Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011.

Published byMarilyn Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011."— Presentation transcript:

1 MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011

2 2 Introduction Dan Frye, Acting Regional Director Dan Frye, Acting Regional Director Guidance on Managing Third Party Risk Guidance on Managing Third Party Risk June 6, 2008 (FIL-44-2008) Guidance on Payment Processor Relationships November 7, 2008 (FIL-127-2008) Guidance on Payment Processor Relationships November 7, 2008 (FIL-127-2008) PowerPoint PowerPoint E-Mail: NYCalls@fdic.gov E-Mail: NYCalls@fdic.gov Presenters Presenters Sherry Antonellis, Senior Review Examiner - Compliance Sherry Antonellis, Senior Review Examiner - Compliance Colleen Marano, Supervisory Examiner - Risk Colleen Marano, Supervisory Examiner - Risk

3 3 Agenda I.Background II.Potential Risks Arising from Third-Party Relationships III.Risk Management Process IV.Bank Services Company Act V.FDIC Supervision of Third-Party Relationships VI.Questions VII.Closing Remarks

4 4 I. Background Third-Party Relationships Defined Third-Party Relationships Defined Common Third-Party Relationships Common Third-Party Relationships

5 5 Third Party Defined Definition – “third party” is broadly defined to include all entities that have entered into a business relationship with the financial institution, regardless if the third party is a bank or a nonbank, affiliated or not affiliated, regulated or non-regulated, domestic or foreign.

6 6 Common Third Party Relationships Parties that perform functions on a bank’s behalf. Parties that perform functions on a bank’s behalf. Parties that provide access to products and services outside of the bank. Parties that provide access to products and services outside of the bank. Parties that market processes and activities for which the bank has particular capacities and competencies. Parties that market processes and activities for which the bank has particular capacities and competencies. Parties that use the bank’s charter or legal powers. Parties that use the bank’s charter or legal powers. Parties that perform monitoring or audit functions for the bank. Parties that perform monitoring or audit functions for the bank.

7 7 II. Potential Risks Arising From Third Party Relationships Strategic Strategic Reputation Reputation Transaction Transaction Operational Operational Credit Credit Liquidity Liquidity Compliance Compliance Legal Legal

8 8 III. Risk Management Process Four Elements of Risk Management A.Risk Assessment B.Due Diligence C.Contracting D.Oversight

9 9 A. Risk Assessment Strategic Fit Strategic Fit Cost/Benefit Cost/Benefit Dollars and Risk/Reward Dollars and Risk/Reward Management Capability Management Capability Long-Term vs. Short-Term Long-Term vs. Short-Term Key: Adequately assess, measure, control, and monitor risk associated with the relationship.

10 10 B. Due Diligence Process should include qualitative and quantitative review to determine if the relationship achieves strategic and financial goals Process should include qualitative and quantitative review to determine if the relationship achieves strategic and financial goals Scope and Depth should be directly related to the importance and magnitude of the relationship Scope and Depth should be directly related to the importance and magnitude of the relationship

11 11 C. Contract Structuring and Review Scope Scope Cost/Compensation Cost/Compensation Performance Standards Performance Standards Reports Reports Audit Audit Confidentiality & Security Confidentiality & Security

12 12 C. Contract Structuring and Review Customer Complaints Customer Complaints Business Resumption & Contingency Plans Business Resumption & Contingency Plans Default & Termination Default & Termination Ownership and License Ownership and License Indemnification Indemnification Limits on Liability Limits on Liability

13 13 D. Oversight Management needs to monitor third party and the activity – Bottom line - Is the relationship working as planned? Management needs to monitor third party and the activity – Bottom line - Is the relationship working as planned? Third Party’s financial condition Third Party’s financial condition Adequacy and adherence to policies relating to internal controls and security issues Adequacy and adherence to policies relating to internal controls and security issues Compliance with laws and regulations Compliance with laws and regulations Response to bank’s requests Response to bank’s requests Report the results of monitoring to the Board. Report the results of monitoring to the Board.

14 14 IV. Bank Services Company Act Primary Federal Regulator Notification Primary Federal Regulator Notification Third Party Relationships involving: Third Party Relationships involving: Check or deposit item processing Core processing Preparation and mailing of checks, statements, notices, etc. Any other clerical, bookkeeping, accounting, statistical, or similar functions

15 15 V. FDIC Supervision of Third-Party Relationships Board and Management Responsibility Board and Management Responsibility When things go wrong….. When things go wrong….. Examination Procedures Examination Procedures Report of Examination Treatment Report of Examination Treatment Corrective Action Corrective Action

16 16 VI. Questions and Answers Thank you!

17 17 Resources FIL-44-2008 Guidance for Managing Third-Party Risk FIL-44-2008 Guidance for Managing Third-Party Risk FIL-127-2008 Guidance on Payment Processor Relationships FIL-127-2008 Guidance on Payment Processor Relationships FFIEC IT Handbooks FFIEC IT Handbooks Outsourcing Technology Services Outsourcing Technology Services Supervision of Technology Service Providers Supervision of Technology Service Providers FIL-105-2007 Revised IT Officer’s Questionnaire FIL-105-2007 Revised IT Officer’s Questionnaire FIL-52-2006 Foreign-Based Third-Party Service Providers FIL-52-2006 Foreign-Based Third-Party Service Providers FIL-27-2005 Guidance on Response Programs FIL-27-2005 Guidance on Response Programs FIL-121-2004 Computer Software Due Diligence FIL-121-2004 Computer Software Due Diligence FIL-23-2002 Country Risk Management FIL-23-2002 Country Risk Management FIL-68-2001 501(b) Examination Guidance FIL-68-2001 501(b) Examination Guidance FIL-50-2001 Bank Technology Bulletin: Technology Outsourcing Information Documents FIL-50-2001 Bank Technology Bulletin: Technology Outsourcing Information Documents FIL-22-2001 Security Standards for Customer Information FIL-22-2001 Security Standards for Customer Information FIL-81-2000 Risk Management of Technology Outsourcing FIL-81-2000 Risk Management of Technology Outsourcing FIL-49-1999 Bank Service Company Act FIL-49-1999 Bank Service Company Act

18 18 For further questions related to the material presented in this Regulatory Conference Call, you may contact via e-mail: Compliance Questions Sherry Antonellis Santonellis@fdic.gov Risk Management Questions Colleen Marano Comarano@fdic.gov Information Technology Questions Stephanie Williams Stewilliams@fdic.gov

Download ppt "MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011."

Similar presentations

HIGH-RISK: FOREIGN CORRESPONDENT BANKING

HIGH-RISK: FOREIGN CORRESPONDENT BANKING
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
Control and Accounting Information Systems

Control and Accounting Information Systems
What’s New at the OCC: CRE Lending Handbook and Third Party Arrangements Presenters: Bull Garber, Jr., Director of Governmental and External Relations,

What’s New at the OCC: CRE Lending Handbook and Third Party Arrangements Presenters: Bull Garber, Jr., Director of Governmental and External Relations,
Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.

Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.
1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,

1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.

Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.

1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Chapter 4 Internal Control Bus 319 Accounting Information Systems.

Chapter 4 Internal Control Bus 319 Accounting Information Systems.
Internal Control and Internal Audit

Internal Control and Internal Audit
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
Eurasian Corporate Governance Roundtable

Eurasian Corporate Governance Roundtable

Similar presentations

Ads by Google