The Office of the Comptroller of the Currency has issued a new bulletin (2017-21) containing fourteen frequently asked questions to supplement OCC Bulletin 2013-29 entitled “Third-Party Relationships: Risk Management Guidance.” The 2013 bulletin provided updated guidance for managing operational, compliance, reputation, strategic, and credit risk presented by third-party business relationships of national banks and federal savings associations.
In the new bulletin, the OCC observes that many banks have recently developed relationships with financial technology (fintech) companies in which the fintech companies perform or deliver services on behalf of a bank or banks and therefore meet the 2013 bulletin’s definition of a third-party relationship. The OCC states that, as a result, it would expect bank management to include such fintech companies in the bank’s third-party risk management process. The FAQs include the following specifically addressed to fintech companies:
- Is a fintech company arrangement considered a critical activity?
- Can a bank engage with a start-up fintech company with limited financial information?
- How can a bank offer products or services to underbanked or underserved segments of the population through a third-party relationship with a fintech company?
The FAQs also specifically address bank arrangements with marketplace lenders, in particular the question “What should a bank consider when entering into a marketplace lending arrangement with nonbank entities?” The OCC’s guidance includes the following:
- For compliance risk management, banks should not originate or support marketplace lenders that do not have adequate compliance management processes and should monitor the marketplace lenders to ensure that they appropriately implement applicable consumer protection laws, regulations, and guidance.
- When banks enter into marketplace lending or servicing arrangements, because the banks’ customers may associate the marketplace lenders’ products with those of the banks, reputation risk can arise if the products underperform or harm customers.
- Operational risk can increase quickly if the banks and the marketplace lenders do not include appropriate limits and controls in their operational processes, such as contractually agreed-to loan volume limits and proper underwriting.
- To address the risks created by marketplace lending arrangements, a bank’s due diligence of marketplace lenders should include consulting with the bank’s appropriate business units, such as credit, compliance, finance, audit, operations, accounting, legal, and information technology.
- Contracts or other governing documents should set forth the terms of service-level agreements and contractual obligations, and significant contractual changes should prompt reevaluation of bank policies, processes, and risk management practices.
The CFPB recently announced that it has begun to examine service providers on a regular, systematic basis, particularly those supporting the mortgage industry. Previously, the CFPB has only examined some service providers on an ad hoc basis. The change represents a significant expansion of the CFPB’s use of its supervisory authority and will substantially increase the number and types of entities facing CFPB examinations. On June 13, 2017, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar, “The CFPB’s Expansion of its Supervisory Program to Service Providers – What You Need to Know.” More information and a link to register is available here.