In 2013, the office of the Comptroller of the Currency issued an updated third-party risk management guideline for national banks and federal savings associations. The update, known as OCC Bulletin 2013-29, outlines the key steps banks and FSAs must take with their supply chains to protect consumers and being in compliance with the federal government.
The Office of the Comptroller of the Currency (OCC) is responsible for supervising national banks and federal savings associations to ensure that they are in compliance with the law. The OCC's authority lies mainly in safeguarding national bank systems and savings associations, encouraging bank competitiveness in the market, improving regulatory matters, and ensuring fairness in these areas for Americans.
Bulletin 2013-29 was developed by the OCC due to the increasing complexity of third-party relationships. When a bank employs a third party, they are responsible for ensuring the supplier is in compliance and adhering to proper risk management protocols. In recent years, the quality of risk management over these third-party suppliers had decreased. In fact, the OCC Bulletin 2013-29 identified particular instances where banks failed to manage their suppliers properly.
- Failing to fully understand the risks and costs of third-party relationships
- Failing to perform thorough examination and ongoing monitoring of third parties
- Failing to assess third-party supplier's risk management policies before entering contract
- Failing to enter into formal contracts with third-party vendors
- Failing to enter into ethical contracts, and instead encouraging third parties to take risks that improve the bank's profits, but were detrimental to its customers
OCC Bulletin 2013-29 outlines key stages within the risk management lifecycle that all banks should include in their risk manangement review and processes. In cases of violation, the OCC fines the bank and can refund the customers. Beyond financial implications, the welfare and reputation of your banking operation are at stake. Learn More about OCC 2013-29 Compliance