Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services
- Source: fdic.gov
Takeaway
The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (the Agencies) recently issued a statement highlighting the risks associated with partnerships between banks and third parties to deliver deposit products and services. The statement emphasizes the need for effective risk management and compliance with applicable laws and regulations and reaffirms the importance of responsible innovation. The Agencies’ intent was to highlight existing guidance and risks related to these arrangements without establishing new supervisory expectations or changing current regulatory requirements.
Treliant has extensive experience with bank/fintech partnerships and provides solutions to support compliance with laws and regulations most scrutinized by these arrangements, such as those related to consumer protection, safety and soundness, and anti-money laundering/countering the financing of terrorism.
Highlights
Banks relying on third parties to deliver certain products and services has become common practice. These partnerships allow banks to leverage new technology, expertise, and resources to enhance offerings as well as achieve strategic objectives faster than in-house development. These relationships, however, can elevate risks and require effective bank management to maintain regulatory compliance and protect reputational and financial stability.
The statement calls out several potential operational and compliance risks arising from these partnerships:
- Reduced oversight of deposit function: Relying on third parties can reduce the bank’s controls and management of the deposit function, including customer due diligence and ongoing monitoring.
- Inadequate access to system of records: Potential lack of access to transaction systems, information, and other data maintained by third parties can lead to delays in end-user deposit access while exposing banks to additional legal and compliance risks.
- Performance of compliance functions: Banks remain responsible for regulatory compliance functions performed by third parties on behalf of the bank, such as customer identification programs, customer due diligence, ongoing monitoring, reporting suspicious activity, and sanctions compliance.
- Insufficient oversight of consumer protection obligations: Improper oversight of partnerships may impact bank compliance with consumer protection laws and regulations, such as requirements under Regulation E, Regulation DD, among others.
- Fourth-party risk: Banks may not have direct contracts with additional layers of subcontractors utilized by a third party, limiting the bank’s ability to access, monitor, and control added risks.
- Lack of experience with new practice: Bank management and staff may be unfamiliar with new technologies or methods of facilitation used by third parties which may result in inadequate management of risk and compliance practices.
- Unsatisfactory audit coverage: Lack of adequate audit coverage, follow-up processes, and remediation may impact vendor oversight as well as the effectiveness of the audit function.
The statement also includes examples of effective risk management practices banks should consider when engaging with third parties for the delivery of products and services, such as:
- Developing policies and procedures detailing organizational structures, internal controls, and audit functions.
- Conducting thorough risk assessments specific to each third party,
- Executing sufficient due diligence based on scope and depth of third-party relationships.
- Establishing clear contracts to define roles and responsibilities, access to data, and performance expectations.
- Implementing ongoing monitoring processes to promptly address issues.
- Developing risk-based contingency plans to address operational disruptions.
- Implementing internal controls, such as dual controls and separation of duties, to mitigate deposit function risks.
- Establishing policies and procedures to ensure compliance with applicable laws and regulations, including consumer protection and anti-money laundering/countering the financing of terrorism compliance.
Treliant’s role is crucial in this landscape, as we routinely guide clients through complex regulatory environments, helping mitigate risk and enhance operational frameworks to align with relevant regulations and recommendations.
Ready to Talk?
We work with you to understand your needs, so we can tailor our approach to your engagement. Learn more when you connect with our team.