Do credit unions need to manage third party risk?

I’m a credit union, do I really need to be concerned with OCC standards on third party risk management, or FDIC?

The simple answer is, “Yes”.

While the National Credit Union Administration (NCUA) has not issued authoritative new guidance on third party risk management since 2007, you’d better believe they are examining well beyond those standards.

Why is that? Well, for starters, the Consumer Financial Protection Bureau (CFPB) has stated their authority to directly oversee and examine the activities of third party service providers (woe to the NCUA or a credit union who is caught asleep at the wheel if the CFPB finds problems with one of their third parties).

Second, the Federal Financial Institution Examination Council (FFIEC) is the agency charged with setting the level playing field of standards for all exams, including credit unions…. In other words, the regulators compare notes – the NCUA is every bit as much of regulator participating in the FFIEC as the OCC, the FDIC, etc. One of the hot topics is cybersecurity – kind of guessing they aren’t using 2007 standards to regulate 2020 breaches.

So, whether you’re a money center bank or a small credit union, while the degree of expectations may change and regulatory guidance may lag, there is true risk to letting your guard down. If you manage to the most stringent guidance, you’ll always be on the cutting edge from a business practices standpoint and hopefully keep your examiners happy as well.

Not sure your program is up to standards? We help to review and update your documentation.

Organization: Vendor Centric

Vendor Centric has a team of Vendor Management, Third-Party Risk and Procurement experts with extensive experience that will provide the best advice, analysis and services.