US Agencies Propose Guidance for Managing Third-Party Risks
US Agencies proposed guidance to help banking organizations manage risks associated with third-party relationships, including relationships with cloud service providers. The US Agencies that proposed this guidance are the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FED), and the Office of the Comptroller of the Currency (OCC). The proposed guidance, which would replace each agency’s existing guidance on this topic, is open for comments for 60 days within its publication in the Federal Register.
The proposed guidance considers the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. It describes third-party relationships as business arrangements between a banking organization and another entity, by contract or otherwise. The proposed guidance emphasizes that a banking organization’s use of third parties does not diminish its responsibility to perform an activity in a safe and sound manner and in compliance with applicable laws and regulations. The proposed guidance also discusses supervisory reviews of third-party relationships and is intended for all third-party relationships; it is especially important for relationships that a banking organization relies on to a significant extent, relationships that entail greater risk and complexity, and relationships that involve critical activities as described in the proposed guidance. The proposed guidance describes the third-party risk management life cycle and identifies principles applicable to each stage of the life cycle, including:
- Developing a plan that outlines the banking organization’s strategy, identifies the inherent risks of the activity with the third party, and details how the banking organization will identify, assess, select, and oversee the third party
- Performing proper due diligence in selecting a third party
- Negotiating written contracts that articulate the rights and responsibilities of all parties
- Having the board of directors and management oversee the banking organization’s risk management processes, maintaining documentation and reporting for oversight accountability, and engaging in independent reviews
- Conducting ongoing monitoring of the third party’s activities and performance
- Developing contingency plans for terminating the relationship in an effective manner
Related Links
Comment Due Date: FR + 60 Days
Keywords: Americas, US, Banking, Fintech, Regtech, Third-Party Risk, Guidance, Cloud Computing, Third-Party Service Providers, US Agencies
Previous Article
UK Agencies Examine Financial Stability OutlookRelated Articles
EBA Updates Filing Rules for Supervisory Reporting
The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
EBA Publishes Standards on Disclosure of Investment Policy Under IFR
The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).
APRA Finalizes Guidance for New Prudential Standard on Remuneration
The Australian Prudential Regulation Authority (APRA) published the prudential practice guide CPG 511 to assist banks, insurers, and superannuation licensees in meeting requirements of CPS 511, the new prudential standard on remuneration.
OCC Updated LIBOR Self-Assessment Tool for Banks
The Office of the Comptroller of the Currency (OCC) published a bulletin that provides an updated self-assessment tool for banks to evaluate their preparedness for cessation of the London Interbank Offered Rate (LIBOR).
TCFD Updates Guidance for Financial Disclosures on Climate Risk
The Financial Stability Board (FSB) published a report that examines the progress made toward disclosures aligned with recommendations of the Task Force on Climate-related Financial Disclosures (TCFD).
BCBS Report Examines Progress on Adoption of Basel III Framework
The Basel Committee on Banking Supervision (BCBS) published the progress report on adoption of the Basel III regulatory framework in member jurisdictions.
ACPR Implements Updates Related to DPM Version 3.1
The French Prudential Supervisory Authority (ACPR) has implemented, in its information system, updates linked to the Data Point Model (DPM) version 3.1.
EBA Note Examines Transition Risks of Benchmark Rates
The European Banking Authority (EBA) published a thematic note that aims to identify and raise awareness of the transition risks of benchmark rates, as the London Interbank Offered Rate (LIBOR) and the Euro Overnight Index Average (EONIA) are close to being phased out.
