Regulators Reiterate Risk Management Guidance for Banks Using Third-Party Providers

According to an article by law firm Ballard Spahr, banking regulators have issued a joint statement highlighting risk management guidance for banks when engaging third parties to provide bank deposit products and services.

The statement, released by the FDIC, OCC, and Federal Reserve Board, reiterates existing guidance without introducing new regulatory requirements or supervisory expectations.

Banks can engage in third-party arrangements, but they must do so in a manner that ensures compliance with applicable laws, including consumer protection and anti-fraud regulations. The agencies stress that a bank’s responsibility to comply with laws and regulations is not diminished by the use of third parties.

The article highlights potential risks including operational and compliance issues, such as heavy reliance on third parties, fragmented operations, lack of access to records, inadequate risk management, insufficient oversight of compliance functions, and weak audit coverage. 

Growth-related risks include misaligned incentives, operational capabilities lagging behind growth, financial risks from funding concentrations, liquidity management challenges, and pressure on capital levels. Additionally, there is a risk of end-user confusion and misrepresentation of deposit insurance coverage due to potentially misleading statements and marketing.

Effective risk management guidance for banks suggested by the agencies include:

• Governance and Third-Party Risk Management: Developing detailed policies, conducting due diligence, establishing clear contracts, assessing risks, and implementing monitoring processes.
• Operational and Compliance Management: Understanding management information systems, developing contingency plans, implementing internal controls, and ensuring compliance with laws.
• Growth, Liquidity, and Capital Management: Establishing concentration limits, liquidity risk strategies, and capital adequacy measures.
• Addressing Misrepresentations of Deposit Insurance: Creating policies to ensure compliance with regulations on deposit insurance and monitoring third-party activities.