SR 23-4: Interagency Guidance on Third-Party Relationships: Risk Management

Skip to main content

An official website of the United States Government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sections

Search

Search Submit Button

Supervision and Regulation Letters

Share

?body=https://www.federalreserve.gov/supervisionreg/srletters/SR2304.htm&subject=SR 23-4

PDF

RSS

By topic

SR 23-4: Interagency Guidance on Third-Party Relationships: Risk Management

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C. 20551

DIVISION OF SUPERVISION AND REGULATION

SR 23-4

June 7, 2023

TO THE OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE BANK AND INSTITUTIONS SUPERVISED BY THE FEDERAL RESERVE

SUBJECT:

Interagency Guidance on Third-Party Relationships: Risk Management

Applicability: This letter applies to all banking organizations supervised by the Federal Reserve.

The Board of Governors of the Federal Reserve (Board), the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (collectively, the agencies) issued joint interagency guidance to all banking organizations supervised by the agencies on managing risks associated with third-party relationships. The agencies issued the guidance to promote consistency in supervisory approaches; it replaces each agency’s existing general guidance on this topic.

The guidance offers the agencies’ views on sound risk management principles for banking organizations to consider when developing and implementing risk management practices for all stages in the life cycle of third-party relationships. The concepts discussed in the guidance are relevant for all third-party relationships and are provided to banking organizations to assist in the tailoring and implementation of risk management practices commensurate with each banking organization’s size, complexity, risk profile, and the nature of its third-party relationships. The agencies plan to develop additional resources to assist smaller, non-complex community banking organizations in managing relevant third-party risks.

The guidance is intended to assist banking organizations in identifying and managing risks associated with third-party relationships and in complying with applicable laws and regulations. The guidance does not impose any new requirements on banking organizations. The principles set forth in the guidance can support effective third-party risk management for all types of third-party relationships, regardless of how they may be structured. Some banking organizations may form third-party relationships with new or novel structures and features – such as those observed in relationships with some financial technology (fintech) companies. Such relationships may involve the fintech company providing products or services with varying degrees of interaction with the banking organization’s customers. It is important for a banking organization to understand how the arrangement with a particular third party is structured so that the banking organization may assess the types and levels of risks posed and determine how to manage the third-party relationship accordingly.

Reserve Banks are asked to distribute this letter to the supervised banking organizations in their districts and to appropriate supervisory staff. In addition, questions regarding this letter may be sent via the Board’s public website. 1

signed by Michael S. Gibson Director Division of Supervision and Regulation

Supersedes:

SR letter 13-19 / CA letter 13-21, “Guidance on Managing Outsourcing Risk”

Attachments:

Interagency Guidance on Third-Party Relationships: Risk Management

Cross References:

SR letter 20-24, “Interagency Paper on Sound Practices to Strengthen Operational Resilience”

Notes:

See http://www.federalreserve.gov/apps/contactus/feedback.aspx . Return to text.

Back to Top

Last Update: June 07, 2023