On June 6, 2008 the FDIC issued the FDIC Guidance for Managing Third-Party Risk. The guidance focuses on the risk assessment of vendor relationships and the vendor management process. The bulletin is a guideline, not a requirement, but offers fuller clarification on third party relationships. The FDIC defines a third party relationship as significant based on seven different criteria. For vendor relationships that are determined to be significant, the guidance lists the seven potential types of risk when entering into these relationships.
The publication continues with the four elements of the risk management process, including: key points to include in the risk assessment; the due diligence process; suggestions to include in contract structuring and review; and finally, the oversight of the relationships with significant vendors.
In response to this new guidance, we are providing a vendor risk analysis tool
to assist our clients in enhancing the vendor management process.