OCC Supplements Exam Procedures Covering “Third-Party Relationships: Risk Management Guidance”

On January 24, the OCC released Bulletin 2017-7 advising national banks, federal savings associations and technology service providers of examination procedures issued to supplement Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013. As previously summarized in BuckleySandler’s Special Alert, Bulletin 2013-29 requires banks and federal savings associations (collectively “banks”) to provide comprehensive oversight of third parties, and warns that failure to have in place an effective risk management process commensurate with the risk and complexity of a bank’s third-party relationships “may be an unsafe and unsound banking practice.” Bulletin 2013-29 outlined a “life cycle” approach and provided detailed descriptions of steps that a bank should consider taking at five important stages of third-party relationships: (i) planning; (ii) due diligence and third party selection; (iii) contract negotiation; (iv) ongoing monitoring; and (v) termination. Following the OCC’s issuance of Bulletin 2013-29, the Federal Reserve Board, on December 5, 2013, issued Supervision and Regulation Letter 13-19, which details and attaches the Fed’s Guidance on Managing Outsourcing Risk (SR 13-19). The FRB Guidance is substantially similar to Bulletin 2013-29.

Bulletin 2017-7 outlines procedures designed to help prudential bank examiners: (i) tailor supervisory examinations of each bank commensurate with the level of risk and complexity of the bank’s third-party relationships; (ii) assess the quantity of the bank’s risk associated with its third-party relationships; (iii) assess the quality of the bank’s risk management of third-party relationships involving critical activities; and (iv) determine whether there is an effective risk management process throughout the life cycle of the third-party relationship. Consistent with the life cycle approach established in Bulletin 2013-29, the examination procedures identify steps examiners should take in requesting information relevant to assessing the banks’ third-party relationship risk management relative to each phase of the life cycle.

For additional background, please see our Spotlight Series: Vendor Management in 2015 and Beyond.

LinkedInFacebookTwitterGoogle+Share

Special Alert: OCC Takes the Next Step Toward a Fintech National Bank Charter

On December 2, 2016, the Office of the Comptroller of the Currency (“OCC”) announced its plans to move forward with developing a special purpose national bank charter for financial technology (“fintech”) companies. Accompanying the Comptroller of the Currency, Thomas J. Curry’s announcement, the OCC published a white paper that describes the OCC’s authority to grant national bank charters to fintech companies and outlines minimum supervisory standards for successful fintech bank applicants.[1] These standards would include capital and liquidity standards, risk management requirements, enhanced disclosure requirements, and resolution plans. Over the past several months, the OCC has taken a series of carefully calculated steps to position itself as the preeminent regulator of fintech companies in a hotly-contested race among other federal and state regulators who have similarly expressed interest in formalizing a regulatory framework for fintech companies. This proposal from the OCC reflects the culmination of those efforts.

Click here to read the full special alert

* * *

BuckleySandler welcomes questions regarding this new approach to fintech and banking, and would be happy to assist companies in determining whether a national bank charter would be beneficial for executing on their corporate strategies. Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

LinkedInFacebookTwitterGoogle+Share

FDIC Vice-Chairman Speaks On Strengthening Global Capital

FDIC Vice-Chairman Thomas M. Hoenig spoke at the 22nd Annual Risk USA Conference in New York on November 9. He delivered prepared remarks on “Strengthening Global Capital: An Opportunity Not To Be Lost.” Hoenig discussed his views on key factors at the core of the debate over what defines adequate capital. Specifically, he discussed the controversy over alternative measurements for judging adequate capital currently being considered by the Basel Committee, which he believes will weaken current standards and ultimately justify lower levels of capital. According to Hoenig, “[m]omentum is developing within the Basel Committee to undermine measures that could increase bank capital levels, and some jurisdictions are threatening to walk away if the measures are thought too strict.” Hoenig recommended that the United States “should avoid joining this race to the bottom.”

LinkedInFacebookTwitterGoogle+Share

OCC Updates Community Bank Supervision Comptroller’s Handbook

On November 3, the OCC announced an update to the “asset quality core assessment procedures” in its Community Bank Supervision Comptroller’s Handbook (Handbook). Among other things, the revised Handbook:  (i) updates concentration risk management procedures and stress testing guidance for community banks; (ii) incorporates procedures for credit underwriting assessments; (iii) enhances appraisal, evaluation, allowance, and credit review examination procedures; and (iv) updates the asset quality references and standard request letter.

LinkedInFacebookTwitterGoogle+Share

CFPB Clarifies ‘Flexibility’ in Third-Party Risk Management

On November 1, the CFPB issued an update to its previous guidance on risk management for third-party service providers. The update is substantially similar to the Bureau’s previous guidance on third-party risk management, but clarifies that the depth and formality of an entity’s risk management program for service providers may vary depending upon (i) the service being performed, and (ii) the service provider’s compliance with federal consumer financial laws and regulations. With this update, the CFPB emphasized that supervised entities have flexibility to allow appropriate risk management of these relationships.

LinkedInFacebookTwitterGoogle+Share