Last month, the Federal Deposit Insurance Corporation (FDIC) supplemented their existing “Guidance for Managing Third-Party Risk” policy with proposed examination guidance regarding third-party lending. The Proposed Guidance issued on July 29, 2016, is intended to be applied to a broad range of lending offshoots that “perform(s) a significant aspect of the lending process,” with marketing, underwriting, or servicing falling within the guidelines.
The new guidance may apply to a variety of loan programs in specific credit markets, such as private and co-branded credit cards, auto lending, as well as traditional mortgage lending. While the FDIC is requesting that interested parties submit comments by September 12, 2016, it is expected that the regulations are designed to focus on all businesses that are currently engaged in or planning to engage in lending activities involving a significant third-party partner.
Categories targeted by this new proposal include 1) origination of loans for third parties; 2) origination of loans conducted jointly with or by third-party lenders; and 3) origination of loans using third-party platforms. The FDIC’s Proposed Guidance considers third-party lending as any part of the loan process that relies on a third-party vendor to provide any of the following primary functions of the lending process:
- Marketing
- Soliciting borrowers
- Loan pricing
- Loan origination
- Retail investment sales
- Customer service and disclosure
- Regulatory compliance measures
- Loan servicing
- Debt collection
- Data collection
- Aggregation or reporting
The new guidance relies on those categorizations engrained in the Existing Guidance (strategic, reputation, operational, transaction, credit, compliance, and “other”), expanding upon the current rules to prioritize changes to areas of the greatest concern.
- Strategic Risk – The FDIC will focus on the potential incentive irregularities that many third-party relationships pose.
- Operational Risk – Key concerns are lack of supervision between insured banks and remote third-party service providers or vendors.
- Transaction Risk – The agency will address risks stemming from inadequate resources to manage bank requirements, insufficient training on regulations, and irresponsible reliance on third-party supervisory processes to conform to agency requirements.
- Pipeline and Liquidity Risk – The FDIC has always been concerned about bank liquidity risks caused by secondary market issues. To reduce this risk, institutions are advised to have a backup purchaser and extend their contractual agreements to another party in case the third-party is unable to carry through with the purchase. The FDIC also recommends documenting cash collateral.
- Model Risk – Some banks are overly dependent on credit models that rely heavily on third-party vendors or software. The agency is concerned that banks are not familiarized enough with the credit models to understand when they are not working, or make necessary changes to reduce risk to the marketplace.
- Credit Risk – Third-party originators did severe damage to the banking industry through fraudulent and unqualified loan applications. The FDIC’s new concerns focus on the bank’s reliance on the integrity of third-party originators to place the institution’s interests above their own, with regards to volume and commission.
- Compliance – Institutional banks have an understanding of the importance of strong compliance. The Proposed Guidance will continue to emphasize the need for improvements in the areas of fair lending, debt collection, privacy, and AML issues.
The Proposed Guidance follows previous regulations with regards to risk management. The concerns continue that the insured banks should have robust risk management systems in place for all third-party relationships. The agency is adamant that any bank program includes long-term planning, comprehensive due diligence, and continued strict oversight of all third-party partnerships to help with assessment and implementation of those requirements, which reduces institutional risk. Areas of concern include:
- The bank should create limits for each third-party program that include restrictions for the amount of resources dedicated to each.
- Continued oversight of the relationship, including means testing, audits, and site visits.
- Comprehensive reviews of credit models.
- Full assessment of the third-party relationship chain, including the relationships a bank’s vendors have with their service providers and partners.
With the new Proposed Guidance, the agency continues its trend of requiring additional compliance and regulatory oversight by bank boards, and furthers its focus on third-party relationships and policies, which it feels can cause issues for insured banks if not properly managed. The FDIC will back up its proposal with recommended examinations every 12 months for those institutions with significant third-party partnerships. As always, the frequency of bank examinations depends on the amount of assets under management, volume of lending, and identified risk stemming from third-party relationships. Overall, this would likely also result in increased routine examinations and compliance costs for smaller banks.
The Proposed Guidance being set in motion by the FDIC should be considered a warning for institutional lenders to get their house in order, through supplementing existing policies with more robust oversight of their third-party relationships. Lending partners are an important part of the business, and with this extensive agency oversight, the FDIC has hopes that the improved guidance will help protect the insured, and in turn, preserve the viability and sustainability of third-party relationships.
