- Aravo for
- Aravo Ecosystem
- About Us
- Request Demo
Banks – whether or not they are regulated by the OCC – should review their own approach to third-party risk in light of this new guidance, and begin to implement people, processes, and technology systems accordingly. It’s clear that regulators are broadening and deepening their understanding of the risks posed by third-party relationships, and so financial institutions will need to as well.
Financial services regulators look to be raising the intensity of their gaze on third-party relationships again. At the end of January 2017, the US Office of the Comptroller of the Currency issued Supplemental Examination Procedures for Third Party Relationships. This new release – others from other regulators will certainly follow – will challenge the financial services industry to raise its game when it comes to managing third-party relationships and risk in the coming months.
This document is more than just an update – it sets new, higher expectations for the banks that the OCC regulates, around the management of third-party relationship risks. The previous OCC document on the topic, “Risk Management Guidance” was issued in 2013 and took a more tactical approach, reflecting the way banks were approaching these relationships. In that document, each third party relationship was to be put into the context of a “risk management life cycle.” (see page 2-3 for an overview of the 2013 release).
In the new, 2017 document, it’s clear the OCC expects banks to take a much more strategic approach to manage third-party relationships and third-party risk. It expects the financial institutions it supervises to: