Aravo Pattern - Header

Third-Party Risk Management Guidance, Regulations & Standards

In the world of third-party risk management, organizations need to navigate a complex and expanding web of guidance, standards and regulations. Here, you can explore an overview of major industry standards and regulations that can help you ensure third-party compliance and build a more resilient business.

Regulators have made clear that third parties should attest to and align to your compliance, ethics, and risk management standards and obligations. Aravo enables customers to easily capture, update, manage and retain third party attestations and certifications with these regulations and other ethics and compliance standards. 

Financial Services

 Federal Deposit Insurance Corporation, USA

FDIC Clarifying Supervisory Approach to Institutions Establishing Account Relationships with Third-Party Payment Processor / FIL-41-2014

The FDIC issued a clarification in 2014 regarding its supervisory approach to institutions establishing account relationships with third-party payment processors (TPPPs). The FDIC stated that as part of its regular safety and soundness examination activities, it reviews and assesses the extent to which institutions having account relationships with TPPPs follow the outstanding guidance.

“The focus of the FDIC’s supervisory approach to institutions establishing account relationships with TPPPs is to ensure institutions have adequate procedures for conducting due diligence, underwriting, and ongoing monitoring of these relationships. When an institution is following the outstanding guidance, it will not be criticized for establishing and maintaining relationships with TPPPs. It is the FDIC’s policy that insured institutions that properly manage customer relationships are neither prohibited nor discouraged from providing services to any customer operating in compliance with applicable law.”

Interagency Guidance on Third-Party Relationships: Risk Management / FIL-29-2023

On June 6, 2023, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued final guidance on managing risks associated with third-party relationships. The guidance provides principles that support a risk-based approach to third-party risk management for all stages in the life cycle of third-party relationships.

“Responsibilities to ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations, including but not limited to those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive or abusive acts or practices) and those addressing financial crimes.” (Page 1)

“Regardless of a banking organization’s approach, a key element is to ensure that the banking organization’s risk management processes for third-party relationships are commensurate with the level of risk and complexity of its third-party relationships.” (Page 7)

Payment Processor Relationships Revised Guidance / FIL-3-2012

The Federal Deposit Insurance Corporation (FDIC) issued a revised guidance in 2012, addressing potential risks associated with relationships with third-party entities that process payments for telemarketers, online businesses, and other merchants. The guidance emphasizes that these relationships can pose increased risk to institutions and require careful due diligence and monitoring.

“Financial institutions should ensure that their contractual agreements with payment processors provide them with access to necessary information in a timely manner. These agreements should also protect financial institutions by providing for immediate account closure, contract termination, or similar action, as well as establishing adequate reserve requirements to cover anticipated charge backs.”

Technology Outsourcing: Informational Tools for Community Bankers / FIL-13-2014

On April 7, 2014, the FDIC re-issued three documents related to technology outsourcing as an informational resource for community banks. These documents provide insights on how to select service providers, draft contract terms, and oversee multiple service providers when outsourcing for technology products and services.

“Fintech partnerships can enhance a bank’s capacity to serve its customers, improve operational efficiencies, and keep pace with technological innovation. However, these partnerships also present unique challenges and risks, particularly for community banks.”

“Clear definitions of accountability are important to ensure that both the bank and the service provider understand their roles and responsibilities for each service level requirement. Incentives and penalties can play a key role in establishing accountability.”

The information contained on this page is for reference and informational purposes only.  As such, Aravo expressly disclaims any and all legal and professional liability associated with the content and any suggestions and/or recommendations provided therewith.

Our Expertise
Who We Help

Learn More About Our Partners

Interested in partnering with Aravo?