On October 30, 2013 the Office of the Comptroller of the Currency (OCC) released new guidance regarding third party relationships and outlined firm guidance regarding the risk management of these third parties.  The bulletin rescinds the 12 year old 2001-47 bulletin, which most FI Vendor Management Organizations (VMO) credit as the foundation and creation of their department.  This is a significant update and every FI should be watching for the FRB and/or FDIC reaction, as it will likely light a fire under most VMO teams.

Prior to November 2001 most FIs did not have a vendor management group/person.  Contracts and 3rd party relationships were typically managed by the business units with the support of legal.  Simply put 3rd party risk was not a focus.  

The new guidance specifically addresses areas the OCC felt banks were not properly addressing “the risks and direct and indirect costs involved in third-party relationships.”  The OCC outlined concerns of inadequate due diligence and ongoing monitoring, explicitly calling out failures, such as not properly reviewing the “third party’s risk management practices.”   The OCC continued to be heavily critical of bank’s contracting practices which “incentivize a third party to take risks that are detrimental to the bank or its customers, in order to maximize the third party’s revenues.”   And they also raised concerns about banks not having a formal contract in place, relying on informal agreements with third-parties. 

Update on Thursday, November 14, 2013 at 1:10PM by Bradley Martin

It is rumored the BITS Financial Roundtable will be hosting a disussion regarding the new bulletin on December 12, 2013.  As we learn more, I will post updates.