What is OCC and How Does It Affect Third Parties?
There are many different regulatory groups that oversee finance-related bodies and transactions, and the Office of the Comptroller of the Currency (OCC) is one of the most important of these groups. Founded in 1863, the OCC is an independent bureau within the US Department of the Treasury and its job is to oversee issues relating to national banks.
Get the best third-party security content sent right to your inbox
Thanks for subscribing!
In particular, the OCC charters and oversees national banks and federal bank branches, as well as any agencies of foreign banks operating in the United States. They expect banks to apply safe practices, whether the action is being performed by the bank or through a third party. The OCC is a powerful organization, and plays a critical role in the overall functioning of markets and the economy.
The OCC and Compliance
As noted, the OCC plays many roles in relation to the banking and finance community, but for those concerned with security and regulatory norms, certain aspects of the organization are of particular concern. Of greatest interest are the OCC’s operations included in its mission to “ensure that national banks and federal savings associations operate in a secure and sound manner, provide fair access to financial services, treat customers fairly and comply with applicable laws and regulations.” These activities include:
Banks are required to disclose a number of different types of information to clients, which is a key element of modern consumer protections. For example, banks must disclose the terms of a loan or credit card. They must also alert clients and allow them to “opt-in” before disclosing any financial information to third-party organizations, including those that your bank has preexisting relationships with.
Banks are required to ensure customer privacy–hence the issues surrounding data sharing and disclosure–but they are also required to know who their customers are. That information is considered critical to national security, and is used as part of anti-money laundering and anti-terrorism efforts. Banks must have a customer identification program, as specified under the PATRIOT Act, as well as internal and independent compliance processes.
- Consumer Protection
Because there have been many incidents in which banks have taken advantage of consumers, the OCC has put a number of different measures in place to prevent such actions in the future. Many of these are interagency efforts, such as those procedures related to the Truth in Lending Act.
Consequences for Businesses
What does an organization that oversees bank operations have to do with businesses? While your business may not be a bank, it is required to interact with banks to complete day-to-day tasks. More importantly, banks that work with your business are also responsible for monitoring your security compliance. Under OCC Bulletin 2013-29, banks must perform their due diligence when interacting with third parties. So, if you want to build financial partnerships, you’ll need to demonstrate OCC-ready risk management practices. Panorays can help.
Just as businesses need to check on the regulatory compliance practices of third-party organizations like suppliers, banks consider businesses as their third-party partners. Panorays supports banks by serving as a central repository for third-party partners. If your business is struggling to organize the procedural documentation required by the OCC, we have a system for that.
While businesses need to demonstrate compliance, banks and other financial services groups are ultimately the ones responsible for ensuring that compliance. The banks will be held culpable for anything that happens in conjunction with their operation, as overseen by the OCC. However, how much responsibility they have is contingent on how critical the third party is to the bank’s core activities.
Trust, but Verify
One of the major recent changes to OCC requirements regarding banks’ relationships with third-party organizations is that the OCC now requires banks to integrate third parties into their overall risk management and compliance frameworks. This is a needed step towards comprehensive security. Previously, many banks sidestepped such arrangements by siloing third parties, an approach with limited effectiveness that essentially allowed banks to abdicate responsibility for their partners.
Obviously, there are limits to how much control banks can extend in their third-party relationships; they can either work with an organization or cut off that relationship, or at least threaten to do so. But these new guidelines do make distinctions. How much oversight and assessment banks are expected to engage in regarding third-party partners depends on whether those partners are actually engaged in critical activities or not. The more central a partner is, the more banks are expected to verify the organization’s compliance.
How Panorays Can Help
The OCC takes compliance and risk management seriously, and at Panorays, we share these commitments, making Panorays the ideal partner for banks and third-party organizations alike. Our understanding of regulations like OCC 2013-29, as well as other major financial standards like NYDFS and FFIEC, allows Panorays to provide continuous compliance monitoring, support relationships between banks and businesses and manage critical documentation required by regulatory organizations. We manage the finer details of banking regulation and third-party relationships so that you don’t have to.
If your organization is ready to take the next step towards compliance, Panorays offers the support you need. Contact us today to schedule a demo and take control over the full scope of your security practices while ensuring compliance with new regulations.