Third-Party Risk Management is a continuous process throughout the life of the relationship. The OCC defines the five major phases in the third-party life-cycle in their updated guidance, as: Planning, Due Diligence and Third Party Selection, Contract Negotiation, Ongoing Monitoring, and finally, Termination. An effective third-party risk management program will successfully address each phase and have a system in place to facilitate and automate the process. Establishing a well-defined process, with the right tools and focus, are important components to addressing third-party risk. For banks to cost-effectively address these increasing risks, the use of a Governance, Risk, and Compliance (GRC) system is often the most practical approach.