Tag: OCC

  • Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Background  In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM).  According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.”  In June of…

  • Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Hey Guru! Management is asking why we have to complete the FFIEC Cybersecurity Assessment Tool when it is voluntary. They feel it is too much work if it is not mandatory. I think it is still needed even though it is voluntary. Is there any documentation as to why it is still necessary for OCC…

  • Guru Briefs – OCC on Cybersecurity & MRA’s, FFIEC on Cybersecurity Assessments

    (NOTE:  Guru Briefs are short takes on recently released regulatory activity. They are not a detailed analysis, but designed to draw attention to the Guru’s initial impressions.) In this edition: The OCC has been particularly active on the regulatory front lately, and even non-OCC institutions may want to pay attention, as the head of the OCC…

  • FDIC Re-issues Service Provider Guidance

    Originally released in 2001, the FDIC recently re-issued 3 publications related to managing outsourced relationships: Effective Practices for Selecting a Service Provider Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements Techniques for Managing Multiple Service Providers What struck me about this re-release, and the fact that they were released without modification of any…

  • The OCC Sets a New Standard for Vendor Management…

    …but will it become the new standard for institutions with other regulators?  UPDATE – The answer is yes, at least for the Federal Reserve.  Readers of this blog know that I’ve been predicting an increase in vendor management program scrutiny since early 2010.  And although the FFIEC has been very active in this area, issuing…

  • “Operational Risk Increasing”

    In a recent speech to the Exchequer Club1, Thomas J. Curry, the new head of the OCC, stated that although asset quality has improved, charge-off rates have fallen, and capital now stands at its highest level in a decade, another type of risk is gaining increasing prominence; Operational Risk. “Some of our most seasoned supervisors,…