Skip to content

OCC Lists Third Party Risk Management as a Regulatory Focus for 2022

On October 15, 2021, the OCC released its 2022 Bank Supervision Operating Plan that instructed OCC examiners to determine whether banks are providing oversight of their significant third party relationships.

In relevant part, the OCC’s Bank Supervisions Operating Plan for 2022 says: “Third parties and related concentrations: Examiners should determine whether banks are providing proper oversight of their significant third-party relationships, including partnerships. Examiners should identify where those relationships are critical to bank operations and understand whether they represent significant concentrations or impact resiliency. Examiners should also be aware of the cyber-related risks emanating from third parties and evaluate the bank assessments of the third party’s cybersecurity risk management and resilience capabilities.”

It was no surprise that the OCC set a regulatory priority around think party risk management. In January, the OCC, Fed, and FDIC released proposed regulations require third parties give immediate notice of qualifying business disruptions and cybersecurity events.  https://www.federalregister.gov/documents/2021/01/12/2020-28498/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank. Then in October, the OCC, Fed, and FDIC released proposed guidance that updates regulators’ advice and expectations when banks contract with third party service providers to provide products and services to banks and indirectly to banks’ customers. https://www.federalregister.gov/documents/2021/07/19/2021-15308/proposed-interagency-guidance-on-third-party-relationships-risk-management

“The regulators have built the case that banks should understand and mitigate the risks of outsourcing. They are in the midst of communicating their expectations of how banks should deal with these risks and will back those expectations with examinations around these important issues, ” said Jim Freis, Chairman and Chief Strategy Officer of CRINDATA. 

About Jim Freis:

Jim has devoted his career to promoting the integrity of the global financial markets.  He is best known in the United States as the longest-serving Director (2007 to 2012) of the United States Treasury Department’s Financial Crimes Enforcement Network (FinCEN), overseeing regulations covering the broadest range of financial institutions in coordination with their primary licensing authorities, and for applying data-driven efforts to combat fraud exposed through the Global Financial Crisis. After FinCEN, Jim was based in Frankfurt, Germany with the Deutsche Börse Group, Europe’s largest provider of systemically significant financial market infrastructures, responsible for overseeing compliance and relations with global regulators including in the implementation of a holistic internal control system approach among Risk, Compliance, Information Security and Outsourcing oversight functions.  

About CRINDATA:

CRINDATA, LLC (www.CRINDATA.com) offers unique cloud-based solutions to financial institutions who must actively manage their critical third-party relationships (including their indirect relationships with subcontractors) and must prepare for and mitigate business disruptions management and cybersecurity events originating anywhere in the chain of service providers and subcontractors. Concurrently, CRINDATA helps third party service providers like core systems, payments providers, transaction motoring solutions, banker’s banks, and corporate credit unions, by substantially simplifying the due diligence interactions with financial service companies and by providing a complaint, common platform to manage business disruptions and cybersecurity events when they occur. 

Reach CRINDATA at info@crindata.com

202.990.6990

Privacy Overview
crindata

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. Visit our Privacy Policy for more information.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Our cookie policy requires that you permit “Strictly Necessary” cookies in order to access this site. If you choose to disable this setting then we suggest you close this browser window.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.