Having reviewed in detail the expectations for supervisory reviews contained in the recent guidance, we turn now to best practices banking organizations should consider as they prepare for the reviews by the three agencies. These practices include the following core practices:
- When designing documentation and reporting frameworks, banking organizations should consider regulatory agencies and the intended audience. Each deliverable should effectively address a component of the interagency third-party risk management objectives.
- Banking organizations should familiarize their boards with the applicable agency rating system and explain how supervisory findings impact the bank’s risk profile.
- Banking organizations must collaborate with third-party partners to prepare for supervisory reviews. This often involves educating regulators about the products and services offered in connection with each partnership, as well as any associated risks and rewards to markets and consumers.
It is important that banking organizations keep their third-party partners informed of supervisory reviews and findings, and ensure they are prepared to cooperate in resolving any identified issues. Additionally, they must ensure their third parties maintain appropriate tracking and documentation as evidence of remediation activities that address any supervisory findings.
In our next post, we will examine the expectations for oversight and accountability of the third-party risk management process.