Financial Services Blog

Financial Services Third-Party Risk Management: New Guidance Released

The Office of the Comptroller of the Currency has issued new valuable guidance for how community banks should weigh risks of working with third parties. While the guidance is focused on community banks, financial institutions of all sizes and structures should consider these recommended practices.

Community financial institutions are facing increasing competition, and many are turning to third-party relationships to gain access to new technologies, products, and services. While these relationships can offer significant benefits, they also introduce new risks.

Third party risks for financial institutions

One of the larger risks associated with third-party relationships is the loss of direct operational control over activities. When a financial institution engages with a third-party, it relies on that party to perform activities on its behalf. This can create operational, compliance, financial, and strategic risks the institution must manage effectively.

Risk mitigation strategies for banks

To mitigate these risks, financial institutions must establish appropriate risk-management processes and controls. This includes:

  • Conducting due diligence to identify and assess potential third-party relationships.
  • Regular relationship monitoring to verify they comply with applicable laws and regulations.

In addition to these risks, financial institutions must also know the legal and regulatory requirements associated with third-party relationships. These requirements include consumer protection laws and regulations, as well as those addressing financial crimes such as fraud and money laundering.

While financial institutions may engage external parties to conduct aspects of third-party risk management — such as outsourced compliance services — they cannot delegate their own responsibility in effective risk-management practices. This means financial institutions must demonstrate they are operating in a safe and sound manner and complying with applicable legal and regulatory requirements, even when using a third-party to conduct third-party risk management. Remember, if one of your vendors has an issue or is providing poor service, your customers will look to you as the cause and for a solution.

Community financial institutions can benefit greatly from engaging with third parties, but they must manage the associated risks effectively. By establishing appropriate risk-management processes and controls, they can improve the security of third-party relationships and see they are compliant with applicable laws and regulations.

How we can help

If you’re looking to find out more on vendor management, join CLA for a complimentary webinar on this topic May 30. Register for Vendors, Banks, and Credit Unions in the Digital World today.

, Financial Services General, Information Technology, Regulatory Compliance | No Comments »

  • Digital Growth Director
  • CLA- Clifton Larson Allen
  • Charlotte, NC
  • 704.816.8575

Tim has more than 20 years of experience in operations, IT, cybersecurity, and digital strategic planning, most recently serving as a CTO/COO for a community bank. With a focus on financial services clients, he works with banks and credit unions to recognize the importance of data and embracing digital solutions to improve organizational performance while meeting the preferences of customers and members alike.

Comments are closed.

Subscribe to Blog   

We’re committed to helping you stay on top of issues and requirements affecting financial services companies. Check back often to learn about industry updates, new regulations, technology innovations, and fresh ideas that may help you prepare for future challenges.