Fintech entrants have completely changed the way banks and financial institutions interact with third parties. Fintech third parties are integrated within the banking network, which exposes banks and financial institutions to new risks. The Federal Reserve, OCC, and FDIC have recently proposed a guideline for working with such third parties and are seeking comments from entities in the financial sphere.

Complimentary Webinar - Real-Time Risk Analytics with Predict360

The Role of Third Parties

Banking organizations commonly outsource a variety of products, services, and operations to third parties. Data processing, information technology services, accounting, compliance, human resources, and loan servicing are just a few examples. Additionally, a banking institution may form connections with third parties to offer products and services that enhance consumers’ access to and functionality of banking services, such as mobile payments, credit scoring systems, and customer point-of-sale payments.

In other cases, a financial organization may offer its banking services to customers via a third-party platform. Competition, technological advancements, and innovation in the banking industry all contribute to banks’ increasing reliance on third parties to perform business functions, provide support services, facilitate the provision of new products and services, and facilitate the provision of existing products and services in new ways.

Third-party providers can provide considerable benefits to banking businesses, including faster and more efficient access to new technology, human capital, delivery methods, products, services, and markets. Numerous banking firms, in response to these developments, including smaller, less sophisticated financial institutions, have implemented risk management policies that are proportionate to the risk and complexity of their third-party connections. Whether a banking organization conducts business directly or indirectly through a third party, the banking organization must conduct business in a safe and sound manner and in accordance with current laws and regulations, including those protecting consumers.

The Risk and Compliance Ramifications of Bank and Fintech Collaborations

Banking institutions’ use of third parties does not negate the necessity for solid risk management. On the contrary, the usage of third parties may expose financial firms and their consumers to increased dangers. The increased usage of third parties by banking institutions, particularly those with new or novel technology, may also add complexity, particularly in managing customer compliance concerns, and heighten other risk management considerations. A cautious banking firm manages third-party connections prudently, considering consumer protection, data security, and other operational risks. The proposed supervisory guidance is designed to assist banking organizations in detecting and mitigating these risks, as well as in complying with applicable statutory and regulatory requirements.

Third-party providers can provide considerable benefits to banking businesses, including faster and more efficient access to new technology, human capital, delivery methods, products, services, and markets. Click To Tweet

The Aim of the Regulatory Agencies

FDIC and OCC have provided guidance regarding third-party relationships and acceptable risk management strategies for their respective supervised banking institutions. The agencies want to ensure consistency in their third-party risk management recommendations and to define risk-based third-party risk management concepts plainly. As a result, the agencies are soliciting comments on the proposed advice jointly.

The proposed guideline is based on the OCC’s current third-party risk management guidance from 2013 and incorporates adjustments to reflect the scope of application being expanded to encompass banking entities regulated by all three federal banking regulators. The agencies are using the OCC’s 2020 FAQs, which were published in March 2020, as a supplemental exhibit to the proposed advice. The OCC produced the 2020 FAQs to clarify the OCC’s 2013 guidance on third-party risk management and to address emerging industry issues. The agencies are seeking public comment on whether the topics described in the OCC’s 2020 FAQs should be incorporated into the guidance’s final form. More precisely, the agencies are seeking public comment on whether any of those concepts should be included in the final advice and whether any new concepts would be beneficial to include.

The proposed guidance establishes a framework for banking institutions to address the risks associated with third-party interactions based on strong risk management principles. Third-party relationships are defined in the proposed guidance as contractual or other business ties between a financial organization and another firm. The proposed guidance emphasizes the critical nature of a banking institution monitoring and evaluating the risks associated with each third-party engagement in an acceptable manner.

According to the suggested guidance, a banking organization’s use of third parties does not absolve it of its responsibility to conduct business in a safe and sound manner and in accordance with existing laws and regulations. The guidance says that banking organizations should implement third-party risk management systems that ensure management of risks associated with third-party partnerships, as well as with their organizational structure. The guidance being proposed is intended for all third-party partnerships but is particularly relevant for those upon which a banking organization relies heavily, those involving increased risk and complexity, and those involving vital operations as defined in the proposed guidance.

The proposed guidance defines the life cycle of third-party risk management and provides principles that apply to each step, including:

  • Creating a plan that describes the banking organization’s strategy, identifies the inherent risks associated with the third-party activity, and outlines how the banking organization will find, assess, select, and supervise the third-party
  • Picking a third party with due diligence
  • Writing written contracts that clearly define all parties’ rights and obligations
  • Having the board of directors and management supervise the risk management processes of the banking organization, preserving documentation and reporting for oversight accountability, and engaging in independent reviews
  • Monitoring the third party’s operations and performance on a continuous basis; and establishing contingency preparations for effectively terminating the connection.

Regulatory Change Management Software

The guidance also sheds light on the direction in which the financial sector is moving towards. Businesses that want to stay competitive need to ensure that they have risk management solutions that can efficiently manage third party and Fintech related risks. Predict360 has a dedicated module for managing third party and Fintech risksget in touch with our experts for a demonstration!