August 23, 2021

Proposed Interagency Guidance on Third-Party Risk Management

Third Party Risk Management
by Bill Deller

Download the PDF version of this article here.

Roughly a month ago the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), and Federal Deposit Insurance Corporation (FDIC) jointly proposed guidance on Third Party Risk Management that is intended to supersede the existing guidance of each agency.

The proposed interagency guidance is an effort to harmonize and modernize Third Party Risk Management (TPRM) guidance amongst three of the federal banking agencies. The National Credit Union Administration (NCUA) is excluded from this guidance. The OCC's 2013 guidance is being used as the baseline for the updates.

The public has until September 17, 2021, to provide commentary to the proposed guidance. This is a generational opportunity for industry leaders to help add value to the guidance. The existing guidelines are available to view below.

OCC Bulletin 2013-29: https://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html
Board's Guidance on Managing Outsourcing Risk (2013): https://www.dwt.com/-/media/files/blogs/financial-services-law-advisor/2021/07/fdic--guidance-on-managing-outsourcing-risk.pdf
FDIC's Guidance for Managing Third-Party Risk (2008): https://www.fdic.gov/news/financial-institution-letters/2008/fil08044a.html

The official communication from the Board, the FDIC and the OCC can be viewed at www.federalregister.gov/documents/2021/07/19/2021-15308/proposed-interagency-guidance-on-third-party-relationships-risk-management.

We are paying particular attention to the handling/inclusion of the 2020 FAQs, Information Security Considerations and whether more specific guidance is provided on the data element sensitivity and how that equates to commensurate assurance.

About Schneider Downs Third-Party Risk Management

Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights. For more information or to get started contact us or visit us online at www.schneiderdowns.com/third-party-risk-management.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

our thoughts on

Third Party Risk Management, Wealth Management BY Sean McCann 10.12.2023

Dumb Money: An Honest Review of the Film Adaptation of the GameStop Short Squeeze

DOE Significantly Expands Definition of Third-Party Servicer in New Guidance to Higher Education Institutions

Shared Assessment SIG Questionnaire – What’s New for 2023?

The Top Ten Most Common SOC 2 Exceptions

Proposed Interagency Guidance on Third-Party Risk Management

What Financial Institutions Need to Know About R-SAT

most recent

8 Key Considerations When Reviewing User Access

Cybersecurity, IT Risk Advisory, Risk Advisory/Internal Audit

By Nathan Shepler | 4.19.2024

Learn about key considerations when reviewing user access. ...