Banking Regulators Reach Consensus on Third-Party Risk Guidance

On June 6, 2023, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board of Governors of the Federal Reserve System (FRB) issued long-awaited Interagency Guidance on Third-Party Relationships Risk Management (Guidance).  Prior to this issuance, each regulatory agency maintained its own Guidance.  The new Guidance promotes consistency in supervisory approaches and supersedes all previous Guidance by these regulators.

The following summarizes the key takeaways from the new Guidance. The full text can be found here. 

  • The Guidance outlines principles that should be considered when developing and executing a risk management program for all stages in the life cycle of third-party relationships.
  • The Guidance addresses, defines and applies to all business arrangements between any banking organization (i.e., banks, savings associations, holding companies and certain U.S. facilities of foreign banks) and another entity, by contract or otherwise.
  • One size does not fit all.  The agencies are clear that the Guidance applies to “all” third-party relationships but recognizes your program should be adapted to the types and level of risks, the size and complexity of your bank, the nature of your third-party relationships, and the activities they perform.  For example, when third-party relationships support higher-risk activities, including those deemed “critical”, more comprehensive, and rigorous oversight and management of the relationship is warranted.  Critical activities include but are not limited to those that:
    • Cause a bank to face significant risk if the third party fails to meet expectations.
    • Are customer-facing and/or could have significant customer impact or harm.
    • Have a significant impact on the bank’s financial condition or operations.
  • The risk profile of your banking organization, including activities performed by third parties, should be continuously monitored to ensure your program remains commensurate with material changes.
  • The Guidance defines and describes risk-based principles and typical factors and activities to perform for managing third-party relationship risks associated with each stage of a continuous life cycle comprised of the following stages.
    • Planning
    • Due diligence and third-party selection
    • Contract negotiation
    • Ongoing monitoring
    • Termination
  • The agencies actively monitor trends and developments in the financial services industry and will consider issuing additional guidance or educational resources (e.g., FAQs) as necessary. The agencies also plan to develop additional resources to assist smaller, non-complex community banking organizations in managing third-party risk.
  • The Guidance emphasizes that the use of third parties does not diminish or remove a bank’s responsibilities to ensure the activities are performed in a safe and sound manner and in compliance with laws and regulations.

Third-party risk has been, is and will be, a significant risk to the banking industry. Understanding and effectively managing this risk will be critical to banks’ future success.  HORNE has the resources and expertise to help you as you work through this evolving risk.

READ MORE OF OUR LATEST INSIGHTS

SEE AROUND CORNERS.
INDUSTRY EXPERTISE DELIVERED.

More Insights

The House of Medicaid Rests on Five Pillars

Medicaid, along with all forms of health insurance products, can be organized and visualized according to the following five pillars: eligbility,...

READ MORE

The Importance of Multi-Factor Authentication (MFA) for Your Business

In today’s digital environment, protecting sensitive data and accounts from unauthorized access is crucial. Multi-factor authentication (MFA) is...

READ MORE

Solving the Medicaid Side of the Rubik’s Cube of the Health Insurance System

As the U.S. House of Representatives returns from its District Work Period, its top priority will be to assemble its budget reconciliation package....

READ MORE

“Build Up Mississippi Act”: Tax Changes on the Horizon

On March 27, 2025, Mississippi Governor Tate Reeves signed House Bill 1, the "Build Up Mississippi Act,” to incentivize taxpayers to stay in or...

READ MORE

Cracking the Generational Code

If there’s one thing I’ve learned in my years of working with leaders across industries, it’s this: the ability to manage a multigenerational...

READ MORE

Is Your Business Running at Peak Performance?

I work daily with construction companies, tackling their most significant workforce and business challenges. I know how easy it is to get caught up...

READ MORE

Talk to an expert today.