Introduction

It’s not you. It’s the guidance.

Perficient provides risk management to more than 500 financial services organizations, many of whom have multiple bank regulators. Often an organization will have a state-charted non-member bank, which has the FDIC as its primary federal regulator. The same organization will typically have a national bank charter, and the OCC is the primary federal banking regulator for that part of the organization. The bank holding company and Federal Reserve member legal entities fall under the Federal Reserve as its primary federal regulator.

Until June 6 of this year, each of the federal bank regulators had provided the different organizations of that same firm with slightly different versions of their risk guidance. However, in what is sure to be a landmark in federal regulation, on June 6, 2023, the primary federal bank regulatory agencies issued final joint guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies.

The complete 60+ page guidance is available to readers here.

Guidance Summary

The final guidance covers risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination. Also of value is that the new guidance states that sound third-party risk management takes into consideration the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship.

The new federal risk guidance for banks does not remove the need for sound risk management. The guidance emphasizes that using third parties, especially those using new technologies, may present elevated risks to banking organizations and their customers, including operational, compliance, and strategic risks. Bank executives are urged to remember that using third parties neither removes nor diminishes the banking organizations’ responsibility to ensure that activities are performed safely, soundly, and in compliance with applicable laws and regulations. Such regulations include consumer protection (such as fair lending laws and prohibitions against unfair, deceptive, or abusive practices) and those addressing financial crimes including money laundering.

If you would like to speak with a Perficient subject matter expert about the new unified federal guidance or want to know how Perficient can help manage the risks your organization faces, please click here.