relationships. That being said, financial institutions must manage all third-party relationships, but not necessarily to the same extent as the principles within the guidance can be tailored to the relationship. The Interagency Guidance provides a number of examples, which should not be interpreted as exhaustive, that financial institutions may consider for their due diligence processes. But, the agencies do note that the guidance does not impose any new regulatory requirements. While the new Interagency Guidance may not create new regulatory requirements for financial institutions, it is focused on managing various risks associated with outsourcing certain products, services and activities, especially those impacting consumers. The guidance is a reminder to financial institutions that consumer protections and compliance remain a priority among the regulatory agencies. The guidance emphasizes compliance and consumer protections, as those phrases, and similar phrases, are mentioned numerous times throughout the guidance. Financial institutions must be particularly diligent in ensuring they, and their third-party service providers, abide by and comply with all applicable laws and regulations. This includes ensuring that their financial institution, and any of third-party services providers, do not engage in any unfair and deceptive acts or practices. The new Interagency Guidance provides clarification regarding the oversight of a third party’s subcontractors, indicating that financial institutions should focus on the selection and oversight processes of their third party. Financial institutions are not expected to oversee the subcontractors directly. The guidance also clarifies and distinguishes the roles of the board of directors and senior management when it comes to third-party oversight. The guidance provides various factors that a board of directors may consider for carrying out their responsibilities, and it also identifies activities and responsibilities in which management may perform. Many see this new Interagency Guidance as a signal to financial institutions that enhanced risk management practices are an area of focus for regulators and are critical to the safety and soundness of an institution. This guidance, along with other recent consent orders, may be foreshadowing the supervisory focus on vendor management relationships and the bank’s risk management practices for maintaining such relationships. However your institution interprets the new guidance, it is essential that a review of its current policy/procedures and risk management practices is conducted to ensure it aligns with the new Interagency Guidance. Since much of the guidance seems to highlight due diligence, contracts and the management of third-party risk and relationships, banks should consider integrating or at least addressing their third-party relationship risk management program with their overall ERM (enterprise risk management) program. Julia A. Gutierrez serves as Director of Education for Compliance Alliance, developing curriculum and presentations as well as presenting at various schools and seminars, both live and in a livestream/hybrid format. Julia has over 20 years of financial industry experience with the Compliance Alliance team. 15 Colorado Banker
RkJQdWJsaXNoZXIy MTg3NDExNQ==