Federal bank regulators seek comment on third party risk management guidance

The federal bank regulatory agencies are seeking public comment on proposed guidance to help banks manage risks associated with third-party relationships, including financial technology companies.

© Shutterstock

Banks that engage with third parties to provide products or services remain responsible for ensuring that such outsourced activities are conducted safely and soundly and comply with regulations.

In the past, each of the agencies — the Federal Reserve, Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation — issued risk management guidance on third-party relationships independently.

The new guidance seeks to promote consistency in third-party risk management guidance. The proposed guidance is based on the OCC’s existing third-party risk management guidance from 2013, which the staff determined provided the most current and comprehensive discussion of third-party risk management. The proposed guidance would offer a framework based on sound risk management principles for banks to consider in developing risk management practices for third-party relationships.

The proposal includes several questions to encourage broad public comment on utility, relevance, comprehensiveness, and clarity of the guidance for banks with different risk profiles and organizational structures.

Public comments must be received within 60 days of the proposed guidance’s publication in the Federal Register.