Better Markets filed a comment letter with federal banking regulators in response to proposed guidance for banks in managing risks associated with third-party relationships, such as business arrangements with data providers and payment processes.
July 2021, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) published proposed interagency guidance that provides banks with a framework for managing risks associated with third-party relationships, including consumer protection, cybersecurity, and operational risks.
The interagency guidance is primarily based on OCC guidance issued in 2013, which was later supplemented in 2017 with Frequently Asked Questions, and later updated through the publication of OCC Bulletin 2020-10 in March 2020.
Why It Matters: Advances in communications and information technology have led to banks competing to provide products and services that improve the access and functionality of banking services. These activities are often outsourced to third parties, which inherently raises the level of risk for banks and their customers. For example, many large banks today rely on cloud service providers to process and manage customers’ financial data. In 2019, a hacker breached Capital One’s data stored on AWS cloud— compromising the personal data of Capital One customers.
Establishing a uniform risk management framework for third-party relationships would assist regulators by ensuring banks are following sound risk management practices that protect against operational risks, data breaches, and reputational damage.
What We Said: The core principles of the guidance are sensible and if followed would work to lower risk in third-party relationships. However, the guidance should be made more specific to better delineate the types and levels of risks that must be managed. Additionally, considering the evolving and complex nature of third-party relationships, the management of the associated risks would be best served by a minimum set of standards implemented through regulation.
Bottom Line: Better Markets encourages federal banking regulators to provide additional clarity and specificity in the guidance and to follow the guidance with new regulations or modifications to existing regulations that set minimum standards.