Share This Page

Effective Date: Third-Party Risk Management A Guide for Community Banks

Community banks engage with third parties to compete in and respond to an evolving financial services landscape. Third-party relationships can offer community banks access to new technologies, risk-management tools, human capital, delivery channels, products, services, and markets. A community bankā€™s reliance on third parties, however, reduces its direct operational control over activities1 and may introduce new risks or increase existing risks, including, but not limited to, operational, compliance, financial, and strategic risks. Due to the varied risks associated with third-party relationships, it is important for community banks to appropriately identify, assess, monitor, and control these risks as well as ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.2 These laws and regulations include, but are not limited to, those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering). Engaging a third party does not diminish or remove a bankā€™s responsibility to operate in a safe and sound manner and to comply with applicable legal and regulatory requirements, including consumer protection laws and regulations, just as if the bank were to perform the service or activity itself. A community bank may engage an external party to conduct aspects of its third-party risk management. However, the bank cannot abrogate its responsibility to employ effective risk-management practices, including when using a third party to conduct third-party risk management on behalf of the bank.

https://www.occ.gov/news-issuances/news-releases/2024/pub-third-party-risk-management-guide-for-community-banks.pdf

  • May 3, 2024
  • Time: All Day