Managing third-party risk for finance is critical for compliance, as well as protecting sensitive information and maintaining customer trust. While third-party risk is nothing new in the finance industry, there remains a need for resources to assist organizations in developing and executing their third-party risk programs.
Below, we’ve aggregated resources from governing bodies, industry organizations, and others to help enable your team to succeed.
Register for our upcoming webinar, Third-Party Risk for Finance: How OneTrust Vendorpedia Helps, on Nov. 6th, 1:00pm ET.
1) Office of Comptroller of Currency (OCC)
The Office of Comptroller of Currency (OCC) “charters, regulates, and supervises all national banks and federal savings associations.” In doing so, the OCC offers risk management guidance to banks and financial institutions to help with the management of third-party relationships. These bulletins, as they are called, help guide those operating in the finance industry to develop effective third-party risk management practices throughout the lifecycle of relationships, from planning to termination.
Third-Party Risk for Finance – Relevant and Helpful OCC Guidance:
- OCC Bulletin 2002-16 | Bank Use of Foreign-Based Third-Party Service Providers: Risk Management Guidance
- OCC Bulletin 2013-29 | Third-Party Relationships: Risk Management Guidance
- OCC Bulletin 2017-21 | Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29
The OCC Newsroom is an additional helpful resource for those managing third-party risks in banking and finance. Use the newsroom to easily filter by third-party risk related topics. Additionally, the OCC releases a semiannual risk perspective report, which highlights many threats including operational, compliance, and increasingly, third-party risks.
2) American Bankers Association (ABA)
The American Bankers Association (ABA) is an organization founded more than 125 years ago. Throughout their tenure, the ABA has dedicated themselves to “delivering the latest industry news to developing mission-critical training offerings, we support America’s banks as they perform their vital role in energizing the economy and helping communities thrive.” This mission has led to the development of many third-party risk resources and training tools to help banks securely manage their third-party relationships.
Third-Party Risk for Finance – Relevant and Helpful ABA Resources:
- American Bankers Association (ABA) Hub
- Vendor Risk Management Self-Paced Training ($375 for non-members)
- Security Ratings: A Tool as Part of a Risk Management Program Whitepaper
3) Securities Industries and Financial Markets Association (SIFMA)
The Securities Industries and Financial Markets Association (SIFMA) makes the list by advocating “on legislation, regulation and business policy, affecting retail and institutional investors, equity and fixed income markets and related products and services.” The organization offers many resources helpful for those in the finance industry, and many of those assets relate specifically to third-party risk.
Third-Party Risk for Finance – Relevant and Helpful SIFMA Resources:
SIFMA has also developed a toolkit of assets that map to the OCC Risk Management Lifecycle for Third-Party Risk. Download the entire SIFMA third-party risk management program toolkit which includes guidance on third-party risk program implementation tips, due diligence and third-party selection, and ongoing monitoring.
4) Federal Deposit Insurance Corporation (FDIC)
The Federal Deposit Insurance Corporation (FDIC) “preserves and promotes public confidence in the U.S. financial system.” In the process, the FDIC “directly examines and supervises about 4,000 banks and savings banks for operational safety and soundness, more than half of the institutions in the banking system.” Third-party relationships are fall within the scope of the FDIC’s examination and supervision.
Third-Party Risk for Finance – Relevant and Helpful FDIC Resources:
- Regulatory Guidance: Risk Management Supervision – Outsourcing and Third-Party Providers (Vendor Management)
- FDIC on Third-Party Providers: Benefits and Risks
- FDIC Consumer Compliance Examination Manual: Third-Party Risk
5) Federal Financial Institutions Examination Council (FFIEC)
The Federal Financial Institutions Examination Council (FFIEC), the Council, as it’s often referred to, is a “formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System.” The FFIEC has developed the IT Examination Handbook Infobase to deliver introductory, reference, and educational training material. The infobase contains numerous resources, including those dedicated to the supervision of technology service providers.
Relevant and Helpful FFIEC Resources:
- Outsourcing Technology Booklet
- Outsourcing Technology Services IT Work Program
- The FFEIC’s Extensive Glossary
While these resources are extremely beneficial in the development of your financial institution’s third-party risk program and the education of your team, there is still a gap that third-party risk software can fill. OneTrust Vendorpedia offers banking and finance organizations the technology they need to streamline, scale, and create an audit-ready third-party risk program.