Banking Regulators Reach Consensus on Third-Party Risk Guidance

On June 6, 2023, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board of Governors of the Federal Reserve System (FRB) issued long-awaited Interagency Guidance on Third-Party Relationships Risk Management (Guidance).  Prior to this issuance, each regulatory agency maintained its own Guidance.  The new Guidance promotes consistency in supervisory approaches and supersedes all previous Guidance by these regulators.

The following summarizes the key takeaways from the new Guidance. The full text can be found here. 

  • The Guidance outlines principles that should be considered when developing and executing a risk management program for all stages in the life cycle of third-party relationships.
  • The Guidance addresses, defines and applies to all business arrangements between any banking organization (i.e., banks, savings associations, holding companies and certain U.S. facilities of foreign banks) and another entity, by contract or otherwise.
  • One size does not fit all.  The agencies are clear that the Guidance applies to “all” third-party relationships but recognizes your program should be adapted to the types and level of risks, the size and complexity of your bank, the nature of your third-party relationships, and the activities they perform.  For example, when third-party relationships support higher-risk activities, including those deemed “critical”, more comprehensive, and rigorous oversight and management of the relationship is warranted.  Critical activities include but are not limited to those that:
    • Cause a bank to face significant risk if the third party fails to meet expectations.
    • Are customer-facing and/or could have significant customer impact or harm.
    • Have a significant impact on the bank’s financial condition or operations.
  • The risk profile of your banking organization, including activities performed by third parties, should be continuously monitored to ensure your program remains commensurate with material changes.
  • The Guidance defines and describes risk-based principles and typical factors and activities to perform for managing third-party relationship risks associated with each stage of a continuous life cycle comprised of the following stages.
    • Planning
    • Due diligence and third-party selection
    • Contract negotiation
    • Ongoing monitoring
    • Termination
  • The agencies actively monitor trends and developments in the financial services industry and will consider issuing additional guidance or educational resources (e.g., FAQs) as necessary. The agencies also plan to develop additional resources to assist smaller, non-complex community banking organizations in managing third-party risk.
  • The Guidance emphasizes that the use of third parties does not diminish or remove a bank’s responsibilities to ensure the activities are performed in a safe and sound manner and in compliance with laws and regulations.

Third-party risk has been, is and will be, a significant risk to the banking industry. Understanding and effectively managing this risk will be critical to banks’ future success.  HORNE has the resources and expertise to help you as you work through this evolving risk.



More Insights

Demystifying OSHA Inspections and Enhancing Workplace Safety

Are you confident that your team is prepared for an OSHA site visit? If the answer is no, or if you want to be more prepared, then join us as we...


Market Dislocations: Bid-Ask Spread and Risk Premium in Healthcare

We have been hearing about a “bid-ask spread” issue in the lower middle market healthcare space for a significant time, and I wanted to discuss...


HORNE’s Board of Directors Announces New CFO

HORNE’s Board of Directors recently appointed Kennon Breaux as the firm’s chief financial...


HORNE Board of Directors Announces New Director of AI and Innovation

HORNE’s Board of Directors recently appointed Naveen Khan as the director of AI and Innovation for HORNE’s Intelligence and Automation...


Section 3 in Federal Programs

If you represent an organization that regularly receives Federal funds, you are probably familiar with requirements relating to Federal Labor...


Compliance with Federal Environmental Review Requirements

Did you know that every Federally-funded project must undergo an environmental review before any funds can be spent, or even committed to a project?...


Talk to an expert today.