On October 30 2013, the Office of the Comptroller of the Currency (OCC) issued OCC Bulletin 2013-29 on Third Party Relationships. The Bulletin reminds banks that "use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws."
While the OCC understands the need for banks to utilize third parties to extend their product offerings and control costs, they are concerned by the risks that third parties can present if not appropriately managed and monitored.
Banks must now have documented processes in place to manage third party risk throughout the entire lifecycle of the relationship based upon policies that have been approved by their Board. The OCC refers to this as a “continuous life cycle” and specifies requirements through five stages: planning; due diligence and third-party selection; contract negotiation; ongoing monitoring; termination.
A turn-key solution that can be modified to address a company’s specific requirements, Hiperos OCC provides:
Initial Third Party Assessment
- A prescriptive risk assessment for board and management oversight of material risk.
- A screening program that identifies the level of due diligence required by third parties.
- Best practice templates that can be customized to meet customers’ specific requirements.
Due Diligence Risk Assessments
- Consistent and objective risk ranking and scoring of third parties, enabling participation across multiple lines of business.
- Automated conditionality questions, based on scoring.
- A comprehensive due-diligence evaluation that acquires and maintains policy and procedure documentation from third parties.
- Ensure that contracts appropriately address risk and the bank’s requirements to manage that risk.
Ongoing Compliance Monitoring and Controls
- Appropriate programs to measure and manage ongoing risk and performance.
Flexible Training Options
- Deploy training to your third parties in accordance with your specific compliance program.
- Selectively administer and manage training to internal and external associates.
- Automate the collection and management of attestations.
Scorecards and Reporting
- Fully integrated scorecards, dashboards, reports and analytics to support the requirements of internal lines of business, management and Board members, as well as OCC examiners.