Third parties can help financial institutions attain
strategic objectives, access expertise, or improve
efficiency for a particular activity. The use of third parties does
not diminish the responsibility to ensure that the activity is conducted
in a safe-and-sound manner.
Laws and Regulations
Key laws and regulations that pertain to FDIC-supervised institutions; note that other laws
and regulations also may apply depending on the nature of the third-party relationship.
Appendix A to Part 364 — Interagency Guidelines
Establishing Standards for Safety and Soundness
(ecfr.gov) provide operational and managerial standards for safety and
soundness, and institutions should ensure that third-party
relationships are managed consistent with these standards
Appendix B to Part 364 — Interagency Guidelines
Establishing Information Security Standards
(ecfr.gov) address administrative,
technical, and physical safeguards to protect the security,
confidentiality, and integrity of customer information
Frequently asked questions, advisories, statements of policy, and
other information issued by the FDIC alone, or on an interagency
basis, provided to promote safe-and-sound operations.
Interagency Guidance on Third-Party Relationships: Risk Management
provides sound principles that support a risk-based approach to third-party risk management that banking organizations may consider when developing and implementing risk management practices for all stages in the life cycle of third-party relationships.
Statement Concerning the Responsibilities of Bank Directors and Officers (FIL-87-92)
addresses duties of loyalty and care owed to shareholders,
depositors, and other creditors of the bank
Section VII. Unfair and Deceptive Practices - Third-Party
of the Consumer Compliance Examination Manual provides a framework
for an effective compliance management system when considering
Supplemental information related to safe-and-sound
FDIC's Supervisory Insights — Special Corporate Governance
- PDF discusses key governance concepts, roles, and responsibilities of
directors and senior management
BSA/AML Resource Page
Information Technology Resource Page
provide relevant information useful to manage third-party
relationships if the activities are subject to BSA/AML regulations
or relate to IT
- The Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks - PDF is intended to help community banks in conducting due diligence when considering relationships with fintech companies.