(270) 506-5140 CONTACT US

Actions Required to Comply with OCC Bulletin 2017-7

Feb 8, 2017 by Branan Cooper

On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing third party risk management at OCC financial institutions.

About Bulletin 2017-7

The document is a highly detailed playbook of items that examiners should consider, covering all aspects of third party risk management.

Unlike some forms of regulatory guidance, there is not an exemption of certain financial institutions based on asset size; this guidance applies to all OCC financial institutions. The guidance is follow up to the OCC’s widely known Bulletin 2013-29, which is generally considered the gold standard for third party risk management practices.

Actions Required to Comply

So, what do you need to do to comply with this 2017-7? Here's some recommendations:

  • Compare it with your third party risk program: It’s a great time to look at your program and lay it out beside this new exam procedure guideline and make sure it covers all of the guidance.
  • Update your team: Involve your leadership team and make sure to update your board on the expectations.
  • Involve counsel and audit team: It’s always prudent to involve your counsel and audit team in reviewing your policy, program and procedures alongside Bulletin 2017-7 just to be certain you don’t miss any salient points.
  • Find weaknesses: Determine any areas that require additional attention, staffing or resources.
  • Test it: Consider choosing a few particular third parties and go through and ask yourself the questions laid out in the procedures to be sure you have adequate and well-documented answers.
  • Report it: Document this all carefully and report the results to your senior leadership team and the board.

The procedures are sweeping and detailed and require great attention. When your next examination rolls into town, you’ll need to be prepared to meet these heightened expectations.

Even if you’re not an OCC financial institution, it’s prudent to make sure you’re at this level of maturity in your third party program as these represent the most up to date and best in class practices.

For more information on this OCC Bulletin 2017-7, download our guide

Guide on OCC Bulletin 2017-7

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog