Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.
Financial Institution Letter

Proposed Interagency Guidance on Third-Party Relationships: Risk Management

Summary:

The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) are seeking comment on proposed guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework of sound risk management principles to assist banking organizations in managing third-party relationships, and promotes compliance with all applicable laws and regulations, including those related to consumer protection. The proposed guidance takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. The proposed guidance would replace each agency’s existing guidance on this topic and would be directed to all banking organizations supervised by the agencies.

A copy of the Guidance can be found on the FDIC’s website.

Statement of Applicability: This Financial Institution Letter applies to all FDIC-supervised institutions.

Highlights:

  • The agencies are publishing for comment proposed guidance on managing risks associated with third-party relationships.
  • The proposed guidance offers a framework based on sound risk management principles for banking organizations to consider in developing risk management practices throughout the life cycle of third-party relationships, including planning to manage the relationship and its risks, due diligence and third-party selection, contract negotiation, oversight and accountability, ongoing monitoring, and termination.
  • The proposed guidance also offers a framework that takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship, and promotes compliance with applicable laws and regulations, including those related to consumer protection.
  • The proposed guidance also discusses supervisory reviews of third-party relationships.
  • After consideration of the comments received and the guidance is adopted by the Agencies in final form, the guidance would replace the FDIC’s Guidance for Managing Third-Party Risk and the FDIC would rescind FIL 44-2008 (June 6, 2008).
  • Comments will be accepted for 60 days after publication in the Federal Register.

Suggested Distribution:

FDIC-Supervised Institutions

Suggested Routing:

Board of Directors 
Chief Executive Officer 
Chief Financial Officer 
Chief Risk Officer 
Chief Compliance Officer

FIL-50-2021
Attachment(s)

Last Updated: July 13, 2021