On May 3, 2024, the Board of Governors of the Federal Reserve System (the “Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) jointly released the “Third-Party Risk Management: A Guide for Community Banks” (the “Guide”), presenting it as a resource for community banks to bolster their third-party risk management programs, policies, and practices.

The Guide serves as a companion to the Interagency Guidance on Third-Party Relationship: Risk Management issued in June 2023 (on which we blogged, here).  It also relates to the OCC’s Fall 2023 Semiannual Risk Perspective, which emphasizes the need for banks to maintain prudent risk management practices – including practices tailored to address Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships.

The Guide acknowledges the widespread collaborations between community banks and third-party entities, and recognizes the strategic importance for such partnerships to improve competitiveness and adaptability. These collaborations provide community banks with access to a diverse array of resources, such as new technologies, risk management tools, skilled personnel, delivery channels, products, services, and market opportunities.

However, the Guide underscores that reliance on third parties entails a loss of direct operational control, thereby exposing community banks to a spectrum of risks.  Banks are still accountable for executing all activities in compliance with applicable laws and regulations.  “These laws and regulations include . . . those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).”  Accordingly, the Guide emphasizes that the engagement of third parties does not absolve a bank of its responsibility to operate in a safe and sound manner and to comply with regulatory requirements, “just as if the bank were to perform the service or activity itself.”  The Guide sets forth this concept in bold, on the first page. 

The Guide’s emphasis on governance practices highlights the critical role of oversight, accountability, and documentation in ensuring regulatory compliance and safeguarding the interests of both banks and their customers.   Although the Guide styles itself as offering a framework tailored to the specific needs and challenges faced by community banks, it also offers direction to all financial institutions in regards to effective third-party risk management. 

Continue Reading  Federal Banking Agencies Issue Guide to Third-Party Risk Management Practices for Community Banks

Farewell to 2023, and welcome 2024.  As we do every year, let’s look back.

We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions

In its Fall 2023 Semiannual Risk Perspective, published on December 7, the Office of the Comptroller of the Currency (“OCC”) reported on key issues facing the federal banking system.  In evaluating the overall soundness of the federal banking system, the OCC emphasized the need for banks to maintain prudent risk management practices. The key risk themes that the OCC underscored in the report included credit, market, operational, and compliance risks. 

Of particular note was the discussion on the Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships.  We also will discuss briefly certain other compliance and operational risks highlighted by the OCC.

Continue Reading  OCC Risk Perspective Report Focuses on Third-Party Relationships with Fintechs