Skip to Content
Client Payment

Events In the News

Regulators Release Third-Party Risk Management Guidance for Community Banks

on Friday, 24 May 2024 in Technology & Intellectual Property Update: Arianna C. Goldstein, Editor

This month, banking regulators released guidance directed to community banks in connection with the banks’ third-party risk management practices (the “Third-Party Guidance”). The Third-Party Guidance follows the banking agencies’ prior third-party risk management guidance that was issued in June of 2023 and is intended to complement that prior guidance by assisting community banks with developing and implementing their own third-party risk-management programs.

In large part, the Third-Party Guidance serves as a recitation of the prior guidance from June of 2023. It reminds community banks of their overall responsibility of the actions of their third-party vendors including compliance with consumer protections laws and regulations. Like the prior guidance, the Third-Party Guidance directs community banks to view their third-party relationships as part of a risk-management life cycle that covers (i) planning, (ii) initial due diligence and selection, (iii) contract negotiation, (iv) ongoing review and monitoring, and (v) termination.

While the Third-Party Guidance does not have the force of law and is not intended to impose new requirements on banks, it does offer some further details banks can look to within the various third-party life cycle components that may be valuable. In particular, the Third-Party Guidance features illustrative examples for banks to review and use for each stage of the life cycle.

In addition, the Third-Party Guidance includes governance practices community banks are expected to employ to manage third-party relationships, including oversight and accountability, independent review, and documentation and reporting. The Third-Party Guidance notes that ultimate accountability for such governance rests with the bank’s board of directors.  

Finally, the Third-Party Guidance includes a helpful resource page that provides links not only to the prior third-party risk management guidance but to other bank resources as well, such as specific guidance for banks conducting due diligence on financial technology companies.

A copy of the Third-Party Guidance is available here.

Eli A. Rosenberg
back

1700 Farnam Street | Suite 1500 | Omaha, NE 68102 | 402.344.0500

Law Firm Website Design