OCC considers update to third party cyber risk management rules

The Office of the Comptroller of the Currency (OCC) is considering updates to rules around cyber risk management standards for third party technology suppliers.

Seal of the Office of the Comptroller of the Currency“Third parties that provide payment processing, core banking, and other financial technology services to these participants in the financial sector also provide services that are vital to the financial sector as a whole. In response to the expanding cyber risks, the agencies are considering establishing enhanced standards for the largest and most interconnected entities under their supervision. A covered entity is required to ensure that the services it receives from a third party are conducted consistent with the same standards that would apply if the covered entity conducted the operations itself. Thus, the enhanced standards would apply to all the operations of a covered entity regardless of whether the covered entity conducts an operation itself or through a third party.”

The OCC is accepting comments until January 17. You can read more here…


Iceberg works with large organizations across North America to help them manage third party risk more efficiently and effectively. We also work with the suppliers selves, to help them ensure they can confidently meet the compliance and security requirements of their customers. If you’d like to learn more about how we’re helping customers in this area, contact us at info@icebergnetworks.com, or click here.

Share this post:

About the author

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign-up to our Risk Intelligence Newsletter for updates on new content, resources and events from the Iceberg team.

We promise to respect your time and inbox!

Thank you! Please check your email to confirm your subscription.