Proposed Third-Party Risk Management Guidelines
The Federal Reserve, FDIC and OCC jointly issued proposed guidance on banking organizations’ risk management of third-party relationships. The goal of the Proposed Guidance was to harmonize third-party risk management and represents a joint effort by the Agencies to respond to the growth of relationships between banks and third parties. This includes both traditional outsourcing relationships and partnership arrangements with fintech companies.
Comments filed by OLA focused on reinforcing the value of bank/fintech working arrangements, encouraging regulators to use the guidance to reaffirm that these relationships are authorized under federal law. The letter also took aim at debunking claims that bank third-party vendor agreements are used to circumvent state banking standards.
More specifically to the guidance, OLA comments touched on the need for greater clarity/details particularly in the areas of:
- Categorizing vendors
- Due diligence levels
- Lack of specific parameters regarding criteria that could lead to a regulator directing a financial institution to terminate a relationship with a third-party provider
- Flexibility in guidance to allow innovations to continue.
Read the full comment here.
Notice of Proposed Rulemaking on Personal Financial Data Rights Docket No. CFPB-2023-0052; RIN 3170-AA78