Sageworks releases whitepaper on OCC Risk Management Guidance for Third Party Relationships

RALEIGH, NC (March 31, 2014) – Sageworks, a financial information company that provides risk management solutions to banks and credit unions, has released a whitepaper on OCC risk management guidance for third party relationships. Examiners have always expected banks and credit unions to perform appropriate vendor due diligence prior to engaging a third party. But with October 2013 guidance, Third-Party Relationships, the OCC provided defined guidelines for OCC banks as a risk management framework.

As the announcement points out, banks face new and increased operational, compliance, reputation, strategic and credit risks when entering into an agreement with a third party, especially when the agreement covers “critical activities.” As such, the OCC asks banks to develop a risk management process proportionate to the level of risk within the relationship.

Third-party relationships are defined as a business arrangement between a bank and an outside entity, by contract or otherwise. Some examples are tax, legal, audit or information technology. By entering into agreements with third parties, it is the board members’ and senior management’s responsibility that contracted activities fall in line with regulatory guidance and uphold safety and soundness for the institution.

When circumstances warrant, the OCC will apply corrective measures to ensure banks’ relationship management standards are appropriate, and these measures could include enforcement actions, special examinations and the assessment of civil money penalties.

On December 5, 2013, shortly after the OCC release, the Board of Governors of the Federal Reserve System issued Guidance on Managing Outsourcing Risk to supplement guidance previously issued on technology service provider risk. While the Federal Reserve’s guidance is less comprehensive than the new guidance set forth by the OCC, many of the themes are similar.

As banks continue to increase the number and complexity of third -party relationships, the OCC is concerned that the quality of risk management in the relationship may not be commensurate with the level of inherent risk. This includes proper due diligence when selecting a vendor, but it also extends into the relationship.

An effective risk management process includes a continuous life cycle for all third-party relationships and covers:

  • Planning
  • Due diligence and third -party selection
  • Contract negotiation
  • Ongoing monitoring
  • Termination

For more information, download the full whitepaper on Sageworks website.

About Sageworks
Raleigh, N.C.-based Sageworks is a financial information company. Sageworks’ data and applications are used by thousands of financial professionals across North America to analyze privately held companies and to manage and calculate risk in their loan portfolios. The company has been named to the Inc. 500 list of the fastest growing, privately held companies in the U.S. and to the Deloitte Technology Fast 500. 

More News