Public input on a potential voluntary certification program for banks to pursue in setting standards for their technology use – and particularly models of such programs used by so-called “fintechs” – is being sought by the federal insurer of bank deposits, the agency said Monday.
In a request for information (RFI) to be published in the Federal Register (with a 60-day comment period), the Federal Deposit Insurance Corp. (FDIC) said it wants input on whether a standard-setting and voluntary-certification program could be established to support financial institutions’ efforts to “implement models and manage model risk by certifying or assessing certain aspects of the models themselves, and to conduct due diligence of third-party providers of technology and other services by certifying or assessing certain aspects of the third-party providers’ operations or condition.”
The FDIC said it is especially interested in information about models and technology services developed and provided by financial technology companies (also known as fintechs).
In a release accompanying the issuance of the RFI, the agency said it is asking whether the proposed program might reduce the regulatory and operational uncertainty that may prevent financial institutions from deploying new technology or entering into partnerships with technology firms, including fintechs. “For financial institutions that choose to use the system, a voluntary certification program could help standardize due diligence practices and reduce associated costs,” the FDIC said.
The RFI, the agency said, is part of its FDiTech initiative, which is aimed at promoting adoption of innovative technologies by banks. The FDIC described the program as a public-private partnership.
“As the financial services industry evolves, more financial institutions are using third-party models and technologies for functions that either are new or had been performed in-house in the past,” the agency said. “The FDIC recognizes that the use of such models and technologies can assist the financial institution in providing greater benefits to consumers and increasing financial inclusion. The use of third-party models and technologies may also give the financial institution access to greater expertise or efficiency in providing a particular product or service at lower cost.”
However, the agency said, many banks (particularly smaller ones) have complained that the costs and other resources associated with deploying models or technologies from third parties is prohibitively expensive.
To deal with that, the FDIC said it is looking for ways to assist banks in effectively complying with laws and regulations regarding management of third-party risks concerning the use of models, such as credit underwriting models. That includes, the agency said, considering the value of standards for assessing models.
“The development of relevant standards, along with the development and application of a voluntary certification process to ensure that models conform to those standards, could potentially allow for more financial institutions—particularly community banks—to engage with third parties, including fintechs; permit FDIC supervision resources to be used more efficiently and effectively; and reduce costs of doing business for financial institutions and providers of models,” the agency said.
Part of that process could be a voluntary certification or assessment program to support banks’ due diligence of third-party providers of a “range of technology and other services.” The program would certify, or assess, aspects of the third-party providers’ operations or condition, the agency said.
“The FDIC is interested in whether there are unique elements and challenges associated with financial institutions’ due diligence of third-party providers of technology and other services that would benefit from a voluntary certification or assessment program applicable to such providers,” the agency said.
The comments will not lead to “substantive revisions” to the agency’s existing supervisory guidance with respect to model risk management or third-party provider risk management, the FDIC said.