A significant change is occurring regarding regulatory oversight of banks and their third party relationships. Both banks and their vendors must pay attention.
First there was the Bulletin about third party vendors issued by the Consumer Financial Protection Bureau (CFPB) in April 2012. Then it was the FFIEC’s guidance on IT service providers in October 2012. Next came the FDIC’s September 2013 Financial Institution Letter about payment processing relationships with high risk merchants. Then there was the news on October 30th 2013 about the OCC’s Guidance on Third Party Relationships, followed shortly by the Federal Reserve Board’s Guidance on Managing Outsourcing Risks in December 2013.
Let’s face it. There has always been guidance and concerns about banks and their relationships with third party service providers. But in recent years it has become quite obvious that the bar has been raised on how banks relate to their third party processors, program managers and other service providers. These changes have occurred over time, by a matter of degrees. But it is increasingly plain that we are seeing a significant sea change in how regulators approach the relationships between banks and their third party vendors. Examiners are digging deeper – - especially into the content of bank contracts – and the scope of review is extending to more and more vendors.
In recent months, public commentary from some of the regulators have revealed even more clearly how this recent guidance will impact banks and their vendors. Click here to view the in depth article describing the regulatory developments and provides some practical guidance as to what this will mean – - not only for banks, but for their processors and other service providers.