Third Party Risk Management

Businesses, including financial services firms, commonly seek to increase their operational efficiency by outsourcing components of their business operations to third parties. This offers benefits, such as cost management, but third party relationships can expose financial services firms to legal and regulatory risks.

In recent years, financial regulators have grown increasingly concerned about financial services firms' ability to identify and manage the risks arising from third party relationships. This has resulted in increased scrutiny of the kinds of functions that financial services firms are outsourcing and how they are managing their third party relationships.

Financial services firms remain responsible for any business activities that third parties perform for them through outsourcing arrangements, making third party risk management training crucial. As a result, firms can be held liable for any legal misconduct committed by a third party vendor. Because of this liability risk, employees need to understand how to maintain sufficient oversight of third party relationships.

The topics covered in the course include:

• Background on third party risk management
• Regulatory requirements
• Regulatory guidance in the United States
• Federal Deposit Insurance Corporation (FDIC) guidance
• Financial Institution Letter 44-2008
• Federal Reserve Board guidance on outsourcing risk
• Office of the Comptroller (OCC) of the Currency guidance
• OCC Bulletin 2013-29
• Consumer Financial Protection Bureau (CFPB) guidance
• Foreign Corrupt Practices Act (FCPA)
• The FCPA and third party risk management
• Regulatory guidance in Canada
• Office of the Superintendent of Financial Institutions (OSFI) guidance
• Additional third party liability issues and considerations
• Outsourcing risk management functions
• General oversight considerations
• Looking ahead