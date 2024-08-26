Throughout the last 18 months, regulators have stepped up their focus, issuing detailed guidance and several consent orders and on third-party risk management.

In June 2023, The Office of the Comptroller of the Currency (OCC), Federal Reserve Board, and the Federal Deposit Insurance Corporation (FDIC) released interagency guidance on third-party risk management for financial institutions. This guidance is to be used as a roadmap that lays the foundation of regulatory expectations. It aims to effectively manage risks associated with their third-party relationships and best practices.

Less than a year later, the OCC issued a consent order against a south Atlantic regional bank after identifying weaknesses in its third-party risk management program.

The FDIC determined a northeast fintech engaged in unsafe and unsound banking practices. It issued a consent order relating to, among other things, the bank’s failure to have internal controls and information systems appropriate for its size. The order also addressed the nature, scope, complexity and risk of its third-party relationships.

The FDIC also issued a consent order instructing a midwestern regional bank to develop appropriate policies and procedures for third-party risk management. It also called for the improvement of due diligence and monitoring of third parties who complete anti-money laundering (AML) and countering the financing of terrorism (CFT) responsibilities.