Proposed Interagency Guidance on Third-Party Risk Management

Roughly a month ago the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), and Federal Deposit Insurance Corporation (FDIC) jointly proposed guidance on Third Party Risk Management that is intended to supersede the existing guidance of each agency.

The proposed interagency guidance is an effort to harmonize and modernize Third Party Risk Management (TPRM) guidance amongst three of the federal banking agencies. The National Credit Union Administration (NCUA) is excluded from this guidance. The OCC's 2013 guidance is being used as the baseline for the updates.

The public has until September 17, 2021, to provide commentary to the proposed guidance. This is a generational opportunity for industry leaders to help add value to the guidance. The existing guidelines are available to view below.

OCC Bulletin 2013-29

Board's Guidance on Managing Outsourcing Risk (2013)

FDIC's Guidance for Managing Third-Party Risk (2008)

The official communication from the Board, the FDIC and the OCC can be viewed at

We are paying particular attention to the handling/inclusion of the 2020 FAQs, Information Security Considerations and whether more specific guidance is provided on the data element sensitivity and how that equates to commensurate assurance.

About Schneider Downs Third-Party Risk Management

Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights. For more information or to get started contact us or visit us online at

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
The Top Ten Most Common SOC 2 Exceptions
Proposed Interagency Guidance on Third-Party Risk Management
What Financial Institutions Need to Know About R-SAT
Operationalizing a Third-Party Risk Management Program in Higher Education
Third Party Risk Management IT Tools Are Not A Fix-All Solution
Top Ten Technology Risks for 2021
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.