Regulators stress importance of third-party due diligence

The FDIC is “working diligently” to issue updated guidance to financial institutions on third-party risk management, the agency’s Associate Director Lisa Arquette told attendees today at the Las Vegas conference of ACAMS, a professional association representing anti-money laundering specialists. FDIC has issued a request for information on the 2008 guidance, and while Arquette did not signal when updated guidance would be issued, she flagged several things that banks should be thinking about in the meantime.

Among other things, banks should consider risk management planning associated with the third party; due diligence for third-party selection; contract negotiation; ongoing monitoring of that third-party relationship; possible termination of the relationship; risk governance; independent reviews; and documentation to make sure that each party knows what they’re responsible for, Arquette said. “If a bank is relying on a third party to do any part of its core processing, maybe some of the AML compliance, it’s important to really evaluate the details of that relationship.”

Recognizing that banks are increasingly looking to partner with third parties to offer novel banking products and services, the Federal Reserve’s Deputy Associate Director Suzanne Williams emphasized that bank compliance officers need to be asking questions like “How will OFAC be screened? How will those entities be identified? Who will be screening for suspicious activity? Do we at the bank have sufficient information to identify suspicious activity? How going to meet BSA/OFAC compliance obligations?” Banks need to ask these questions, she said, because “those are the questions we’ll be asking in the examination.”