July 24, 2021

Volume XI, Number 205


July 23, 2021

Subscribe to Latest Legal News and Analysis

July 22, 2021

Subscribe to Latest Legal News and Analysis

July 21, 2021

Subscribe to Latest Legal News and Analysis

Federal Agencies Request Comments on Risk Management Guidance for Third-Party Relationships

On July 13, the Federal Reserve, FDIC, and OCC proposed risk management guidance to help banking organizations manage risks related to third-party relationships, including relationships with vendors, FinTech companies, affiliates, and the banking organizations’ holding companies.  The proposal is based on existing but disparate third-party risk management guidance from the three prudential regulators, and is intended to promote consistency across the banking agencies.  If finalized, it will replace the guidance that each agency has released independently.

The proposal addresses key components of third-party risk management, including:

  • Planning. Identify the banking organization’s strategy, risks associated with the business arrangement, how to select, assess, and oversee the third party.

  • Due Diligence and Third-Party Selection. Assess a third party’s ability to follow policies, comply with applicable laws, regulations, and operate in a safe and sound manner.

  • Contract Negotiation. Negotiate a contract that clearly specifies the rights and responsibilities of each party to the contract.

  • Oversight and Accountability. Supervise risk management procedures, maintain records and reporting for oversight accountability, and conduct independent reviews.

  • Ongoing Monitoring. Monitor third-party activities and performance on an ongoing basis; and

  • Terminate relationships in an efficient manner and consider all contingencies as a result of the termination.

Comments on the proposed guidance must be received within 60 days of its publication in the Federal Register.

Putting it Into Practice:  While third-party risk management has been a focus of bank examinations for decades, prudential regulators are unifying their efforts as banks continue to partner with companies to help with core bank processing, accounting, compliance, human resources, and loan servicing.  Even though the proposed single interagency framework is based largely on the OCC Guidance (See OCC Bulletin 2013-29), banks and third-parties should review the proposed guidance with an eye towards past enforcement actions as a guide to where the prudential regulators will focus their supervision.

Financial institutions and nonbanks that fall under the supervision of the CFPB should also recall the Bureau’s guidance (See CFPB Compliance Bulletin and Policy Guidance 2016-02), which lays out steps to ensure that business arrangements with service providers do not present unwarranted risks to consumers.  Like the prudential regulators, supervised entities should be aware that the CFPB has supervisory and enforcement authority over service providers, which includes authority to examine the operations of service providers onsite.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 200

About this Author

A.J. S. Dhaliwal Bankruptcy Attorney Sheppard Mullin Washington DC

A.J. is an associate in the Finance and Bankruptcy Practice Group in the firm's Washington, D.C. office. 

A.J. has over a decade of experience helping banks, non-bank financial institutions, and other companies providing financial products and services in a wide range of matters including government enforcement actions, civil litigation, regulatory examinations, and internal investigations.

With a diversified regulatory, compliance, and enforcement background, A.J. counsels financial institutions in matters involving...

Moorari Shah Bankruptcy Lawyer Sheppard Mullin Law Firm

Moorari Shah is a partner in the Finance and Bankruptcy Practice Group in the firm's Los Angeles and San Francisco offices. 

Areas of Practice

Moorari combines deep in-house and law firm experience to deliver practical, business-minded legal advice. He represents banks, fintechs, mortgage companies, auto lenders, and other nonbank institutions in transactional, licensing, regulatory compliance, and government enforcement matters covering mergers and acquisitions, consumer and commercial lending, equipment finance and leasing, and supervisory examinations,...