Download the PDF version of this article here.
Roughly a month ago the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), and Federal Deposit Insurance Corporation (FDIC) jointly proposed guidance on Third Party Risk Management that is intended to supersede the existing guidance of each agency.
The proposed interagency guidance is an effort to harmonize and modernize Third Party Risk Management (TPRM) guidance amongst three of the federal banking agencies. The National Credit Union Administration (NCUA) is excluded from this guidance. The OCC’s 2013 guidance is being used as the baseline for the updates.
The public has until September 17, 2021, to provide commentary to the proposed guidance. This is a generational opportunity for industry leaders to help add value to the guidance. The existing guidelines are available to view below.
- OCC Bulletin 2013-29: https://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html
- Board’s Guidance on Managing Outsourcing Risk (2013): https://www.dwt.com/-/media/files/blogs/financial-services-law-advisor/2021/07/fdic–guidance-on-managing-outsourcing-risk.pdf
- FDIC’s Guidance for Managing Third-Party Risk (2008): https://www.fdic.gov/news/financial-institution-letters/2008/fil08044a.html
The official communication from the Board, the FDIC and the OCC can be viewed at www.federalregister.gov/documents/2021/07/19/2021-15308/proposed-interagency-guidance-on-third-party-relationships-risk-management.
We are paying particular attention to the handling/inclusion of the 2020 FAQs, Information Security Considerations and whether more specific guidance is provided on the data element sensitivity and how that equates to commensurate assurance.
About Schneider Downs Third-Party Risk Management
Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights. For more information or to get started contact us or visit us online at www.schneiderdowns.com/third-party-risk-management.