The FDIC recently released for comments a proposed guidance with respect to third-party lending (the “Proposed Guidance”). While subject to potential revisions following the FDIC’s review of comments, the Proposed Guidance provides valuable insight into current regulatory trends relating to marketplace lending.
The Proposed Guidance defines “Third-Party Lending” as lending arrangements that rely on a third party to perform a significant aspect of the lending process, including: marketing; borrower solicitation; credit underwriting; loan pricing; loan origination; customer service; consumer disclosures; regulatory compliance; loan servicing; debt collection; and data collection (“Third-Party Lending”).
Third-Party Lending includes:
- Originating loans for third parties: a financial institution serving as the originator for an entity.
- Originating loans through, or with, third-parties: a financial institution authorizing third parties to offer loans on the financial institution’s behalf.
- Financial institutions originating loans through third party platforms: A third party providing nearly end-to-end lending platform for the financial institution’s use.
Third-party lending would therefore include partnerships between banks and non-bank lenders, such as online lenders and marketplace lenders.
Third-Party Lending arrangements may enable financial institutions to enhance lending services for their customers, including by offering credit products at lower costs. However, third-party lending arrangements present increased risks.
The FDIC views financial institutions (including their boards and management) as ultimately responsible for lending activities involving third-parties. The Proposed Guidance sets forth safety and soundness and consumer compliance measures. These measures are intended to address risks related to Third-Party Lending, and increase financial institutions’ ability to be compliant with all applicable legal requirements.
While not directly applicable to Canadian financial institutions in their Canadian operations, this Proposed Guidance is instructive as it sets out a list of best practices for financial institutions entering into third-party lending arrangements. In addition, the Proposed Guidance could apply to a Canadian entity proposing to enter into a Third-Party Lending relation with a US financial institution in the US market.
Financial Risks Arising from Third-Party Lending Relationship
Financial institutions dedicate significant resources to the development of lending operations, supervision, standardization and quality assurance. When engaging in Third-Party Lending, a financial institution becomes dependant on the third-party’s own operational processes and standards, and loses some of its ability to control the lending process. Such dependency and reduced control exposes the financial institution to various risks.
The FDIC lists certain key risks to consider prior to engaging a third-party for the purpose of lending:
- Strategic Risk: inconsistencies between the business strategy of the financial institution and the business strategy of the third-party.
- Operational Risk: integration with, and exposure to, a third-party’s lending process, creates operational complexity and reduces the financial institution’s operational control.
- Transaction Risk: the processing of the transactions is done by the third-party in accordance with the third-party’s standards and protocols, which may be less comprehensive than the financial institution’s.
- Pipeline and Liquidity Risk: if loans, originated through third-parties, are expected to be sold, and if the third-party is unable to consummate the loan as agreed, pipeline risk, and the resulting liquidity and financial risk, arise.
- Model Risk: financial institutions may become exposed to risks relating to flaws in financial models developed and used by third-parties.
- Credit Risk: third-parties may apply inadequate credit risk management processes (e.g., underwriting, credit check and assessment), which in turn may adversely impact financial institutions.
- Compliance Risk: in most cases, third-parties will devote fewer resources (compared to financial institutions) to compliance assurance, thus exposing the financial institution to risk of noncompliance (including with respect to consumer protection, bank secrecy and anti-money laundering requirements).
Mitigating Risks – The Third-Party Lending Risk Management Program
To reduce and manage risks associated with Third-Party Lending, the FDIC recommends that financial institutions develop and adopt a risk management program, defining the financial institution’s policies regarding all stages of a relationship with a third-party:
- Pre-engagement due diligence: due diligence and assessment of potential risks to take place prior to entering into contract with a third-party.
- Contract structuring: predefining contractual mechanisms that should be included in any agreement with a third-party in order to protect the financial institution. Such contractual mechanisms should, for example, refer to:
- Control and supervision over third-parties.
- Undertaking by third-parties to implement policies required by the financial institution.
- Financial institution’s access to third-parties’ data for the purpose of adequate audit and supervision.
- Adequate representations and indemnification undertakings by third-parties.
- Review and oversight (during the engagement): procedures addressing all aspects of integrated lending operations with a third-party, including:
- Predefined limits on the scope of the Third-Party Lending activity (including definition of types of loans and requirements for subprime products).
- Minimum performance standards which must be met for a third party to be engaged by the financial institution.
- Monitoring and reporting protocols (including with respect to third-parties’ vendors).
- Establish standards and quality assurance processes for credit underwriting.
- Provide a detailed process for consumer complaints, addressing reporting and timing for response.
- Appointment of compliance officer and definition of the related resources, authorities and reporting obligations.
- Standards and protocols for credit underwriting and administration.
- Capital adequacy, loss recognition and liquidity.
- Bank Secrecy Act/Anti-Money Laundering.
- Standards for information technology and customers’ data protection.
- Occasional transaction testing by the financial institution.
Takeaways for Business
The Proposed Guidance provides insight into best practices from a regulatory perspective in respect of Third-Party Lending. As partnerships between banks and non-banks continue to increase in Canada, Canadian banks and lenders involved in Third-Party Lending may find the Proposed Guidance helpful.