What Is Third-Party Risk Management? Third-party risk management (TPRM) involves creating a framework of policies, processes, and tools to manage and monitor the risk arising from vendors and other external business relationships. Proposed regulatory guidance on managing third-party risk from the FDIC, Federal Reserve Board, and OCC defines the third-party risk management lifecycle for financial institutions as including the following stages: Planning: Developing a plan that outlines the banking organization’s strategy, identifies the inherent…