How to gain more from operational risk management practices.
Modern risk management technology solutions improve efficiency and provide greater visibility into risks. Today’s tools provide real-time visibility, action plans, enhanced reporting and business intelligence, and proactive notifications for operational risk. Real-time data empowers banks and financial services organizations to proactively manage risks and instantly detect and mitigate emerging issues. Click here to learn more.
OCC adds FAQs on third-party relationships
OCC Bulletin 2020-10, issued yesterday, contains updated FAQs to supplement OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013. These FAQs are intended to clarify the OCC’s existing guidance and reflect evolving industry trends.
The new bulletin rescinds OCC Bulletin 2017-21, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29,” issued on June 7, 2017. The FAQs from Bulletin 2017-21 have been incorporated unchanged into the new bulletin, except for question No. 24, which was updated to reflect current AICPA Service Organization Control report information.
Topics addressed include:
- the terms “third-party relationship” and “business arrangement.”
- when cloud computing providers are in a third-party relationship with a bank.
- when data aggregators are in a third-party relationship with a bank.
- risk management when the bank has limited negotiating power in contractual arrangements.
- critical activities and how a bank can determine the risks associated with third-party relationships.
- bank management’s responsibilities regarding a third party’s subcontractors.
- reliance on and use of third party-provided reports, certificates of compliance, and independent audits.
- risk management when third party has limited ability to provide the same level of due diligence-related information as larger or more established third parties.
- risk management when using a third-party model or when using a third party to assist with model risk management.
- use of third-party assessment services in managing third-party relationship risks.
- a board’s approval of contracts.
- risk management when obtaining alternative data from a third party