Interagency Third-Party Risk Guidance
United States
2023
Cybersecurity
Overview
The Interagency Guidance on Third-Party Relationships: Risk Management, finalized in June 2023, is a unified supervisory framework issued by the Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC). It replaces prior agency-specific guidance and outlines risk management expectations for financial institutions when working with third parties.The guidance establishes a lifecycle approach covering planning, due diligence, contract negotiation, ongoing monitoring, and termination. It applies to national banks, federally insured state banks, U.S. bank holding companies, savings associations, and their third-party service providers, including fintechs, cloud providers, and core banking vendors.
Key Obligations
- Develop a risk-based third-party risk management framework
- Conduct comprehensive due diligence on critical third parties
- Define clear roles, responsibilities, and performance expectations in contracts
- Monitor third-party activities, cybersecurity, compliance, and financial condition
- Maintain records of all third-party relationships and risk classifications
- Ensure board and senior management oversight for critical relationships
- Report significant third-party disruptions or breaches to regulators
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
KYB
Know Your Business verification solutions to authenticate business entities and ensure compliance with regulatory requirements.
Criminal Screening
Thorough background checks and criminal record verification to ensure compliance and maintain security standards in your onboarding process.
