Financial Services

Third Party Risk Management and Compliance Requirements for Financial Services Companies

Financial institutions are expected to comply with a broad range of regulations covering everything from fraud detection to protecting customer records. Institutions are expected to enforce rigorous data security and data privacy controls, protect their brands and reputations, and operate fairly in whatever markets they enter. Accurate reporting and well documented business processes are essential. In the United States, The Office of the Comptroller of the Currency and the Federal Reserve Board, issued guidance in late 2013 on the risk management of third parties. This guidance holds boards of directors, senior management and relationship managers accountable for managing third parties. The FRB expects institutions to treat third party risk management as a formal, enterprise-wide risk discipline, and to follow a process that is commensurate with the level of risk and complexity of the given activity. In the UK, the Financial Conduct Authority (FCA) has a growing list of enforcements against institutions related to third party issues, and the Prudential Regulation Authority (PRA) has made it clear that a firm cannot contract out its regulatory obligations.

The Aravo Risk and Compliance Solution for Financial Services

The Aravo Enterprise solution enables banks and other financial institutions to apply consistent and formalized risk management processes throughout the relationship life cycle of their third parties. It provides institutions with a risk-based approach that inventories and assesses the risk of all third parties, with additional focus on third parties supporting business-critical activities and other high-risk criteria.  Offering best practice workflows and assessment standards, it allows institutions to comply with all relevant third party regulations, including Anti-Bribery Anti-Corruption (ABAC) regulations; CFPB Bulletin 2012-03, which requires financial institutions to oversee service providers; and OCC 2013-29, which requires banks to assure regulatory compliance of third parties, and cross-industry data protection rules. Support for foreign languages helps international institutions centralize third party attestations for global operations. The platform can be customized to meet the unique business processes and strategic goals of each institution.

Aravo Risk & Compliance Solution Benefits for Financial Services Companies

  • Streamline and harmonize data and processes across the third party and supply network for improved transparency, flexibility and agility
  • Eliminate risk silos and deliver a centralized ‘version of the truth’ for the extended enterprise
  • Increase third party transparency through Tier 1, 2 and beyond
  • Reduce complexity and third party administration costs
  • Expand third party networks and enter into new markets with confidence
  • Accelerate time to market
  • Reduce brand risk
  • Improve oversight with an always accessible audit trail
  • Expand to new use-cases as you harness the power of the flexible Aravo Enterprise platform

Regulations and Standards that impact Financial Services

U.S. Foreign Corrupt Practices Act (FCPA)

Forbids bribing foreign officials and mandates transparent accounting practices.

UK Bribery Act

Covers British criminal laws related to bribery and establishes penalties including imprisonment, fines, and confiscation of property.

CFPB Bulletin 2012-03

Defines a process for managing the risks of service provider relationships and requires institutions to ensure that third parties’ practices adhere to consumer finance law.

Fair and Accurate Credit Transactions Act (FACTA)

An amendment to the Fair Credit Reporting = intended to reduce identity theft.

Fair Credit Reporting Act (FCRA)

Regulates how credit agencies use and manage consumers’ information.

FINRA Rule 3310

Requires financial institutions to implement an effective Anti-Money Laundering (AML) program.


Includes regulations for protecting customer data.

Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDNs)

Forbids institutions from aiding SDNs of foreign countries.

OCC Bulletin 2013-29

Guidelines financial institutions must follow in assessing and managing risks in third party relationships.

UK Financial Conduct Authority

The British equivalent to those in OCC Bulletin 2013-29.