The Federal Reserve, FDIC and Office of the Comptroller of the Currency today released a new guide to help community banks develop and manage third-party risk management practices. Among other things, the guide states that engaging a third party does not diminish or remove a bank’s responsibility to operate in a safe and sound manner, or to comply with legal and regulatory requirements, just as if the bank were to perform the service or activity itself.
“A community bank may engage an external party to conduct aspects of its third-party risk management,” the guide states. “However, the bank cannot abrogate its responsibility to employ effective risk-management practices, including when using a third party to conduct third-party risk management on behalf of the bank.”
The guide provides potential considerations, resources and examples through each stage of the third-party risk-management life cycle. It is not a checklist and does not prescribe specific risk-management practices or establish any safe harbors for compliance with laws or regulations, the agencies said. It also is not a substitute for the existing interagency guidance on third-party relationship risk management.