The New Normal is Now: Third party service provider oversight
by. Sybill McDowell
THE NEW NORMAL is here and I am not talking about the television show. I am talking about Third Party Service Provider (TPSP) oversight.
The OCC Bulletin 2013-29; provides updated guidance to financial institutions that they must create and implement an oversight and risk management plan for supervising all of their third party service providers. This guidance is focused on the development of a well-documented oversight program that ensures the ongoing monitoring and reporting of all of their providers’ activities and performance, as well as, a contingency plan for terminating third party relationships. The OCC requires a more comprehensive and rigorous management of third-party relationships that involve critical activities—significant bank functions or significant shared services. These heightened standards will hold banks and financial institutions liable for wrongdoings or non-compliance violations committed by their providers, in an effort to create a stronger chain of accountability.
An effective TPSP risk management process should follow continuous life cycle phases:
- Pre-Assessment (TPSP selection),
- Onboarding (contract negotiation, due diligence – TPSP must be compliant with the regulations and guidelines pertinent to the services)
- Ongoing Oversight and Modifications
- Off-boarding and Termination
- Reporting/Metrics