Last month, the Federal Deposit Insurance Corporation (FDIC) supplemented
their existing “Guidance for Managing Third-Party Risk” policy
with proposed examination guidance regarding third-party lending. The
Proposed Guidance issued on July 29, 2016, is intended to be applied to
a broad range of lending offshoots that “perform(s) a significant
aspect of the lending process,” with marketing, underwriting, or
servicing falling within the guidelines.
The new guidance may apply to a variety of loan programs in specific credit
markets, such as private and co-branded credit cards, auto lending, as
well as traditional mortgage lending. While the FDIC is requesting that
interested parties submit comments by September 12, 2016, it is expected
that the regulations are designed to focus on all businesses that are
currently engaged in or planning to engage in lending activities involving
a significant third-party partner.
Categories targeted by this new proposal include 1) origination of loans
for third parties; 2) origination of loans conducted jointly with or by
third-party lenders; and 3) origination of loans using third-party platforms.
The FDIC’s Proposed Guidance considers third-party lending as any
part of the loan process that relies on a third-party vendor to provide
any of the following primary functions of the lending process:
- Soliciting borrowers
- Loan pricing
- Loan origination
- Retail investment sales
- Customer service and disclosure
- Regulatory compliance measures
- Loan servicing
- Debt collection
- Data collection
- Aggregation or reporting
The new guidance relies on those categorizations engrained in the Existing
Guidance (strategic, reputation, operational, transaction, credit, compliance,
and “other”), expanding upon the current rules to prioritize
changes to areas of the greatest concern.
Strategic Risk – The FDIC will focus on the potential incentive irregularities
that many third-party relationships pose.
Operational Risk – Key concerns are lack of supervision between insured banks and
remote third-party service providers or vendors.
Transaction Risk – The agency will address risks stemming from inadequate resources
to manage bank requirements, insufficient training on regulations, and
irresponsible reliance on third-party supervisory processes to conform
to agency requirements.
Pipeline and Liquidity Risk – The FDIC has always been concerned about bank liquidity risks
caused by secondary market issues. To reduce this risk, institutions are
advised to have a backup purchaser and extend their contractual agreements
to another party in case the third-party is unable to carry through with
the purchase. The FDIC also recommends documenting cash collateral.
Model Risk – Some banks are overly dependent on credit models that rely heavily
on third-party vendors or software. The agency is concerned that banks
are not familiarized enough with the credit models to understand when
they are not working, or make necessary changes to reduce risk to the
Credit Risk – Third-party originators did severe damage to the banking industry
through fraudulent and unqualified loan applications. The FDIC’s
new concerns focus on the bank’s reliance on the integrity of third-party
originators to place the institution’s interests above their own,
with regards to volume and commission.
Compliance – Institutional banks have an understanding of the importance of
strong compliance. The Proposed Guidance will continue to emphasize the
need for improvements in the areas of fair lending, debt collection, privacy,
and AML issues.
The Proposed Guidance follows previous regulations with regards to risk
management. The concerns continue that the insured banks should have robust
risk management systems in place for all third-party relationships. The
agency is adamant that any bank program includes long-term planning, comprehensive
due diligence, and continued strict oversight of all third-party partnerships
to help with assessment and implementation of those requirements, which
reduces institutional risk. Areas of concern include:
- The bank should create limits for each third-party program that include
restrictions for the amount of resources dedicated to each.
- Continued oversight of the relationship, including means testing, audits,
and site visits.
- Comprehensive reviews of credit models.
- Full assessment of the third-party relationship chain, including the relationships
a bank’s vendors have with their service providers and partners.
With the new Proposed Guidance, the agency continues its trend of requiring
additional compliance and regulatory oversight by bank boards, and furthers
its focus on third-party relationships and policies, which it feels can
cause issues for insured banks if not properly managed. The FDIC will
back up its proposal with recommended examinations every 12 months for
those institutions with significant third-party partnerships. As always,
the frequency of bank examinations depends on the amount of assets under
management, volume of lending, and identified risk stemming from third-party
relationships. Overall, this would likely also result in increased routine
examinations and compliance costs for smaller banks.
The Proposed Guidance being set in motion by the FDIC should be considered
a warning for institutional lenders to get their house in order, through
supplementing existing policies with more robust oversight of their third-party
relationships. Lending partners are an important part of the business,
and with this extensive agency oversight, the FDIC has hopes that the
improved guidance will help protect the insured, and in turn, preserve
the viability and sustainability of third-party relationships.
Contact Geraci Law Firm at (949) 298-8050 today, or contact
for more information.