Banking and Finance Law Daily OCC supplements exam procedures for third party relationship risk management
Wednesday, January 25, 2017

OCC supplements exam procedures for third party relationship risk management

By Richard A. Roth, J.D.

The Office of the Comptroller of the Currency has supplemented its 2013 guidance on managing the risk from third-party relationships with newly-issued examination procedures. According to the OCC, the exam procedures will promote consistency in national bank and federal savings association examinations (OCC 2017-7).

The guidance was adopted in 2013 to respond to financial institutions’ increased use of third parties to perform functions related to taxes, legal issues, audits, and information technology. It directed banks and thrifts to have appropriate risk management processes that include:

  • a plan that outlines the bank’s strategy, identifies the inherent risks, and details how the bank will select, assess, and oversee the third party;
  • due diligence to identify risks and select a third-party provider;
  • written contracts that clearly outline the rights and responsibilities of all parties;
  • monitoring of the third party’s activities and performance;
  • a plan to terminate the relationship, if or when necessary;
  • clear roles and responsibilities for overseeing and managing the relationships and the risk management process;
  • documentation and reporting that facilitates oversight, accountability, monitoring, and risk management; and
  • independent reviews of the risk management process to be sure the process aligns with the institution’s strategy and effectively manages risks (see Banking and Finance Law Daily, Oct. 31, 2013).

Exam procedures. The examination procedures make clear that examiners should perform only those steps that are called for by the scope of the examination. "Seldom will every objective or step of the expanded procedures be necessary," they note.

In general, the procedures call for the consideration of both the quantity and quality of the risk faced by the institution. The goal is an effective risk management process that covers the life cycle of the relationship with the third party.

MainStory: TopStory BankingOperations

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More