Tag: Federal Reserve

  • Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Background  In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM).  According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.”  In June of…

  • Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Hey Guru! Management is asking why we have to complete the FFIEC Cybersecurity Assessment Tool when it is voluntary. They feel it is too much work if it is not mandatory. I think it is still needed even though it is voluntary. Is there any documentation as to why it is still necessary for OCC…

  • FDIC Re-issues Service Provider Guidance

    Originally released in 2001, the FDIC recently re-issued 3 publications related to managing outsourced relationships: Effective Practices for Selecting a Service Provider Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements Techniques for Managing Multiple Service Providers What struck me about this re-release, and the fact that they were released without modification of any…

  • Ask the Guru: Vendor vs. Service Provider

    Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider.  His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them.  He suggested that we should be focused instead only on those few…

  • Material Loss Reviews: Does responsibility = liability?

    I asked in my previous post whether or not the regulators should share any of the blame when institutions fail, and if so, should they shoulder any of the liability?  The thought occurred to me as I was reviewing some recent Material Loss Reviews. A Material Loss Review (MLR)  is a post-mortum written by the…

  • FDIC can now step in regardless of primary regulator (part 2)

    Further to the previous post, the memorandum requires the FDIC opinion to prevail in the event that an institutions’ PFR (primary federal regulator) CAMELS rating differs from the FDIC: If the FDIC’s CAMELS ratings for an institution differ from a PFR’s assigned ratings, the FDIC is required to provide the PFR with an explanation of…