OCC publishes FAQs supplementing guidance on risks of third-party relationships

March 5, 2020 OCC 0

An extensive set of frequently asked questions (with answers) regarding banks’ relationships with third-party providers was issued Thursday by the Office of the Comptroller of the Currency (OCC) to supplement guidance going back to 2013.

The supplement is provided in OCC Bulletin 2020-10 and supplements Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued Oct. 30, 2013. “These FAQs are intended to clarify the OCC’s existing guidance and reflect evolving industry trends,” the bulletin states.

The new bulletin rescinds OCC Bulletin 2017-21, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29,” issued on June 7, 2017. The FAQs from OCC Bulletin 2017-21 have been incorporated unchanged into this new bulletin, except for question No. 24, which was updated to reflect current American Institute of Certified Public Accountants (AICPA) Service Organization Control report information, it said.

Topics in the new FAQs include:

the terms “third-party relationship” and “business arrangement”;
when cloud computing providers are in a third-party relationship with a bank;
when data aggregators are in a third-party relationship with a bank;
risk management when the bank has limited negotiating power in contractual arrangements;
critical activities and how a bank can determine the risks associated with third-party relationships;
bank management’s responsibilities regarding a third party’s subcontractors;
reliance on and use of third party-provided reports, certificates of compliance, and independent audits;
risk management when third party has limited ability to provide the same level of due diligence-related information as larger or more established third parties;
risk management when using a third-party model or when using a third party to assist with model risk management;
use of third-party assessment services in managing third-party relationship risks;
a board’s approval of contracts;
risk management when obtaining alternative data from a third party.

OCC Bulletin 2020-10

FDIC Board to meet Thursday on deposit insurance fund restoration, Change in Bank Control Act

April 23, 2024 0

An update on the agency’s Deposit Insurance Fund (DIF) restoration plan and proposals related to the Change in Bank Control Act are the two discussion items on tap for Thursday’s open meeting of the Federal Deposit Insurance Corp. (FDIC) Board, [...]
CFPB taking comments for 30 days on last week’s nonbank designation rule

April 23, 2024 0

A revised procedural rule on how the consumer financial protection agency designates nonbanks for supervision is in effect now, according to a notice in Tuesday’s Federal Register, and comments from the public will be accepted until May 23. The Consumer [...]
Comments due June 18 on FDIC bank merger policy statement

April 22, 2024 0

Public comments on the federal bank deposit insuring agency’s proposed statement of policy on bank merger transactions are due June 18, according to a notice in Friday’s Federal Register. The proposed statement, issued March 21 by the Federal Deposit Insurance [...]
Nagging inflation pressures, leading to tight money, cited as biggest risk ahead for financial stability

April 22, 2024 0

Persistent inflationary pressures leading to a more restrictive than expected monetary policy stance is the most frequently cited risk to financial stability by researchers, academics and market participants, according to a report issued late Friday by the Federal Reserve. Other [...]

Related