This question could prompt a different response based on the person you ask within the organization. You may be told that the process is managed by the information security officer, vendor management, board of directors, or everyone. You may even hear that third-party risk management and oversight will be reviewed during your safety and soundness examination. While all these statements may be true, your compliance management program also plays an important role in third-party risk management. You may want to ask yourself, is compliance considered in third-party oversight?
An effective compliance management program should consider all the risks associated if there is a reliance on third-party services or providers. The compliance department can support this by documenting the initial due diligence process, demonstrating that the board and management know the compliance risks. In addition, the compliance department can be a resource during ongoing due diligence reviews by identifying any potential concerns through routine compliance monitoring and customer complaint management. Does your complaint management process include your third parties? Remember, if your service provider fails to comply with laws, regulations, and guidance, your organization may be subject to regulatory violations, civil money penalties, and reputational risk.
The FDIC’s March 2024 Consumer Compliance Supervisory Highlights provides examples of how deficiencies in the oversight of third-party relationships can lead to regulatory violations. What can you learn from these examples? What can you do now to proactively address any concerns in your organization? On May 3, 2024, the Board of Governors of the Federal Reserve System, FDIC, and Office of the Comptroller of the Currency issued Third-Party Risk Management: A Guide for Community Banks, as a resource to help community banks develop and implement their third-party risk management programs, policies, and practices.
Do you still have questions? Join us September 9–12 for our 2024 Regulatory Compliance Conference in Destin/Miramar Beach, Florida, where we will describe more about third-party risk management and many other trending deposit, lending, Bank Secrecy Act/anti-money laundering (BSA/AML), and compliance risk management topics of relevance to you!
If you have any questions or need assistance, please reach out to a professional at Forvis Mazars.