An official website of the United States government
Parts of this site may be down for maintenance from Thursday, December 19, 9:00 p.m. Sunday, December 22, 9:00 a.m. (Eastern).
OCC Bulletin 2024-11 | May 3, 2024
Share This Page:
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) today published Third-Party Risk Management: A Guide for Community Banks.
This guide is designed for community banks. Although the guide discusses community bank relationships, the content may be useful for banks of any size.1
The guide
Community banks engage with third parties to help the banks compete in and respond to an evolving financial services landscape. Third-party relationships can offer community banks access to new technologies, risk management tools, human capital, delivery channels, products, services, and markets. Reliance on third parties, however, reduces a bank’s direct operational control over activities and may introduce new risks or increase existing risks. Due to the varied risks associated with third-party relationships, it is important for community banks to appropriately identify, assess, monitor, and control these risks and ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.
This guide serves as a resource for bank management in accordance with the principles communicated in the “Interagency Guidance on Third-Party Relationships: Risk Management”2 and “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks.”3 The guide does not anticipate all types of third-party relationships or risks and should not be viewed as all-inclusive. Use of the guide is voluntary, and the relevance of specific information within the guide depends on the bank’s size, complexity, and risk profile, and the nature of the specific third-party relationship.
Please contact Tamara Culler, Director for Governance and Operational Risk Policy, Operational Risk Policy Division, at (202) 649-6550.
Grovetta N. Gardineer Senior Deputy Comptroller for Bank Supervision Policy
1 "Banks" refers collectively to national banks, federal savings associations, covered savings associations, and federal branches and agencies of foreign banking organizations.
2 For more information, refer to OCC Bulletin 2023-17, “Interagency Guidance on Third-Party Relationships: Risk Management.”
3 For more information, refer to OCC Bulletin 2021-40, “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks.”