The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) are seeking comment on proposed guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework of sound risk management principles to assist banking organizations in managing third-party relationships, and promotes compliance with all applicable laws and regulations, including those related to consumer protection. The proposed guidance takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. The proposed guidance would replace each agency’s existing guidance on this topic and would be directed to all banking organizations supervised by the agencies.
A copy of the Guidance can be found on the FDIC’s website.
Statement of Applicability: This Financial Institution Letter applies to all FDIC-supervised institutions.
- The agencies are publishing for comment proposed guidance on managing risks associated with third-party relationships.
- The proposed guidance offers a framework based on sound risk management principles for banking organizations to consider in developing risk management practices throughout the life cycle of third-party relationships, including planning to manage the relationship and its risks, due diligence and third-party selection, contract negotiation, oversight and accountability, ongoing monitoring, and termination.
- The proposed guidance also offers a framework that takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship, and promotes compliance with applicable laws and regulations, including those related to consumer protection.
- The proposed guidance also discusses supervisory reviews of third-party relationships.
- After consideration of the comments received and the guidance is adopted by the Agencies in final form, the guidance would replace the FDIC’s Guidance for Managing Third-Party Risk and the FDIC would rescind FIL 44-2008 (June 6, 2008).
- Comments will be accepted for 60 days after publication in the Federal Register.
Board of Directors
Chief Executive Officer
Chief Financial Officer
Chief Risk Officer
Chief Compliance Officer
Guidance for Managing Third-Party Risk
Part 364 -Standards for Safety and Soundness