Skip to main content OCC Bulletin 2020-10| March 5, 2020 ToChief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties SummaryThe Office of the Comptroller of the Currency (OCC) is issuing frequently asked questions (FAQ) to supplement OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance," issued October 30, 2013. These FAQs are intended to clarify the OCC's existing guidance and reflect evolving industry trends. This new bulletin rescinds OCC Bulletin 2017-21, "Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29," issued on June 7, 2017. The FAQs from OCC Bulletin 2017-21 have been incorporated unchanged into this new bulletin, except for question No. 24, which was updated to reflect current AICPA Service Organization Control report information. The FAQ numbers from OCC Bulletin 2017-21 are noted in parentheses throughout this bulletin. Note for Community BanksThis bulletin applies to community banks.1 HighlightsTopics addressed in the new FAQs include
BackgroundOCC Bulletin 2013-29 addresses risk management of third-party relationships. The OCC expects a bank to practice effective risk management regardless of whether the bank performs an activity internally or through a third party. A bank's use of third parties does not diminish the bank's responsibility to perform the activity in a safe and sound manner and in compliance with applicable laws and regulations. A bank's third-party risk management should be commensurate with the level of risk and complexity of its third-party relationships; the higher the risk of the individual relationship, the more robust the third-party risk management should be for that relationship. It is up to bank management to determine the risks associated with each of the bank's third-party relationships. Frequently Asked Questions
Further InformationPlease contact Lazaro Barreiro, Director for Governance and Operational Risk Policy, Operational Risk Division, at (202) 649-6550. Grovetta N. Gardineer Related Link
|