Federal Deposit Insurance Corporation
550 17th Street NW, Washington, DC 20429-9990
Financial Institution Letter
FIL-50-2021
July 13, 2021
Proposed Interagency Guidance on
Third-Party Relationships: Risk Management
Distribution:
FDIC-Supervised Institutions
Suggested Routing:
Board of Directors
Chief Executive Officer
Chief Financial Officer
Chief Risk Officer
Chief Compliance Officer
Attachments:
Proposed Interagency Guidance on Third-
Party Relationships: Risk Management
Contacts:
Thomas F. Lyons
Corporate Expert in Examination Policy,
Division of Risk Management Supervision
202-898-6850
TLyons@fdic.gov
Paul Robin
Chief, Supervisory Policy Section, Division
of Depositor and Consumer Protection
202-898-6818
probin@fdic.gov
Marguerite Sagatelian
Senior Special Counsel, Legal Division
202-898-6690
Msagatelian@fdic.gov
Related Topics:
Guidance for Managing Third-Party Risk
Part 364 -Standards for Safety and
Soundness
Notes:
Access FDIC Financial Institution Letters
(FILs) on the FDIC's website.
Subscribe to receive FILs electronically.
Paper copies may be obtained through the
FDIC's Public Information Center, 3501
Fairfax Drive, E-1002, Arlington, VA 22226
(877-275-3342 or 703-562-2200).
Summary:
The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the
Federal Reserve System (Board), and the Office of the Comptroller of the Currency
(OCC) (collectively, the agencies) are seeking comment on proposed guidance on
managing risks associated with third-party relationships. The proposed guidance
offers a framework of sound risk management principles to assist banking
organizations in managing third-party relationships, and promotes compliance with all
applicable laws and regulations, including those related to consumer protection. The
proposed guidance takes into account the level of risk, complexity, and size of the
banking organization and the nature of the third-party relationship. The proposed
guidance would replace each agency’s existing guidance on this topic and would be
directed to all banking organizations supervised by the agencies.
A copy of the Guidance can be found on the FDIC’s website.
Statement of Applicability: This Financial Institution Letter applies to all FDIC-
supervised institutions.
Highlights:
• The agencies are publishing for comment proposed guidance on managing
risks associated with third-party relationships.
• The proposed guidance offers a framework based on sound risk
management principles for banking organizations to consider in developing
risk management practices throughout the life cycle of third-party
relationships, including planning to manage the relationship and its risks,
due diligence and third-party selection, contract negotiation, oversight and
accountability, ongoing monitoring, and termination.
• The proposed guidance also offers a framework that takes into account the
level of risk, complexity, and size of the banking organization and the nature
of the third-party relationship, and promotes compliance with applicable
laws and regulations, including those related to consumer protection.
• The proposed guidance also discusses supervisory reviews of third-party
relationships.
• After consideration of the comments received and the guidance is adopted
by the Agencies in final form, the guidance would replace the FDIC’s
Guidance for Managing Third-Party Risk and the FDIC would rescind FIL
44-2008 (June 6, 2008).
• Comments will be accepted for 60 days after publication in the Federal
Register.Inactive
550 17th Street NW, Washington, DC 20429-9990
Financial Institution Letter
FIL-50-2021
July 13, 2021
Proposed Interagency Guidance on
Third-Party Relationships: Risk Management
Distribution:
FDIC-Supervised Institutions
Suggested Routing:
Board of Directors
Chief Executive Officer
Chief Financial Officer
Chief Risk Officer
Chief Compliance Officer
Attachments:
Proposed Interagency Guidance on Third-
Party Relationships: Risk Management
Contacts:
Thomas F. Lyons
Corporate Expert in Examination Policy,
Division of Risk Management Supervision
202-898-6850
TLyons@fdic.gov
Paul Robin
Chief, Supervisory Policy Section, Division
of Depositor and Consumer Protection
202-898-6818
probin@fdic.gov
Marguerite Sagatelian
Senior Special Counsel, Legal Division
202-898-6690
Msagatelian@fdic.gov
Related Topics:
Guidance for Managing Third-Party Risk
Part 364 -Standards for Safety and
Soundness
Notes:
Access FDIC Financial Institution Letters
(FILs) on the FDIC's website.
Subscribe to receive FILs electronically.
Paper copies may be obtained through the
FDIC's Public Information Center, 3501
Fairfax Drive, E-1002, Arlington, VA 22226
(877-275-3342 or 703-562-2200).
Summary:
The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the
Federal Reserve System (Board), and the Office of the Comptroller of the Currency
(OCC) (collectively, the agencies) are seeking comment on proposed guidance on
managing risks associated with third-party relationships. The proposed guidance
offers a framework of sound risk management principles to assist banking
organizations in managing third-party relationships, and promotes compliance with all
applicable laws and regulations, including those related to consumer protection. The
proposed guidance takes into account the level of risk, complexity, and size of the
banking organization and the nature of the third-party relationship. The proposed
guidance would replace each agency’s existing guidance on this topic and would be
directed to all banking organizations supervised by the agencies.
A copy of the Guidance can be found on the FDIC’s website.
Statement of Applicability: This Financial Institution Letter applies to all FDIC-
supervised institutions.
Highlights:
• The agencies are publishing for comment proposed guidance on managing
risks associated with third-party relationships.
• The proposed guidance offers a framework based on sound risk
management principles for banking organizations to consider in developing
risk management practices throughout the life cycle of third-party
relationships, including planning to manage the relationship and its risks,
due diligence and third-party selection, contract negotiation, oversight and
accountability, ongoing monitoring, and termination.
• The proposed guidance also offers a framework that takes into account the
level of risk, complexity, and size of the banking organization and the nature
of the third-party relationship, and promotes compliance with applicable
laws and regulations, including those related to consumer protection.
• The proposed guidance also discusses supervisory reviews of third-party
relationships.
• After consideration of the comments received and the guidance is adopted
by the Agencies in final form, the guidance would replace the FDIC’s
Guidance for Managing Third-Party Risk and the FDIC would rescind FIL
44-2008 (June 6, 2008).
• Comments will be accepted for 60 days after publication in the Federal
Register.Inactive