Banking Regulators Reach Consensus on Third-Party Risk Guidance

On June 6, 2023, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board of Governors of the Federal Reserve System (FRB) issued long-awaited Interagency Guidance on Third-Party Relationships Risk Management (Guidance).  Prior to this issuance, each regulatory agency maintained its own Guidance.  The new Guidance promotes consistency in supervisory approaches and supersedes all previous Guidance by these regulators.

The following summarizes the key takeaways from the new Guidance. The full text can be found here. 

  • The Guidance outlines principles that should be considered when developing and executing a risk management program for all stages in the life cycle of third-party relationships.
  • The Guidance addresses, defines and applies to all business arrangements between any banking organization (i.e., banks, savings associations, holding companies and certain U.S. facilities of foreign banks) and another entity, by contract or otherwise.
  • One size does not fit all.  The agencies are clear that the Guidance applies to “all” third-party relationships but recognizes your program should be adapted to the types and level of risks, the size and complexity of your bank, the nature of your third-party relationships, and the activities they perform.  For example, when third-party relationships support higher-risk activities, including those deemed “critical”, more comprehensive, and rigorous oversight and management of the relationship is warranted.  Critical activities include but are not limited to those that:
    • Cause a bank to face significant risk if the third party fails to meet expectations.
    • Are customer-facing and/or could have significant customer impact or harm.
    • Have a significant impact on the bank’s financial condition or operations.
  • The risk profile of your banking organization, including activities performed by third parties, should be continuously monitored to ensure your program remains commensurate with material changes.
  • The Guidance defines and describes risk-based principles and typical factors and activities to perform for managing third-party relationship risks associated with each stage of a continuous life cycle comprised of the following stages.
    • Planning
    • Due diligence and third-party selection
    • Contract negotiation
    • Ongoing monitoring
    • Termination
  • The agencies actively monitor trends and developments in the financial services industry and will consider issuing additional guidance or educational resources (e.g., FAQs) as necessary. The agencies also plan to develop additional resources to assist smaller, non-complex community banking organizations in managing third-party risk.
  • The Guidance emphasizes that the use of third parties does not diminish or remove a bank’s responsibilities to ensure the activities are performed in a safe and sound manner and in compliance with laws and regulations.

Third-party risk has been, is and will be, a significant risk to the banking industry. Understanding and effectively managing this risk will be critical to banks’ future success.  HORNE has the resources and expertise to help you as you work through this evolving risk.



More Insights

The Secret to Having Hard Conversations

Many leaders approach hard conversations the wrong way. The two most common mistakes we see are (1) allowing your emotions to set the tone and (2)...


Want to keep employees? Have “stay conversations”

Recently we helped a family-owned general contractor re-engage two key employees. One was a supervisor whose future was in question as a large job...


IRS Places Moratorium on the Processing of New ERC Filings

If you’re looking to file an Employee Retention Credit claim with the IRS, please note that there is a hold on processing of all new ERC filings...


What do the latest Davis-Bacon Act revisions mean to you?

Passed in 1931, the Davis–Bacon Act established requirements for paying local prevailing wages on public works projects for laborers and mechanics....


HORNE Board of Directors admits Monique Mahan as a director

Monique Mahan was admitted as a tax director, joining HORNE’s Public and Middle Market group, effective August...


HORNE Board of Directors admits new director

Lori Crocker, who serves in HORNE’s Healthcare group, was recently promoted to director, effective September...


Talk to an expert today.