Latest Report: The 2022 Gartner® Market Guide for IT Vendor Risk Management Solutions
Editor’s Note: In this week’s edition of our blog series, Third-Party Risk Management: How to Stay Off the Regulatory Radar, we take a look at the Office of the Comptroller of the Currency (OCC) Bulletins 2013-29, 2017-07, and 2017-21 relating to Third-Party Relationships. Please be sure to review all the blogs in this series for additional third-party risk management guidance, and download the white paper for a complete examination of requirements.
The Office of the Comptroller of the Currency (OCC), part of the US Department of the Treasury, charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks. With the power to enforce the regulations it issues with examinations – including taking actions against banks that do not comply with laws and regulations – it is imperative that all financial services-related organizations be familiar with its risk management requirements.
This blog summarizes the specific third-party risk management requirements noted in the following OCC Bulletins:
These bulletins highlight the need for an effective risk management process throughout the lifecycle of the third-party relationship, including the need to assess, continuously monitor, and provide adequate documentation and reporting to facilitate oversight and accountability.
For the purposes of this blog, we have summarized select OCC requirements and identified Prevalent Third-Party Risk Management Platform capabilities that demonstrate the breadth and value you can gain from our complete TPRM platform. For a complete listing of the OCC requirements and how Prevalent capabilities map directly into them, please be sure to download the white paper, The Third-Party Risk Management Risk Management Compliance Handbook.
According to the OCC Bulletin 2013-29, an effective third-party risk management process includes:
Navigate the TPRM Compliance Landscape
The Third-Party Risk Management Compliance Handbook reveals TPRM requirements in key regulations and industry frameworks, so you can achieve compliance while mitigating vendor risk.
Prevalent’s Third-Party Risk Management Platform enables national banks, federal savings associations, and technology service providers to fulfill these requirements across the entire vendor ecosystem. Delivered in the simplicity of the cloud, the Prevalent platform combines automated vendor assessments, continuous threat monitoring, assessment workflow, and remediation management across the entire vendor life cycle.
Having strong Information Security and Systems Management policies, as well as measuring and monitoring risk associated with being out of compliance, is part of the Third-Party Risk Management Lifecycle. This requires a complete internal view of the controls in place, as well as continuous monitoring of all third parties; something that cannot be addressed with a simple external automated scan. Trust Prevalent’s Third-Party Risk Management platform to help address OCC Bulletins 2013-29, 2017-07, and 2017-21.
For a complete listing of the OCC requirements and how Prevalent capabilities map directly into them, please be sure to download the white paper, The Third-Party Risk Management Risk Management Compliance Handbook.
Here are best practices for aligning with proposed requirements from the U.S. Federal Reserve System, U.S...
MAS has established detailed requirements for managing third-party outsourcing and non-outsourcing relationships. Read how you can...
NYDFS 23 NYCRR 500 is designed to protect the confidentiality, integrity and availability of financial services...