Banks Must Ensure Third Parties Comply With Regulations

The Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29 that requires banks to ensure their third parties comply with regulations by assessing and managing the risks associated with their third-party relationships. Third party risks should be managed throughout the relationship lifecycle including: planning, due diligence, contracting, ongoing monitoring and termination. The OCC expects an inventory of all third-party relationships and the risks posed by those relationships.

OCC Bulletin 2017-7 supplements Bulletin 2013-29 with new examination procedures that broaden the definition of third party. The new guidance details that banks should assess and rate all third parties and identify those that:

  • Involve critical activities
  • Use subcontractors (fourth parties)
  • Are affiliates
  • Are with foreign-based entities
  • Are with domestic-based entities that engage in foreign transactions
  • Store bank data


In addition, there should be regular reports to the board and senior management on the results of internal risk control testing, ongoing monitoring and independent reviews of the bank’s third-party risk management process.

Compliance Made Easy

Hiperos 3PM helps financial institutions simplify and streamline third party risk management by automating the identification, investigation, reporting and monitoring of third party risks so they are managed in accordance with OCC guidelines. Learn more