The board of directors and senior management are responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution. Financial Institutions are expected to have clearly defined systems of risk management controls built into the management system including controls over activities conducted by affiliates and third-parties. The more significant the third-party service relationship (i.e. performs critical functions, material impact on revenues, large number of consumers, etc.), the more important it is that the institution conduct regular reviews of the adequacy of its oversight and controls over third-party relationships. Examiners will evaluate all applicable third-party relationships as though the activities were performed by the institution itself.