Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Fed, OCC, and FDIC release third-party risk management report for community banks

Privacy, Cyber Risk & Data Security Third-Party Risk Management Communications Decency Act Bank Regulatory OCC Federal Reserve

Privacy, Cyber Risk & Data Security

On May 3, the Fed, OCC, and FDIC (the regulators) released a report to help community banks assess their third-party relationship risk exposure. The report discusses key considerations in three areas: risk management, third-party relationship life cycle, and governance. In addition, the regulators’ report contained an appendix with additional resources, such as FFIEC interagency guidance and CISA cybersecurity protocols. With respect to risk management, the report suggested community banks apply more rigorous risk-management practices for third parties that support critical bank activities, such as those that could have a significant customer impact or have a significant impact on the bank’s financial condition. In describing the third-party relationship life cycle, the report identified five key stages of the life cycle – planning, due diligence, contract negotiation, ongoing monitoring, and termination. With respect to governance, the report described three key pillars: oversight and accountability, independent review, and documentation and reporting.