According to OCC guidelines, how should banks approach risk management in third-party relationships?

The focus on conducting periodic reviews, regardless of performance, aligns with the Office of the Comptroller of the Currency (OCC) guidelines for risk management in third-party relationships. This approach emphasizes the importance of ongoing monitoring to ensure that potential risks are identified and managed effectively.

Periodic reviews allow for the assessment of third-party vendors against compliance standards and risk assessment criteria, even if the vendor appears to be performing well. This proactive methodology helps banks to remain vigilant about changing risks over time, such as shifts in the regulatory environment, business practices of third parties, or emerging risks related to service delivery.

By undertaking these regular assessments, banks can mitigate the potential for operational, reputational, and compliance risks that might arise from third-party engagements. Establishing a robust risk management process that includes these ongoing reviews ensures that banks maintain oversight and control over their third-party relationships.