Agencies Issue Risk Management Guidance for Third-Party Relationships
The Federal Reserve Board, FDIC, and OCC (collectively, the Agencies) issued final guidance on managing risks with third-party relationships. The guidance is final as of June 6, 2023, and is relevant to all banking organizations supervised by the Agencies.
The guidance emphasizes that all activities, whether performed internally or with a third party, are required to operate in a safe and sound manner and in compliance with applicable laws and regulations. A banking organization’s use of third parties does not diminish its responsibility to meet these requirements. Accordingly, the guidance states that banking organizations must establish management practices to effectively manage the risks arising from its activities, including from third-party relationships, in order to operate in a safe and sound manner. The guidance notes that sound third-party risk management takes into account the level of risk, complexity, and size of the banking organization, as well as the nature of the specific third-party relationship.
The interagency guidance intends to provide sound risk management principles that supervised banking organizations can leverage when developing and implementing risk management practices. The guidance covers all stages in the life cycle of third-party relationships, providing examples of considerations in the planning, due diligence, contract negotiation, ongoing monitoring, and termination stages of managing third-party relationships.
The final guidance follows proposed guidance the Agencies published in July 2021, previously covered by WBK here. The final guidance promotes consistency in the Agencies’ supervisory approach and replaces previous guidance from the Agencies relating to managing risks associated with all third-party relationships.