Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Similar documents
GUIDANCE FOR MANAGING THIRD-PARTY RISK

Any business relationship between a bank and another entity, by contract or otherwise

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

Information Technology

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

Putting the Management Back in Vendor Management February 20, 2014

Payment Processor Relationships Revised Guidance

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Regulatory Examination Process

Credit Union Liability with Third-Party Processors

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

Vendor Risk Management in the New Regulatory Environment. kpmg.com

COMPLIANCE MANAGEMENT SYSTEM

IV. CREDIT CARD PROGRAM DEVELOPMENT

Vendor Management Best Practices

Are your business partners watching your back when you are watching your front?

ACH and Third Party Payment Processors

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT

FDIC Updates Guidance on Payment Processor Relationships

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1

Consumer Affairs Laws Section 1380 and Regulations

Vendor Management. Outsourcing Technology Services

Vendor Management Best Practices

FinTech Webinar Series: Vendor Management Principles

Federal Reserve System. Framework for Risk-Focused Supervision of Large Complex Institutions

9/13/ /20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose

Third-Party Risk Management: Busting Myths and Telling Truths

Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.

Information Technology Risk

OCC BULLETIN OCC

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

Key learning points I

COMMENTARY. occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products JONES DAY

BOARD OF GOVERNORS FEDERAL RESERVE SYSTEM

NCUA LETTER TO CREDIT UNIONS

The Other Side of CFPB Compliance

Third Party Payment Processors Job Aid

White Paper on Financial Institution Vendor Management

The New Third-Party Oversight Framework: Trust but Verify kpmg.com

Wolfsberg Anti-Money Laundering Principles for Correspondent Banking

Third Party Relationships

VENDOR MANAGEMENT. General Overview

FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings

Vendor Risk Management (VRM), How Much Is Enough?

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

State Farm Bank, F.S.B.

Regulatory Practice Letter December 2012 RPL 12-24

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Ali Chalak, Manager. Top 10 Audit Findings

As of July 1, Risk Management and Administration

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures

Application for Status as a Registered Bank:

NCUA LETTER TO CREDIT UNIONS

Solvency II Detailed guidance notes

Instructions for Completing the Information Technology Officer s Questionnaire

Vendor Management Compliance Top 10 Things Regulators Expect

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

THIRD-PARTY RISK: HOW TO BETTER UTILIZE ENERGY VENDOR AUDITS 8/25/2015. August 27, 2015

6/8/2016 OVERVIEW. Page 1 of 9

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

OCC 98-3 OCC BULLETIN

September 26, 2002 Audit Report No Statistical CAMELS Offsite Rating Review Program for FDIC-Supervised Banks

FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL. Docket No. FFIEC Uniform Interagency Consumer Compliance Rating System

Are You Ready for the New Foreclosure Processing Regulations?

THIRD PARTY PAYMENT PROVIDERS

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Corporate Governance of Banks: A Credit Rating Agency s Approach. presented by Janet Holmes

Community Bank Risk-Focused Consumer Compliance Supervision Program

XIV. CREDIT CARD ISSUING RENT-A-BINS

Section 10: Fair Credit Reporting Act (FCRA) Policy

Anti-Money Laundering

Internal and External Audits Table of Contents

Risk Management Programme Guidelines

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

Risk Management of Remote Deposit Capture

To: Our Clients and Friends March 25, 2014

Guidance Note GGN Insurance Risk

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Compliance Management Series: Performing an Effective Risk Assessment

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT

Sample Financial institution Risk Management Policy 2011

on Asset Management Management

Supporting Statement for the. (Proprietary Trading and Certain Interests in and Relationships with Covered Funds) (Reg VV; OMB No.

How To Audit A Company

Supervisory Letter. Current Risks in Business Lending and Sound Risk Management Practices

Pillar 3 Disclosures:

14 December 2006 GUIDELINES ON OUTSOURCING

Outsourcing Technology Services A Management Decision

INFORMATION TECHNOLOGY OFFICER S QUESTIONNAIRE. Instructions for Completing the Information Technology Examination Officer s Questionnaire

Large Bank Supervision

Executive Fraud Forum October 30, 2013

Staff Consultation Paper No The Auditor s Use of the Work of Specialists

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Risks and Precautions with Title Lending

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

Revised May Corporate Governance Guideline

Transcription:

Third-Party Risk

Board Responsibility The Board of Directors and senior management are ultimately responsible for managing activities conducted through third-party relationships as if the activity were handled within the institution. A bank can outsource a task, but it cannot outsource the responsibility. Financial Institution Letter 44-2008 Guidance for Managing Third-Party Risk

Scope of Discussion Definitions Common Third-Party Relationships Potential Risks Arising from Third-Party Relationships Risk Management Process FDIC Review of Third-Party Relationships

Definitions Third Party is broadly defined to include all entities that have entered into a business relationship with the financial institution, whether the third party is a bank or a nonbank, affiliated or not affiliated, regulated or non-regulated, or domestic or foreign. Third-Party Risk the potential risk that arises from financial institutions relying upon outside parties to perform services or activities on their behalf.

