencies. The document offers direction and expectations for all stages in those relationships, including planning, due diligence and third-party selection, contract negotiation, and termination. It also offers guidance for conducting independent reviews and maintaining documentation.
The guidance stresses that the agencies will review a bank’s risk management practices of third-party relationships as part of their standard supervisory processes. Among other things, supervisors typically assess the ability of a bank’s management to oversee and manage its third-party relationships; evaluate the effects of those relationships on the bank’s risk profile; and perform transaction testing to evaluate the activities performed by the third party and assess compliance with applicable laws and regulations, according to the document.
ABA Banking Journal Staff
Source link