Newly Issued Third-Party Risk Management: A Guide for Community Banks

May 20th, 2024

By Christopher Salone, Consulting Manager FoxPointe Solutions

Recently, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued the Third-Party Risk Management: A Guide for Community Banks (the guide). A community bank’s reliance on third parties does introduce operational, compliance, financial, and strategic risks. The guide, which follows the finalized guidance issued last year (read more about that here), is meant to be a resource assisting community banks in mitigating those risks and developing and implementing their third-party risk management programs.

Last year’s finalized guidance offered a framework for banking organizations to use in developing risk management practices for third-party relationships, and included considerations in the planning, due diligence, contract negotiation, ongoing monitoring, and termination stages of managing third-party relationships. The guide builds on this, includes helpful real-life examples, and is organized into a user-friendly resource covering risk management, the third-party relationship life cycle, and governance. Highlights include:

  • Framework and Scope: The guide outlines a risk-based approach to managing all stages of third-party relationships, from planning and due diligence to contract negotiation, ongoing monitoring, and termination. This is meant to ensure that activities conducted through third-parties are managed in a safe and compliant manner.
  • Operational and Managerial Standards: The guide emphasizes that while banks can outsource activities to third-parties, they cannot outsource their responsibilities. Banks must ensure that third-party activities are conducted in line with operational and managerial standards.
  • Information Security Standards: The guide stresses the importance of protecting the security, confidentiality, and integrity of customer information, and encourages banks to also explore the FDIC’s third-party relationship resource page

While the new guide is not a checklist and does not create any compliance safe harbors, it is a very useful resource for community banks. Third-party risk management programs and policies can still be daunting, and FoxPointe Solutions is happy to answer any questions you may have or provide you with additional information.

Share on LinkedIn
Share on Facebook
Share on X

Written By

Related Services