Interagency Guidance for Managing Third-Party Risk

This document is a guide that outlines the finalized interagency guidance from the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC) regarding the management of third-party risk in the financial sector. It emphasizes the necessity for banking organizations to implement a comprehensive third-party risk management (TPRM) framework that encompasses the entire lifecycle of third-party relationships. The guidance is directed at all banking organizations supervised by the Agencies and replaces all previously issued guidance. It details various stages of third-party risk management, including Planning, Due Diligence and Third-Party Selection, Contract Negotiation, Ongoing Monitoring, and Termination. Each stage requires careful consideration of factors such as cost, customer impact, regulatory compliance, and incident management. The document aims to standardize approaches to managing third-party relationships and mitigate risks associated with these partnerships.