X

Banking Regulators Issue Joint Guidance on Managing Risks over Third-Party Relationships

"A bank's use of third parties does not diminish its responsibility to oversee those activities in a safe and sound manner and in compliance with applicable laws and regulations, including consumer laws."
FRB Governor Michelle W. Bowman
"A bank's use of third parties does not diminish its responsibility to oversee those activities in a safe and sound manner and in compliance with applicable laws and regulations, including consumer laws."
FRB Governor Michelle W. Bowman

The Federal Reserve Board ("FRB"), FDIC and OCC (collectively, the "Agencies") issued final guidance for banking organizations on managing the risks associated with third-party relationships.

The Interagency Guidance on Third-Party Relationships: Risk Management ("Guidance") highlights consistency concerning the supervision of third-party relationship risk management for banking organizations, particularly community banks. The Guidance recommends best practices in risk management during the different stages in the "life cycle of third-party relationships" and provides illustrations for the increasing number of third-party relationships for banks.

The Agencies expect that banking organizations assess the level of risk as well as the complexity and size of the organization involved, taking into account:

  • planning - evaluating how to manage risks before entering into a third-party relationship;
  • due diligence and third-party selection - considering whether the third party is (a) domestic vs foreign or (b) affiliate vs non-affiliate;
  • contract negotiation - building flexibility into the contract;
  • ongoing monitoring - encouraging banks to "adopt active, continuous, real-time monitoring"; and
  • termination - following compliance protocols.

The final guidance replaces each agency's existing general third-party guidance.

Comments

FRB Governor Michelle W. Bowman argued that the guidance fails to provide clear and tailored expectations for smaller banks, thereby increasing the regulatory burden without offering necessary tools for implementation. She said that the guidance should have been accompanied by resources specifically designed for community banks. She expressed disappointment in the lack of upfront investment to reduce confusion and burden. In addition, Governor Bowman highlighted a concerning trend of a "one-size-fits-all" regulatory approach that does not consider the unique challenges faced by smaller institutions.

FRB Governor Christopher J. Waller stated that the interagency guidance would help all banks develop customized supervision to manage risk associated with their specific third-party relationships with "efficient and rigorous risk management practices."

Primary Sources

  1. Interagency Guidance on Third-Party Relationships: Risk Management
  2. FRB Press Release: Agencies issue final guidance on third-party risk management
  3. FRB Staff Memo: Interagency Guidance on Third-Party Relationships: Risk Management
  4. FRB Joint Press Release: Statement by Governor Michelle W. Bowman
  5. FRB Joint Press Release: Statement by Governor Christopher J. Waller

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Individuals
Christopher J. Waller
Regulated Activities
Operations
Sub-Activity
Outsourcing
Regulated Entities
Banking Entities
Body of Law
Banking Law
Jurisdiction
US - Federal
Organization
US Banking Regulators
Sub-Author
FDIC, Federal Reserve Board, Comptroller