Garnet Capital Advisors Blog

June 12, 2014

Regulators are turning up heat on bank use of vendors

Regulators have been intensifying their scrutiny of banks, and more specifically the relationships these institutions have with their vendors.

Government agencies provide crucial guidance
The Consumer Financial Protection Bureau, the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corp. have all issued guidance on what banks should do to have better relationships with service providers that are considered crucial to operations, according to American Banker.

The government agencies have provided guidelines banks can follow to evaluate relationships with third parties and the risks they present.

OCC guidance
This government agency released a document called "OCC BULLETIN 2013-29," which identified a handful of risks that banks should watch out for when considering vendor relationships. These include:

  • Compliance risk
  • Operational risk
  • Reputation risk
  • Credit risk
  • Strategic risk

Many executives of vendors have expressed their concerns with the new regulations, the media outlet reported. Some are more worried than others, but even the corporate officials who have been dealing with scrutiny for years have indicated a need to increase staff amid the more stringent rules and regulations.

FDIC guidance clarifies liability
Previously, federal regulators did not spell out exactly who is liable when lenders outsource, according to However, the FDIC outlined where this responsibility lies in FIL-44-2008.

"Financial institutions often rely upon third parties to perform a wide variety of services and other activities," this document noted. "An institution's board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution."

Some observers have said that the latest guidance from government agencies is not really new, but that scrutiny has intensified, according to American Banker.

"If a company was already running a fairly mature program and following industry best practices around third party risk, then none of this is mind-boggling," Brad Keller, senior vice president of vendor risk assessment provider Shared Assessments, told the news source. However, the greater scrutiny is another thing entirely.

"That's what we hear service providers say - it's one thing to ask me about my security controls and make sure I'm protecting against risk from a technology standpoint," Keller added, the media outlet reported. "But getting into how I'm running my business feels intrusive to them. Unfortunately that's the direction the regulations are pushing."

How this could impact loan sales
Any organization that lends to either consumers or small firms should be aware of the new regulations. The increased scrutiny could impact many different aspects of the financial services industry, including loan sales. Financial institutions selling loans, and any other entities involved in these transactions, must be sure they are harnessing industry best practices to comply with the existing rules and regulations.