On June 7, 2017, the Office of the Comptroller of the Currency (“OCC”) issued frequently asked questions (“FAQs”) that supplement the OCC’s 2013 guidance entitled “Third-Party Relationships: Risk Management Guidance” (“2013 Bulletin”). The 2013 Bulletin sets forth the OCC’s expectation for banks’ due diligence and ongoing monitoring of third-party service providers, including enhanced diligence and monitoring for third parties that support critical activities. While the FAQs affirm this guidance, they provide substantial flexibility for banks to right-size their approach to third-party risk management, including with respect to banks’ financial technology (“fintech”) partnerships. This alert highlights key aspects of the FAQs.
Read our client alert.