Laws and Regulations
Key laws and regulations that pertain to FDIC-supervised institutions; note that other laws and regulations also may apply depending on the nature of the third-party relationship.
- Appendix A to Part 364 — Interagency Guidelines Establishing Standards for Safety and Soundness (ecfr.gov) provide operational and managerial standards for safety and soundness, and institutions should ensure that third-party relationships are managed consistent with these standards
- Appendix B to Part 364 — Interagency Guidelines Establishing Information Security Standards (ecfr.gov) address administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information
Supervisory Resources
Frequently asked questions, advisories, statements of policy, and other information issued by the FDIC alone, or on an interagency basis, provided to promote safe-and-sound operations.
- Interagency Guidance on Third-Party Relationships: Risk Management provides sound principles that support a risk-based approach to third-party risk management that banking organizations may consider when developing and implementing risk management practices for all stages in the life cycle of third-party relationships.
- Statement Concerning the Responsibilities of Bank Directors and Officers (FIL-87-92) addresses duties of loyalty and care owed to shareholders, depositors, and other creditors of the bank
- Section VII. Unfair and Deceptive Practices - Third-Party Risk of the Consumer Compliance Examination Manual provides a framework for an effective compliance management system when considering third-party relationships
Other Resources
Supplemental information related to safe-and-sound banking operations.
- FDIC's Supervisory Insights — Special Corporate Governance Edition 2016 - PDF discusses key governance concepts, roles, and responsibilities of directors and senior management
- The BSA/AML Resource Page and Information Technology Resource Page provide relevant information useful to manage third-party relationships if the activities are subject to BSA/AML regulations or relate to IT
- The Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks - PDF is intended to help community banks in conducting due diligence when considering relationships with fintech companies.
- Third-Party Risk Management - A Guide for Community Banks - PDF is intended as a resource for community banks in developing and implementing third-party risk management programs, policies, and practices.