On Oct. 31, the Office of the Comptroller of the Currency (OCC) issued Risk Management Guidance to assist banks in understanding how to assess and manage the risks associated with third-party relationships.  Due to the fact that institutions are being directly held responsible for actions taken by third party vendors, it is critical for banks to have effective monitoring in place to maintain in compliance with applicable laws and protect its customers.

Bank’s third party risk management process should include:

  • Adopt a risk management processes commensurate with the level of risk and complexity of its third-party relationships.
  • Ensure comprehensive risk management and oversight of third-party relationships involving critical activities.
  • Effective risk management process continues throughout the life cycle of the relationship and should include:
    •  Plans that outline the bank’s strategy, identify the inherent risks of the activity, and detail how the bank selects, assesses, and oversees the third party.
    • Complete due diligence in selecting a third party to select the right one.
    • Written contracts that outline the rights and responsibilities of all parties.
    • On-going monitoring of the third party’s activities and performance.
    • Contingency plans for terminating the relationship in an effective manner.
    • Define clear roles and responsibilities for overseeing and managing the relationship and risk management process.
    • Documentation and reporting that facilitates oversight, accountability, monitoring, and risk management.
    • Independent reviews that allow bank management to determine that the bank’s process aligns with its strategy and effectively manages risks.

If you need help putting together a third party risk management program, contact Doeren Mayhew’s Financial Institutions Group specialists in Michigan, Houston or Ft. Lauderdale.