OCC Bulletin 2023-17 | June 6, 2023

Third-Party Relationships: Interagency Guidance on Risk Management

To

Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Summary

The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) today issued the "Interagency Guidance on Third-Party Relationships: Risk Management."

Rescissions

This bulletin rescinds¹

OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance"
OCC Bulletin 2020-10, "Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29"

Note for Community Banks

This guidance applies to all banks with third-party relationships.²

Highlights

The final interagency guidance

promotes consistency in the agencies’ supervisory approach to third-party risk management.
outlines the third-party risk management life cycle and identifies risk management principles applicable to each stage of the life cycle.
clarifies that not all third-party relationships present the same level of risk or criticality to a bank’s operations.
describes sound risk management principles to consider when developing and implementing third-party risk management practices, commensurate with the bank’s risk profile and complexity as well as the criticality of the activity supported by the third party.

Further Information

Please contact Tamara Culler, Director for Governance and Operational Risk Policy, Operational Risk Policy Division, at (202) 649-6550.

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy