Responding to several questions flagged by the American Bankers Association, the OCC today issued a set of frequently asked questions to help bankers implement the agency’s 2013 guidance on managing risk associated with third-party relationships. The FAQs address several areas on which ABA sought clarification related to the guidance, including collaboration with other banks and partnerships with fintech providers.
For example, while noting that banks that use the same vendors for like products and services can collaborate on due diligence, contract negotiation and ongoing monitoring, the OCC said that this collaboration is “insufficient to fully meet the bank’s responsibilities” under the guidance. Responsibilities specific to individual banks include requirements for planning and termination, integration into the bank’s strategic planning, risk assessments, IT controls, performance benchmarking, fee structure analysis and monitoring for compliance and business continuity.
The FAQs make clear that relationships with fintech firms are covered under the 2013 guidance, although they may or may not qualify as a “critical activity” requiring “more comprehensive and rigorous management.” However, since many fintech companies may be early-stage startups without the kind of financial track record that would ordinarily be reviewed in a vendor relationship, the FAQs indicate that a bank partnering with such a company should have appropriate contingency plans. They make clear that while financial analysis of vendors “may be as comprehensive” as underwriting for a loan, there is no requirement for potential vendors to meet banks’ lending criteria.
The FAQs also address access to technology service providers’ regulatory exam reports (another issue raised by ABA), marketplace lending, mobile payments, partnering with fintech firms to serve the underbanked, reviews of fourth-party risk and more. For more information, contact ABA’s Krista Shonk.