Common use of Third Party Risk Management Clause in Contracts

Third Party Risk Management. (1) Within ninety (90) days of the date of this Agreement, the Board shall adopt and the Bank, subject to Board review and ongoing monitoring, shall implement and thereafter adhere to a revised third party risk management program that is consistent with OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance (October 30, 2013) and any subsequent OCC guidance, that includes at a minimum: (a) Board review and approval of an updated vendor management policy that delegates oversight responsibility for proper implementation of the Bank's third party risk management program to appropriate management personnel; (b) a list of all activities, functions, or responsibilities that are currently, or will be, outsourced to third-parties, identifying the parties, noting any affiliations, and describing the terms and conditions of the third party agreements; (c) a process to ensure third party relationships are governed by written agreements that clearly outline and document the rights and responsibilities of the parties; (d) a risk assessment process to identify third party service providers that perform critical activities for the Bank; (e) a due diligence process for selecting third-party service providers and an on-going process for monitoring third parties that require reviews of third party financial information, service and other contracts governing the relationship, and reports/attestations on third party controls; (f) controls to ensure transactions with affiliated third parties comply with affiliate laws and regulations and do not present conflicts of interest; and (g) a cost-benefit analysis of the Bank's third-party relationships, that includes ongoing monitoring of third party expenses, reports analyzing direct and indirect costs of each relationship, and consideration of the Bank's in- house expertise. (2) Upon adoption, the Board shall submit a copy of the revised third party risk management program to the Assistant Deputy Comptroller.

Third Party Risk Management. (1) Within ninety (90) days of the date of this Agreement, the Board shall adopt and the Bank, subject to Board review and ongoing monitoring, shall implement and thereafter adhere to a revised third party risk management program that is consistent with OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance (October 30, 2013) and any subsequent OCC guidance, that includes at a minimum: (a) Board review and approval of an updated vendor management policy that delegates oversight responsibility for proper implementation of the Bank's ’s third party risk management program to appropriate management personnel; (b) a list of all activities, functions, or responsibilities that are currently, or will be, outsourced to third-parties, identifying the parties, noting any affiliations, and describing the terms and conditions of the third party agreements; (c) a process to ensure third party relationships are governed by written agreements that clearly outline and document the rights and responsibilities of the parties; (d) a risk assessment process to identify third party service providers that perform critical activities for the Bank; (e) a due diligence process for selecting third-party service providers and an on-going process for monitoring third parties that require reviews of third party financial information, service and other contracts governing the relationship, and reports/attestations on third party controls; (f) controls to ensure transactions with affiliated third parties comply with affiliate laws and regulations and do not present conflicts of interest; and (g) a cost-benefit analysis of the Bank's ’s third-party relationships, that includes ongoing monitoring of third party expenses, reports analyzing direct and indirect costs of each relationship, and consideration of the Bank's ’s in- house expertise. (2) Upon adoption, the Board shall submit a copy of the revised third party risk management program to the Assistant Deputy Comptroller.