On June 7, 2017, the Office of the Comptroller of the Currency issued frequently asked questions that supplement the OCC’s 2013 guidance entitled “Third-Party Relationships: Risk Management Guidance.” The 2013 Bulletin sets forth the OCC’s expectation for banks’ due diligence and ongoing monitoring of third-party service providers, including enhanced diligence and monitoring for third parties that support critical activities. While the FAQs affirm this guidance, they provide substantial flexibility for banks to right-size their approach to third-party risk management, including with respect to banks’ financial technology partnerships. This alert highlights key aspects of the FAQs.
Read our client alert.