Regulators Reiterate Risk Management Guidance for Banks Using Third-Party Providers

August 5, 2024

Don’t Put a Target on Legal Ops in a Downturn

According to an article by law firm Ballard Spahr, banking regulators have issued a joint statement highlighting risk management guidance for banks when engaging third parties to provide bank deposit products and services.

The statement, released by the FDIC, OCC, and Federal Reserve Board, reiterates existing guidance without introducing new regulatory requirements or supervisory expectations.

Banks can engage in third-party arrangements, but they must do so in a manner that ensures compliance with applicable laws, including consumer protection and anti-fraud regulations. The agencies stress that a bank’s responsibility to comply with laws and regulations is not diminished by the use of third parties.

The article highlights potential risks including operational and compliance issues, such as heavy reliance on third parties, fragmented operations, lack of access to records, inadequate risk management, insufficient oversight of compliance functions, and weak audit coverage. 

Growth-related risks include misaligned incentives, operational capabilities lagging behind growth, financial risks from funding concentrations, liquidity management challenges, and pressure on capital levels. Additionally, there is a risk of end-user confusion and misrepresentation of deposit insurance coverage due to potentially misleading statements and marketing.

Effective risk management guidance for banks suggested by the agencies include:

  • Governance and Third-Party Risk Management: Developing detailed policies, conducting due diligence, establishing clear contracts, assessing risks, and implementing monitoring processes.
  • Operational and Compliance Management: Understanding management information systems, developing contingency plans, implementing internal controls, and ensuring compliance with laws.
  • Growth, Liquidity, and Capital Management: Establishing concentration limits, liquidity risk strategies, and capital adequacy measures.
  • Addressing Misrepresentations of Deposit Insurance: Creating policies to ensure compliance with regulations on deposit insurance and monitoring third-party activities.

Sign up for our weekly newsletters specifically curated to different practice areas: litigation, cybersecurity & data privacy, legal ops, and compliance.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top