The Office of the Comptroller of the Currency (OCC) has outlined its third-party risk management requirements for United States national banks and federal savings associations in thehttps://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html. These risk management standards don't only apply to third-party vendor relationships; the OCC expects all banks to follow best third-party risk management practices, whether activities occur internally or through service providers.
A Summary of OCC’s Ideal Third-Party Risk Management Process
Ensure periodic independent reviews of third-party relationships and the bank's third-party risk management process.
Develop a plan to manage the relationship as the first step in the third-party risk management process, particularly for contracts involving critical activities with third parties.