News Updates by Bradley Martin


The OCC 3rd Party Relationship Guidance

On October 30, 2013 the Office of the Comptroller of the Currency (OCC) released new guidance regarding third party relationships and outlined firm guidance regarding the risk management of these third parties.  The bulletin rescinds the 12 year old 2001-47 bulletin, which most FI Vendor Management Organizations (VMO) credit as the foundation and creation of their department.  This is a significant update and every FI should be watching for the FRB and/or FDIC reaction, as it will likely light a fire under most VMO teams.

Prior to November 2001 most FIs did not have a vendor management group/person.  Contracts and 3rd party relationships were typically managed by the business units with the support of legal.  Simply put 3rd party risk was not a focus.  

The new guidance specifically addresses areas the OCC felt banks were not properly addressing “the risks and direct and indirect costs involved in third-party relationships.”  The OCC outlined concerns of inadequate due diligence and ongoing monitoring, explicitly calling out failures, such as not properly reviewing the “third party’s risk management practices.”   The OCC continued to be heavily critical of bank’s contracting practices which “incentivize a third party to take risks that are detrimental to the bank or its customers, in order to maximize the third party’s revenues.”   And they also raised concerns about banks not having a formal contract in place, relying on informal agreements with third-parties. 

Overall the OCC’s guidance puts a strong framework forward, replacing the general guidance they provided 12 years ago in OCC 2001-47.  
The new guidance outlines: 
  • Risk Management Life Cycle 
  • Planning
  • Due Diligence and Third-Party Selection
  • Contract Negotiations
  • Ongoing Monitoring 
  • Termination 
  • Oversight and Accountability
  • Documentation and Reporting
  • Independent Reviews
  • Supervisory Reviews of Third-Party Relationships
It is my expectation that the Federal Reserve Board (FRB) will be issuing something similar; if not specifically reference this OCC bulletin as a “Best Practice.”  Vendor Management Organizations should consider adopting this bulletin as their guidance, regardless of which Federal or State organization they are governed by.  The practices outlined are direct and do represent a best practice for any VMO.   One should review their current policy and procedures to determine if there are gaps. 




Page 1 ... 1 2 3 4