Skip to main content

Financial Services

Joint Guidance Provided to Banks to Manage Risks Associated With Third-Party Relationships


It’s not you. It’s the guidance.

Perficient provides risk management to more than 500 financial services organizations, many of whom have multiple bank regulators. Often an organization will have a state-charted non-member bank, which has the FDIC as its primary federal regulator. The same organization will typically have a national bank charter, and the OCC is the primary federal banking regulator for that part of the organization. The bank holding company and Federal Reserve member legal entities fall under the Federal Reserve as its primary federal regulator.

Until June 6 of this year, each of the federal bank regulators had provided the different organizations of that same firm with slightly different versions of their risk guidance. However, in what is sure to be a landmark in federal regulation, on June 6, 2023, the primary federal bank regulatory agencies issued final joint guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies.

The complete 60+ page guidance is available to readers here.

Guidance Summary

The final guidance covers risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination. Also of value is that the new guidance states that sound third-party risk management takes into consideration the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship.

The new federal risk guidance for banks does not remove the need for sound risk management. The guidance emphasizes that using third parties, especially those using new technologies, may present elevated risks to banking organizations and their customers, including operational, compliance, and strategic risks. Bank executives are urged to remember that using third parties neither removes nor diminishes the banking organizations’ responsibility to ensure that activities are performed safely, soundly, and in compliance with applicable laws and regulations. Such regulations include consumer protection (such as fair lending laws and prohibitions against unfair, deceptive, or abusive practices) and those addressing financial crimes including money laundering.

If you would like to speak with a Perficient subject matter expert about the new unified federal guidance or want to know how Perficient can help manage the risks your organization faces, please click here.

Thoughts on “Joint Guidance Provided to Banks to Manage Risks Associated With Third-Party Relationships”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Carl Aridas

Carl is certified in the Scaled Agile Framework (SAFe), a Scrum Master, and a Six Sigma Green Belt project manager with more than 25 years of experience in financial services overseeing large-scale development global, multi-currency accounting, regulatory reporting, and financial reporting software platforms. He has hands-on experience completing, reviewing, and filing Federal Reserve, FFIEC, and IRS reports, including Call Reports, Y9C reports, 2900 reports, TIC reports, and arbitrage rebate reports.

More from this Author

Follow Us