FDIC, Federal Reserve, and OCC Release Guidance for Banks Partnering with Third Parties
The Federal Deposit Insurance Corp. (FDIC), Federal Reserve, and Office of the Comptroller of the Currency (OCC) have issued guidance regarding how financial institutions should approach third-party partnerships. The guidance outlines how to manage operations, compliance, and strategic risks, including managing relationships with fintech companies.
“As part of sound risk management, it is the responsibility of each banking organization to analyze the risks associated with each third-party relationship and to calibrate its risk management processes, commensurate with the baking organization’s size, complexity, and risk profile and with the nature of its third-party relationships,” the guidance said.
The guidance goes over risk management for all stages of third-party relationships: planning, due diligence, third-party selection, contract negotiation, ongoing monitoring, and termination. The agencies plan to work with community banks in particular to develop more resources to help them manage third-party risks.
The growth of relationships between banks and fintechs has been on the agencies’ radar in recent years, and the Treasury Department said in November that those relationships need to be closely monitored to protect consumers. Michael Hsu, Acting Comptroller of the Currency, said the nature of those relationships can put the financial system at risk of a crisis if not adequately supervised.
Regulators said the guidance is “principles-based” and can be adjusted for each unique relationship. “The agencies do not believe it would be appropriate to prescribe alternative approaches or to broadly assume lower levels of risk based solely on the type of a third party,” the guidance said.
The guidance also urges banks to examine the goals and strategies of third-parties for potential relationships, including their ownership structure, incident reporting protocols, and financial condition.
“Today’s guidance acknowledges the benefits that third parties like fintechs provide and offers a constructive framework to mitigate identifiable risks, including for smaller banks that may face unique challenges in this context,” said Penny Lee, CEO of the Financial Technology Association.