Guidance for banks establishing principles to consider when developing and implementing risk management practices governing their third-party relationships was issued Tuesday by the three federal banking agencies.
The guidance, however, is not without some controversy, as one member of the Federal Reserve Board voiced her opposition to the guidance in a statement. Another Fed governor, on the other hand, issued a short comment in support. Meanwhile, a member of the board of the federal bank deposit insurance agency urged banks to tell him what they think of the guidance.
According to the Federal Reserve, Federal Deposit Insurance Corp. (FDIC) and the Office of the Comptroller of the Currency (OCC), the guidance is relevant for all third-party relationships. It is provided, the agencies said, to banking organizations to assist in the “tailoring and implementation of risk management practices commensurate with each banking organization’s size, complexity, risk profile, and the nature of its third-party relationships.” The guidance, the agencies said, would replace each agency’s existing general guidance on the topic.
Additional resources to assist smaller, non-complex community banking organizations in managing relevant third-party risks is forthcoming, the agencies added.
The agencies said the guidance is designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology (fintech) companies. The agencies said the guidance covers risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination.
“The final guidance includes illustrative examples to help banking organizations, particularly community banks, align their risk management practices with the nature and risk profile of their third-party relationships,” the agencies said.
However, Fed Gov. Michelle Bowman said in a statement that she “cannot support” the interagency guidance. “The Federal Reserve’s past third-party risk management guidance was supplemented by several implementation aids and tools,” she said. “These tools reflected significant efforts to provide clear, usable, and more appropriately tailored expectations for small banks when considering third-party risk management. The interagency guidance fails to take similar measures to mitigate regulatory burden on smaller institutions.”
By contrast, Gov. Christopher Waller issued a statement in support of the guidance. “The commitment by the agencies to engage with community banks (to) immediately and expeditiously develop additional resources to assist banks in managing third-party risks will promote efficient and rigorous risk management practices,” he said.
Bowman and Waller were the only Fed governors (out of seven) to issue separate statements.
Over at the FDIC, Board Member Jonathan McKernan noted that the latest guidance removes an exclusion of customer relationships from that proposed two years ago. “According to the agencies, this change “is intended to reduce ambiguity,” McKernan said in a statement. “In my view, the exclusion’s removal itself creates ambiguity. The final guidance is now unclear as to whether or when it applies to arrangements involving depositors, borrowers, or other customers of traditional banking services.
“The FDIC has endeavored to provide some clarity on this important scope question in its accompanying Financial Institutions Letter (FIL). I am pleased the FDIC has taken this step, and would look forward to hearing views as to whether this clarification adequately addresses the issue,” he said.
He also said he supported developing a separate resource guide for community banks as soon as practical.
Agencies issue final guidance on third-party risk management
FDIC FIL: Interagency Guidance on Third-Party Relationships: Risk Management