(270) 506-5140 CONTACT US

Vendor Risk Management and The Fed

Jun 25, 2018 by Branan Cooper

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators. We have seen a groundswell of new regulatory guidance, some more stringent than others. 

The Fed Guidance – What’s Included 

The Federal Reserve Bank (FRB or The Fed) guidance on outsourcing risk management is Supervisory Letter SR 13-19 referenced here, which was issued in December 2013, shortly after the OCC's landmark guidance Bulletin 29-2013. The Fed guidance does not delve as heavily into the actual risk assessment process but spends a great deal of time identifying contractual standards that should be included, which states the contracts should clearly define the rights and responsibilities of each party with a detailed overview to further explain the expectations.

In addition, the Fed identified concentration risk as an area of concern, which is a marked difference from most of the other regulatory guidance. Concentration risk is the aggregation of too much product or service with a particular provider or geographic region.

In terms of due diligence, which is another major focus in the guidance, the primary focal points are around business background and reputation, financial performance and operational controls.

The Fed – Final Takeaways 

Unlike the other regulators' guidance, interestingly, the Fed guidance is notably silent on the topic of creating standards for termination and documentation requirements and the need for independent reviews. Even if regulated by the Fed, I’d encourage you to review OCC Bulletin 29-2013 for guidance surrounding these areas as it will be beneficial to include termination and exit strategies, documentation and independent review requirements in your overall program.

The approach to developing an effective vendor management program really should be with a holistic and scalable approach. Not every organization will have an abundance of resources, so an emphasis on highlighting and mitigating risk will give you the most bang for your buck.

Download our infographic to learn how to build an effective vendor risk management program.

Creating an Effective Vendor Contract Management System eBook

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog