Managing risks presented to community banks by third-party relationships – especially about development and implementation of management practices – is the aim of a guide issued jointly Friday by the federal banking agencies.
The guide, “Third-Party Risk Management – A Guide for Community Banks,” offers potential considerations, resources, and examples through each stage of the third-party relationship, the agencies said. However, they said in a joint release, while the guide “illustrates the principles discussed in the third-party risk management guidance issued by the agencies in June 2023, it is not a substitute for that guidance.”
The agencies acknowledged that community banks work with third parties to help the banks compete with other financial services providers and respond to change.
However, the agencies also said third-party relationships “present varied risks” that community banks must appropriately identify, assess, monitor, and control.
“Engaging a third party does not diminish or remove a bank’s responsibility to operate in a safe and sound manner and to comply with applicable legal and regulatory requirements, including consumer protection laws and regulations, just as if the bank were to perform the service or activity itself,” the guide states. “A community bank may engage an external party to conduct aspects of its third-party risk management. However, the bank cannot abrogate its responsibility to employ effective risk-management practices, including when using a third party to conduct third-party risk management on behalf of the bank.”