United States: OCC Releases Guidance On Third-Party Relationships

On October 30, the OCC issued updated risk management guidance for national banks and federal savings associations related to third-party relationships. The banks should:

• Develop a plan that outlines the bank's strategy, identifies the inherent risks of the activity and details how the bank will select, assess and oversee the third party;
• Perform proper due diligence to identify risks and select a third-party provider;
• Negotiate written contracts that clearly outline the rights and responsibilities of all parties;
• Conduct ongoing monitoring of the third party's activities and performance;
• Execute a plan to terminate the relationship in a manner that allows the bank to transition the activities to another third party, bring the activities in-house or discontinue the activities;
• Provide for clear responsibilities for overseeing and managing third-party relationships and the risk management process;
• Maintain proper documentation and reporting to encourage oversight, accountability, monitoring and risk management; and
• Independently review the risk management process to enable management to assess that the bank's process aligns with its strategy and effectively manages risks from third-party relationships.

The guidance rescinds OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk." Release. Guidance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.