(Sept. 10, 2021) Banks have more time to comment on proposed guidance to help them manage third-party risk, with a new deadline of Oct. 18, the federal banking agencies said this week. The agencies said the extension for the comment period – originally set to end Sept. 17 – was adopted to allow more time for individuals to analyze issues and prepare their comments. The proposed joint guidance was issued July 13; it is based on 2013 guidance from the Office of the Comptroller of the Currency (OCC). The latest guidance also covers arrangements between banks and financial technology (fintech) firms. NCUA did not join in proposing the guidance … An information and communications technology (ICT) supply chain risk management fact sheet has been posted on the NASCUS website, to help the state system raise awareness of risks to supply chains and help reinforce an overall national culture of security. The fact sheet was developed by the federal Cybersecurity and Infrastructure Security Agency (CISA) develop strategies for mitigating and addressing supply chain risks
LINKS:
Agencies Extend Comment Period on Proposed Risk Management Guidance for Third-Party Relationships
ICT Supply Chain Risk Management Fact Sheet
(July 23, 2021) Comments are due to federal banking regulators Sept. 17 about proposed guidance on third-party risk management at banks – including that related to deals with financial technology (fintech) firms – issued by the federal banking agencies.
The joint announcement and guidance came as a surprise after the three agencies had historically issued separate rule-making on third party risk.
Under the proposal, announced July 13 and based on 2013 guidance issued by the OCC, financial institutions are offered a framework for what the agencies say is “based on sound risk management principles for banking organizations to consider in developing risk management practices for all stages in the life cycle of third-party relationships that takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship.”
The guidance also underscores that banks that outsource services or operational functions remain responsible for ensuring those activities are conducted “in a safe and sound manner and in compliance with all applicable laws and regulations, including consumer protection laws.”
The agencies said the proposed guidance also responds to industry feedback requesting alignment among the agencies with respect to third-party risk management guidance.
LINK: