Skip to content

How to gain more from operational risk management practices.
Modern risk management technology solutions improve efficiency and provide greater visibility into risks. Today’s tools provide real-time visibility, action plans, enhanced reporting and business intelligence, and proactive notifications for operational risk. Real-time data empowers banks and financial services organizations to proactively manage risks and instantly detect and mitigate emerging issues. Click here to learn more.


OCC adds FAQs on third-party relationships

OCC Bulletin 2020-10, issued yesterday, contains updated FAQs to supplement OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013. These FAQs are intended to clarify the OCC’s existing guidance and reflect evolving industry trends.

The new bulletin rescinds OCC Bulletin 2017-21, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29,” issued on June 7, 2017. The FAQs from Bulletin 2017-21 have been incorporated unchanged into the new bulletin, except for question No. 24, which was updated to reflect current AICPA Service Organization Control report information.

Topics addressed include:

  • the terms “third-party relationship” and “business arrangement.”
  • when cloud computing providers are in a third-party relationship with a bank.
  • when data aggregators are in a third-party relationship with a bank.
  • risk management when the bank has limited negotiating power in contractual arrangements.
  • critical activities and how a bank can determine the risks associated with third-party relationships.
  • bank management’s responsibilities regarding a third party’s subcontractors.
  • reliance on and use of third party-provided reports, certificates of compliance, and independent audits.
  • risk management when third party has limited ability to provide the same level of due diligence-related information as larger or more established third parties.
  • risk management when using a third-party model or when using a third party to assist with model risk management.
  • use of third-party assessment services in managing third-party relationship risks.
  • a board’s approval of contracts.
  • risk management when obtaining alternative data from a third party
Filed under: 

Training View All

Penalties View All

Search Top Stories