Learning the Fundamentals of Third-Party Risk Management
New to third-party risk? We've got you covered.
Learn the key takeaways from important third-party risk regulatory guidance released by the OCC, FDIC and FFIEC.
Welcome to today's Third Party Thursday! My name is Branan Cooper and I'm the Chief Risk Officer here at Venminder.
Like any course, it's appropriate to study the source material - and there's lots of it out here. A few of our favorites are published on the regulators' websites.
- On the FDIC website at FDIC.gov, look for Financial Institution Letter (FIL) 44-2008 and 3-2012 - they are pretty much the foundational documents for third party risk management.
- On the OCC website at OCC.gov, look for Bulletin 2013-29, 2017-7 and 2017-21 - the guidance reinforces the need to keep your senior management team and your board informed on third party risk issues - it also introduces the concept of a lifecycle, rather than a static approach, to third party risk management.
- On the FFIEC website at FFIEC.gov, look for Appendix J and Appendix E - perhaps alphabetically incorrect, but in chronological order of recent updates. They are highly prescriptive in terms of what examiners expect.
Need more information? We're here to help. If you haven't already done so, please subscribe to our Third Party Thursday series. Again, I'm Branan and thank you for listening!
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources, and more to your inbox.