Article
OCC standards require strict oversight of third-party relationships
May 2, 2016
It’s no longer enough for banks and other financial institutions to simply have good working relationships with the third parties that provide IT and other services.
Stricter standards and increased scrutiny by the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB), as well as the Federal Deposit Insurance Corporation (FDIC) and the Federal Financial Institutions Examination Council (FFIEC), mean financial institutions now have the same responsibilities for in-house and out-of-house services.
For many banks and non-banks, this will mean reevaluating vendor relationships and instituting increased safeguards and oversight to meet these new, stricter standards.
In short, many of the same risk management practices used for internal operations will have to be applied to vendor relationships and operations. Even if customers choose their own vendors for various services, such as real estate settlements, the CFPB says that the lender is still responsible.
Highlights of the standards
CFPB Bulletin 2012-03 and OCC Bulletin 2013-29 include a number of regulations that cover every aspect of the relationship between banks and third-party vendors, including:
- Due diligence
- Internal policies and procedures
- Contracting for compliance
- Internal controls and oversight
