Agencies Issue Final Guidance on Third-Party Risk Management
For release at 2:00 PM EDT
Federal bank regulatory agencies today issued final joint guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies.
The final guidance describes principles and considerations for banking organizations’ risk management of third-party relationships. The final guidance covers risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination.
The final guidance includes illustrative examples to help banking organizations, particularly community banks, align their risk management practices with the nature and risk profile of their third-party relationships. The agencies plan to engage with community banks immediately and develop additional resources in the near future to assist them in managing relevant third-party risks.
The final guidance replaces each agency’s existing general third-party guidance and promotes consistency in the agencies’ supervisory approaches toward third-party risk management. The final guidance reflects streamlined language and improved clarity based on the agencies’ consideration of public comments on the proposed guidance released in July 2021.