Share This Page

OCC Issues Third-Party Risk Management Exam Procedures

January 25, 2017 / Source: OCC

OCC BULLETIN 2017-7

Subject: Third-Party Relationships
Date: January 24, 2017

To: Chief Executive Officers and Chief Risk Officers of All National Banks and Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties

Description: Supplemental Examination Procedures

Summary

The Office of the Comptroller of the Currency (OCC) is issuing examination procedures to supplement OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013. The supplemental procedures promote consistency when examining national banks and federal savings associations' (collectively, banks) risk management of third-party relationships. These procedures expand on the core assessment contained in the “Community Bank Supervision,” “Large Bank Supervision,” and “Federal Branches and Agencies Supervision” booklets of the Comptroller’s Handbook. These procedures use the concepts and definitions contained in OCC Bulletin 2013-29, including appendix A. Appendix B of OCC Bulletin 2013-29 provides additional guidance about third-party risk management practices in specific areas.

Note for Community Banks

These procedures may be used during examinations of a bank’s risk management of third-party relationships.

Highlights

These procedures are designed to help examiners

  • tailor the examination of each bank commensurate with the level of risk and complexity of the bank’s third-party relationships.
  • assess the quantity of the bank’s risk associated with its third-party relationships.
  • assess the quality of the bank’s risk management of third-party relationships involving critical activities.
  • determine whether there is an effective risk management process throughout the life cycle of the third-party relationship.

Further Information

Please contact Judi McCormick, Governance and Operational Risk Policy Analyst, Operational Risk Policy Division, at (202) 649-6550.

Bethany A. Dugan
Deputy Comptroller for Operational Risk

Related Links

“Supplemental Examination Procedures for Risk Management of Third-Party Relationships” (PDF)
OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” including appendixes A and B