Third-Party Risk Management - Proposed Rulemaking

In July, the Federal Reserve Board, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency (collectively, “the agencies”) published “Proposed Interagency Guidance on Third-Party Relationships: Risk Management” (“Proposed Guidance”).

The Proposed Guidance emphasizes the importance of managing risks associated with third-party relationships, including an increased focus on relationships with fintechs and other technology providers. The comment period for this proposed rule is sixty days from the distribution date. While the Proposed Guidance likely will change based on comments received, it provides important insight into current supervisory thinking and what the agencies are looking for at banking institutions, particularly those with significant third-party relationships.

This alert discusses how a banking organization can manage its third-party relationship and associated risks by looking at items typically considered, items to consider in contracts, and key considerations for third-party oversight of technology-based vendors.