FDIC Announces Two More Consent Orders Containing Third-Party Risk Management and Fintech Partnership Orders

Mark Furletti, Joseph Reilly, Caleb Rosenberg, James Stevens, Glen Trudel, Chris Willis
Troutman Pepper
Contact
LinkedIn
Facebook
X
Send
Embed

On March 29, the Federal Deposit Insurance Corporation (FDIC) announced two more consent orders containing provisions relating to banks’ third-party risk management programs with respect to banking as a service (BaaS) partnerships.

The terms of the consent orders impose requirements on the banks which include:

  • Ensuring that the bank’s procedures, data, and systems related to third-party relationships and bank activities conducted through third-party relationships include clear lines of authority and responsibility for monitoring adherence to applicable bank procedures, effective risk assessment, timely and accurate reporting, and the development of procedures to ensure compliance with applicable laws and regulations, and satisfactory monitoring of implementation and adherence to bank procedures, applicable laws and regulations;
  • Requiring that the board ensure that the bank has reviewed and assessed whether the components of its third-party relationship program are appropriate for the size of the bank, and the nature, scope, complexity, and risk of the bank’s third-party relationships and related bank activities, and satisfactorily ensure that these bank activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations; and
  • Requiring the bank to complete a consumer compliance risk assessment for each third-party relationship conducting and/or performing a bank activity.

These consent orders are the latest in a series of FDIC enforcement actions dealing with third-party risk management programs and fintech partner issues. As discussed here, in February 2024 the FDIC announced a consent order with Tennessee-based Lineage Bank containing similar provisions. We regard this as further indication that the FDIC intends to continue to exert regulatory pressure on its regulated banks who enter into BaaS partnerships without adequate controls in place. As to such banks, we expect that pressure to translate into greater compliance assessment and monitoring requirements imposed by the FDIC, and in turn, their fintech partners. In response, banks should consider whether their third-party risk management programs are sufficiently rigorous, particularly as they relate to their current BaaS programs and other fintech relationships.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Troutman Pepper | Attorney Advertising

Written by:

Troutman Pepper
Troutman Pepper
Contact
more
less

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide