Thursday, July 18 2024

The US Federal Reserve, Treasury Department’s Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation, are seeking public comment on their jointly proposed guidance on third-party risk management.

The guidance comes as competition, innovation in the banking industry, and technological advancements have increased banking organizations’ reliance on third parties for products, services, and activities such as bank processing, information technology services, accounting, and compliance. The heightened use of third party vendors invites complexity in managing consumer compliance risks. The proposal aims to help banking organizations identify and address risks regarding consumer protection, information security, and other operational risks.

In order to eliminate inconsistencies in supervisory expectations for third-party risk management across the three agencies, the proposed guidance will help establish a single, harmonized framework for assessing banking organizations’ third party risk management, which will be based largely on the OCC’s 2013 guidance and the agency’s 2020 FAQ supplement.

Similar to the OCC’s earlier guidance, the proposed guidance would establish principles for risk management in each stage of a third-party relationship life cycle: planning for the relationship and associated risks, due diligence and third-party selection, contract negotiation, oversight and accountability, ongoing monitoring, and termination of the relationship.

Banking Regulators Release Proposed Guidance on Third-Party Risk

Public comments on the proposed guidance must be submitted to either of the three agencies no later than 60 days after the date it is published in the federal register.

Previous

Rapid7 Acquires IntSights for $335 Million

Next

US, UK, and EU Blame China for MS Server Attacks

Check Also

Widget

Don’t Miss

Sevco Security Platform Product Review

Ellie Buscemi

What is the Sevco Security Platform? The Sevco Security Platform is a cyber asset attack service management (CAASM) product that focuses on aggregating and correlating data from across a company’s cybersecurity infrastructure to give cybersecurity professionals a better sense of what the company’s infrastructure looks like as a whole. The platform’s sources include a company’s […]

Cyber Deals: Huntress, Cyberhaven, and SpyCloud

CISOstack

Cybersecurity Surge: Top Funding Rounds and Strategic Acquisitions Fuel Growth in AI, Cloud Security, and Threat Prevention Solutions

Fidelis Elevate: A Deep Dive

Ellie Buscemi

What is Fidelis Elevate? Fidelis Elevate is an open extended detection and response (open XDR) solution focusing on network protection, endpoint security, and cyber attacker deception. The platform aims to protect various elements of a company’s infrastructure, such as devices and servers while tracking suspicious behavior and preventing access to cyber criminals. What features does […]

Partially closed laptop screen

Best Extended Detection and Response (XDR) Solutions

Lara Oporto

What is Extended Detection and Response and how does it work? Extended Detection and Response (XDR) is a cybersecurity system that gathers information from different places like computers, networks and emails. Unlike other security tools that focus on one area like computers or networks, XDR looks at everything together. The comprehensive approach helps to find […]

Close up of computer chip

Best Managed Detection and Response (MDR) Solutions

Lara Oporto

What is Managed Detection and Response? Managed Detection and Response (MDR) is a cybersecurity service that provides continuous monitoring, threat detection and incident response capabilities. MDR achieves these capabilities through the deployment of advanced technologies such as machine learning and behavioral analytics as well as analysis from security professionals. MDR is a cybersecurity service that […]

Best Hyperconverged Infrastructure Software

Ellie Buscemi

What is Hyperconverged Infrastructure and how does it work? Hyperconverged infrastructure (HCI) is a software that provides computing, storage and network operations for a company from a single point on a company’s hardware. Originally, computing, storage and network operations were divided in a company’s hardware infrastructure and potentially provided by separate vendors with different management […]