On August 27, 2021, the Board of Governors of the Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency issued new guidance to community banks for conducting due diligence on financial technology companies (the Guide). The Guide comes while the regulators' new interagency guidance on managing risks in third party relationships (the Proposed Guidance) is still in its comment period. The Guide is consistent with the regulators' existing vendor management guidance as well as the Proposed Guidance. (To read more about the Proposed Guidance, see this recent Baker Donelson alert.) While the Guide is directed to community banks, the concepts and resources discussed are relevant to banks of all sizes.
The Guide sets out six nonexclusive areas of due diligence that community banks should consider when engaging with a financial technology company (FinTech), which are summarized below. It also provides direction on potential sources of information under each of the six steps and includes illustrative examples.
- Business Experience and Qualifications. Consider the FinTech's operational history, client references and complaints and legal or regulatory actions, business plans and strategies, as well as the experience and expertise of the company's executive leadership, directors and management.
- Financial Condition. Review the FinTech's financial reports, funding sources and market information.
- Legal and Regulatory Compliance. Ensure the FinTech's operations are compliant, responsibilities are clear and legal/regulatory obligations are addressed appropriately.
- Risk Management and Controls. Review the FinTech's policies and procedures governing the applicable activity, control/audit procedures, remedial requirements, staffing and training.
- Information Security. Evaluate the Fintech's information security measures to assess the integrity of their processes for handling sensitive information.
- Operational Resilience. Evaluate the FinTech's ability to continue operations through a disruption.
Given the regulators' recent and recurring emphasis on vendor management, the board of directors and senior management of all banking organizations should consider whether their vendor management policies and procedures comply with the Proposed Guidance and include the areas addressed in the Guide when engaging FinTechs.
