Examiners hold US banks to the Interagency Guidance. Coverbase helps you run it end to end.
The 2023 Interagency Guidance on Third-Party Relationships, issued jointly by the Federal Reserve, OCC, and FDIC, lays out the third-party risk lifecycle banks are expected to follow. It's guidance, not a rule, but examiners review against it, and Coverbase keeps the work and the proof in one place.
Who the Interagency Guidance applies to
The guidance applies to banking organizations supervised by the Federal Reserve, OCC, and FDIC, including community banks. It's principles-based and scalable: oversight should match the risk of the relationship, with the most scrutiny on 'critical activities.' It replaced the agencies' prior separate guidance, including OCC Bulletin 2013-29. Credit unions fall under the NCUA instead.
The third-party risk lifecycle it expects
Planning
Weigh the risks and benefits before entering a third-party relationship.
Due diligence and selection
Assess a prospective third party's financials, controls, and ability to perform before you sign.
Contract negotiation
Put the right terms in place: performance, security, audit rights, and termination.
Ongoing monitoring and termination
Monitor the relationship for its whole life, with heightened attention to critical activities, and plan for a clean exit.
Cover all five stages, with the evidence
Banks rarely fall short on policy. They fall short because the evidence is scattered. Coverbase keeps every stage in one defensible record.
Diligence done for you
Gather and assess third-party evidence automatically, scaled to the risk of the activity.
Critical activities flagged
Tier relationships so your most critical vendors get the deepest oversight.
Lifecycle monitoring
Track each relationship from planning through termination, not just at onboarding.
Exam-ready evidence
Pull a complete, time-stamped record for any vendor when examiners ask.
One platform for third-party risk and security
Speed with control
Automate intake, assessment, and monitoring with built-in guardrails that preserve policy integrity.
Explain with confidence
AI provides traceable reasoning for every recommendation, so you can defend every risk rating and finding.
Automate with assurance
Adapt controls and meet regulatory changes in minutes, not months, without breaking your program.
Building Trust, Together
Some of the world's most innovative and security conscious enterprises trust us to safeguard their data. We see security and privacy not as checkboxes, but as an ongoing promise to our customers. For questions about our security program or to report a vulnerability, please contact us at security@coverbase.ai