utah.bank 14 must ensure that if a third-party provider uses subcontractors for any part of the bank’s outsourced activities, the third party provides adequate oversight of its subcontractors. The use of subcontractors must be considered during all stages of the Life Cycle. Oversight of the Third-Party Risk Management Program The Third-Party Relationship Life Cycle also contemplates oversight of the third-party risk management program. While the regulators’ compliance management system (CMS) examination procedures do not include provider oversight as a formal component of the CMS, they do state that compliance expectations extend to provider relationships. Therefore, thirdparty risk management should be incorporated into the bank’s CMS, including: Policies and procedures that define risk/criticality, minimum due diligence and ongoing monitoring activities based on risk, and minimum contract provisions; and address oversight of and accountability for the program Training for bank staff responsible for third-party oversight Monitoring, testing, and audit of the program Complaint management related to third-party providers Third-party risk management continues to be an increasing regulatory focus. Understanding the details of sound risk management outlined in the proposed guidance and enhancing your third-party risk management program commensurate with the risk level of your bank’s service provider relationships will place the bank in a more favorable position for the next regulatory examination. n Tracey is a managing director at CrossCheck Compliance LLC and a regulatory compliance and risk management professional with over 30 years of experience in the financial services industry. Prior to joining CrossCheck, Tracey was Senior Vice President, Compliance at Standard Bank & Trust, now Old National Bank; and, before that, she was Assistant Vice President, Community Bank Examinations at the Federal Reserve Bank of Chicago. She also previously held positions in compliance, accounting, and operations at community banks. Having worked as both a prudential regulator and in banking institutions, Tracey has demonstrated expertise in compliance, including extensive knowledge of lending and deposit regulations, with a recent concentration on fintech. Tracey can be reached at tlevandoski@crosscheckcompliance.com. Utah's #1 Small Business Lender. Eric and Jason Stevens Owners, Maple Leaf Company SBA 504 loan recipients Learn more at: greatbasinseeds.com BIG THINGS COME IN SMALL BUSINESSES 801 .474.3232 | mwsbf .com SBA 504 LOAN.
RkJQdWJsaXNoZXIy ODQxMjUw