Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter
Third-Party Risk Management, A Guide for Community Banks

The Federal Deposit Insurance Corporation (FDIC), along with the Board of Governors of the Federal Reserve System and the Office of the Comptroller of the Currency, are issuing the Third-Party Risk Management, A Guide for Community Banks (Guide), as a resource to help community banks in developing and implementing their third-party risk management programs, policies, and practices. 

Statement of Applicability: This Financial Institution Letter (FIL) applies to all FDIC-supervised financial institutions.

Key Details:

  • Community banks engage with third parties to help the banks compete in and respond to an evolving financial services landscape.  Third-party relationships can offer community banks access to new technologies, risk management tools, human capital, delivery channels, products, services, and markets.
  • A community bank’s reliance on third parties, however, reduces its direct operational control over activities and may introduce new risks or increase existing risks, including but not limited to, operational, compliance, financial, and strategic risks.
  • A community bank’s use of third parties does not diminish or remove a bank’s  responsibility to perform all activities in a safe and sound manner, in compliance with applicable laws and regulations, including those related to consumer protection and security of customer information.
  • This Guide is intended as a resource for community banks to consider when developing third-party risk management programs, policies, and practices by providing potential considerations and examples for each stage of the third-party risk management life cycle. The Guide is not a substitute for the Interagency Guidance on Third-Party Relationships: Risk Management
  • This Guide is not a checklist and does not prescribe specific risk management practices or establish any safe harbors for compliance with laws or regulations. 
Related Topics
Third-Party Relationships
Last Updated: May 3, 2024