This week, U.S regulators published new third-party risk management guidance for banks. The guidance was an interagency product from the Federal Reserve Board (FRB) of Governors, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
The new guidance is designed to update the agencies’ 2021 Interagency Guidance on Third-Party Relationships: Risk Management. It is intended to provide best practice standards to help banks manage third-party risks. According to a statement from the FDIC, the updated guidance replaces the three agencies’ prior guidance.
No new third-party risk management requirements
The regulators said that the purpose of the document is to provide greater clarity and consistency for the industry. As a result, they assert that there are no new requirements for affected financial institutions. Instead, the guide offers updated standards and practices banks can rely on as they manage risks associated with third-party relationships.
According to the guide, the agencies are emphasizing a principles-based approach to risk-management. That approach is designed to encourage banks to assess risk based on each relationship’s unique situation. Referencing this flexibility, the guide notes:
“[A]s part of sound risk management, it is the responsibility of each banking organization to analyze the risks associated with each third-party relationship and to calibrate its risk management processes, commensurate with the banking organization’s size, complexity, and risk profile and with the nature of its third-party relationships.”
Notably, regulators encouraged banks to do their due diligence for each third-party relationship. That includes assessing those firms’ strategies, ownership structure, and other relevant concerns. In addition, banks are advised to perform monitoring of those third parties on a consistent and ongoing basis.
Interestingly, one Fed member and one FDIC board member opposed the new advice. The two dissenters cited alleged ambiguity and an increased burden for smaller banks. However, one trade group, the Financial Technology Association welcomed the third-party risk management guide.