Guidance on OCC Bulletins 2017-7 and 2017-21

Podcast Transcript

Welcome to Third Party Thursdays, my name is Branan Cooper and I am the Chief Risk Officer here at Venminder.

I wanted to talk a little bit today about some of the new Office of the Comptroller of Currency, or OCC guidance that has come out this year. So far, we’ve seen the OCC issue two separate bulletins on third party risk management.  

The first one came out in January, Bulletin 2017-7, which was the supplemental examination guide for third party risk management. It really did not introduce any new concepts or any new procedures for third party risk, but it did an excellent job reinforcing some of the basics of third party risk management. It made it quite clear that the responsibility for third party risk really flows up to the board.  
 
The other item that came out in June was Bulletin 2017-21, which was frequently asked questions in third party risk management. Basically, it was an update to the guidance that was issued four years ago.

This detailed questions and answers bulletin really went through all of the principals of third party risk management. It did introduce a couple of new concepts in terms of new types of third parties that should be included in scope, and also reinforces the notion of the board ultimately being responsible for third party risk management.

It also made very clear that it is ok to collaborate among banks when it comes to certain types of third party risk management practices, but ultimately the responsibility for making sure the third party complies is up to each individual institution. 

If you haven’t had the chance to do so already, please go to occ.gov to go through both of these bulletins.  

Again, I’m Branan Cooper and thank you very much for listening. If you haven’t already done so, please subscribe to our Third Party Thursday series.