Common Third-Party Relationships Parties that: Perform functions on a bank s behalf. Provide access to products and services. Market processes and activities for which the bank has particular capacities and competencies. Use the bank s charter or legal powers. Perform monitoring or audit functions.

Third-Party Relationship Considerations Third-Party Relationships: Can aid management in attaining strategic objectives by increasing revenues, reducing costs, or expanding the customer base. Can enhance competitiveness, provide diversification, and strengthen the safety and soundness and compliance management system. May reduce management s direct control and can present risks if not properly managed.

Potential Risks Arising from Third-Party Relationships Strategic Other Reputation Third-Party Relationships Compliance Operational Credit Transaction

Strategic Risk Strategic Adverse business decisions. Other Third-Party Relationships Reputation Appropriate business decisions not properly implemented. Compliance Operational Credit Transaction

Reputation Risk Other Compliance Strategic Third-Party Relationships Reputation Operational Negative public opinion. Negative publicity involving the third party, whether or not the publicity is related to the institution s use of the third party. Credit Transaction

Operational Risk Other Strategic Third-Party Relationships Reputation The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events. Compliance Operational Credit Transaction

Transaction Risk Strategic Problems with service or product delivery. Other Compliance Third-Party Relationships Reputation Operational A third party s failure to perform as expected adversely impacting customers or the institution. Credit Transaction

Credit Risk Other Compliance Credit Strategic Third-Party Relationships Transaction Reputation Operational The inability of a third party to meet the terms of the contractual arrangements or financially perform as agreed. Use of third parties that market or originate certain types of loans, conduct underwriting analysis, or set up other products/programs for the institution.

Compliance Risk Other Compliance Credit Strategic Third-Party Relationships Transaction Reputation Operational Arises from violations of laws, or regulations, or from noncompliance with internal policies, procedures, or business standards. Increases when an institution has inadequate oversight, monitoring, or audit functions over third-party relationships.

Other Risks Other Compliance Strategic Third-Party Relationships Reputation Operational Includes: Liquidity Interest rate Price Foreign currency Country Legal Credit Transaction

Managing Third-Party Risks Four Elements Risk Assessment Due Diligence Risk Management Process Oversight Contract Structuring and Review

Risk Assessment Risk Assessment Oversight Risk Management Process Due Diligence Risk Management Process Contract Structuring and Review Ensure the proposed relationship is consistent with the overall business strategy. Conduct Cost/Benefit analysis. Ensure management has the knowledge and expertise to provide adequate oversight. Estimate the long-term financial effect of the proposed relationship.

Due Diligence Risk Assessment Risk Management Process Due Diligence Determine scope and depth of due diligence in relation to the importance and magnitude of the relationship. Review qualitative and quantitative aspects. Oversight Contract Structuring and Review

Managing Third-Party Risks Four Elements Risk Assessment Due Diligence Risk Management Process Oversight Contract Structuring and Review

Contract Structuring and Review Risk Assessment Oversight Risk Management Process Due Diligence Contract Structuring and Review Prior to Entering into the Contract: Ensure expectations and obligations of both parties are properly outlined in a written contract. Obtain Board approval. Ensure appropriate legal counsel reviews significant contracts.

Managing Third-Party Risks Four Elements Risk Assessment Due Diligence Risk Management Process Oversight Contract Structuring and Review

Oversight Risk Assessment Oversight Risk Management Process Due Diligence Contract Structuring and Review The Board must: Establish an oversight program and define management responsibilities related to verifying compliance with contracts, regulations, and internal policies and procedures. Approve and review at least annually significant third-party arrangements and oversight program performance.

FDIC Review of Third-Party Relationships Examination Procedures Risk Management Examinations Specialty Examinations Compliance Examinations Report of Examination Treatment Examination Ratings (CAMELS, Compliance, CRA, etc.) Applicable comments and recommendations Corrective Actions Formal Actions Informal Actions Other

Action Items Action Items for the Board: Require management to maintain an updated list of all third-party relationships and review the list periodically. Be involved in the risk management process for significant or complex third-party relationships. Take appropriate action with any relationship that presents elevated risk. You can outsource a task, but you cannot outsource responsibility.

Resources FIL-44-2008 entitled, Third-Party Risk: Guidance for Managing Third-Party Risk (June 6, 2008) Supervisory Insights Article, Third-Party Arrangements: Elevating Risk Awareness (Summer 2007) FIL-127-2008 entitled, Guidance on Payment Processing Relationships (November 7, 2008) FIL-3-2012 entitled, Payment Processor Relationships Revised Guidance (January 31, 2012) Supervisory Insights Article, Managing Risk in Third-Party Payment Processing Relationships (Summer 2011) Website: www.fdic.gov Mailbox: supervision@fdic.gov

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information