The federal banking regulators (The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation) issued on July 25 a lengthy joint statement outlining the potential risks that financial institutions face in arrangements with third parties to deliver bank deposit products and services. The joint statement also provides examples of risk management practices to manage such potential risks.
The joint statement does not establish new expectations for financial institutions. Rather, “[t]his statement reemphasizes existing guidance; it does not alter existing legal or regulatory requirements or establish new supervisory expectations.” According to the joint statement, “[t]he agencies support responsible innovation and support banks in pursuing third-party arrangements in a manner consistent with safe and sound practices and in compliance with applicable laws and regulations, including, but not limited to, those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).” As they have in the past, the agencies warned that “a bank’s use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations.”
In addition to the joint statement, the agencies on July 31, 2024 published in the Federal Register a request for information in order to better understand the relationships banks have with fintechs. Specifically, they “seek public comment to build on their understanding of these arrangements, including with respect to roles, risks, costs, and revenue allocation. The agencies also seek additional information and stakeholder perspectives relevant to the implications of such arrangements, including for banks’ risk management, safety and soundness, and compliance with applicable laws and regulations.” The agencies further seek information about how fintechs support increased access to financial services and products.
Bank-fintech relationships may enable banks to leverage newer technology to offer innovative products to meet evolving customer expectations, the agencies said. At the same time, those relationships may introduce potential risks, the agencies said, adding that the failure of banks to manage them may present consumer protection, safety and soundness and compliance concerns. Consistent with the joint statement, the request for information and comment emphasized that banks ultimately remain responsible for numerous compliance requirements, including an effective anti-money laundering/countering the financing of terrorism compliance program.
The banking agencies previously issued guidance for risk management with third-party relationships in June 2023. In May 2024, the regulators issued a guide to third-party risk management at community banks.
Comments are due within 60 days.
If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.