Regulatory staff from the Federal Reserve, the FDIC and the Office of the Comptroller of the Currency shared their observations and previewed forthcoming regulatory updates on third-party risk management during a meeting with American Bankers Association member bankers in Washington, D.C., this week.
Third-party risk management continues to be an area of focus for examiners, and all three agencies said they are working carefully to assess and address the challenges of fintech relationships in particular. In its study of the risks and benefits relating to fintech, the Federal Reserve has identified third-party guidance as a potential focus area, and expressed a desire for any feedback or questions — particularly from community banks — on its guidance relating to fintech due diligence or management of subcontractors. The FDIC added that it is currently reviewing comments on proposed guidance issued last summer on third-party relationships.
Meanwhile, the OCC said that its examiners will be looking more closely at the ongoing monitoring of third-party relationships beyond the due diligence phase and emphasized that banks should have processes in place for ensuring that service providers are delivering on promises outlined in their contracts.
The agency also highlighted a need for more board oversight in the contract process and more reporting up to the board on critical third party activities. The OCC said it expects to issue frequently asked questions in the coming days to supplement its 2013 bulletin on third party risk management that will provide additional clarity, particularly with respect to fintech relationships, mobile banking, and industry collaboration on third-party risk management.