Last updated on October 3, 2025
No, it is not allowed. As of May 2024, the Federal Reserve, FDIC, and OCC jointly issued a Third-Party Risk Management Guide specifically for community banks. This guide mandates that banks must establish a formal risk management framework when outsourcing critical functions to third-party vendors. The framework should include due diligence, contract structuring, ongoing monitoring, and contingency planning. The guidance emphasizes that failure to manage third-party risks can lead to operational, compliance, and reputational harm. It also outlines governance practices and life-cycle management for third-party relationships. This regulation aims to ensure that community banks maintain safety and soundness while leveraging external services.
5/3/2024