US Agencies are extending, from September 17, 2021 to October 18, 2021, the comment period on the proposed guidance for the risk management of third-party relationships, including the relationships with financial technology entities. These US Agencies are the Board of Governors of the Federal Reserve System (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC). The comment period is being extended to allow interested persons more time to analyze the issues and prepare their comments. The proposed guidance is aimed to help banks identify and address the risks associated with third-party relationships and responds to industry feedback requesting alignment among the agencies with respect to third-party risk management guidance.
The proposed guidance considers the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. It describes third-party relationships as business arrangements between a banking organization and another entity, by contract or otherwise. The proposed guidance emphasizes that a banking organization’s use of third parties does not diminish its responsibility to perform an activity in a safe and sound manner and in compliance with applicable laws and regulations. The proposed guidance also discusses supervisory reviews of third-party relationships and is intended for all third-party relationships; it is especially important for relationships that a banking organization relies on to a significant extent, relationships that entail greater risk and complexity, and relationships that involve critical activities as described in the proposed guidance. The proposed guidance describes the third-party risk management life cycle and identifies principles applicable to each stage of the life cycle, including:
- Developing a plan that outlines the banking organization’s strategy, identifies the inherent risks of the activity with the third party, and details how the banking organization will identify, assess, select, and oversee the third party
- Performing proper due diligence in selecting a third party
- Negotiating written contracts that articulate the rights and responsibilities of all parties
- Having the board of directors and management oversee the banking organization’s risk management processes, maintaining documentation and reporting for oversight accountability, and engaging in independent reviews
- Conducting ongoing monitoring of the third party’s activities and performance
- Developing contingency plans for terminating the relationship in an effective manner
Comment Due Date: October 18, 2021
Keywords: Americas, US, Banking, Fintech, Third-Party Service Providers, Regtech, Guidance, Cloud Computing, Third-Party Risk, US Agencies
The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.
The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.
Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)
The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.
The Prudential Regulation Authority (PRA) issued a statement on PRA buffer adjustment while the Bank of England (BoE) published a notice on the statistical reporting requirements for banks.
The Federal Financial Supervisory Authority of Germany (BaFin) proposed to amend the “Capital Investment Conduct And Organization Ordinance” and issued a draft circular on the minimum resolvability requirements for resolution planning.
The European Banking Authority (EBA) proposed guidelines, for the resolution authorities, on the publication of the write-down and conversion and bail-in exchange mechanic, with the comment period ending on September 07, 2022.
The Financial Services Authority of Indonesia (OJK) is strengthening cooperation with the Australian Prudential Regulation Authority (APRA) and the Japanese Financial Services Agency (JFSA)
The European Parliament and the Council published Regulation 2022/868 on European data governance (Data Governance Act).
The European Banking Authority (EBA) published phase 2 of its reporting framework 3.2. The technical package supports the implementation of the updated reporting framework by providing standard specifications