FDIC Consent Orders Emphasize the Need for Collaborative Risk Management

True Digital
Share this post

In a time when financial institutions are increasingly reliant on third-party technologies and solutions, banking regulators are intensifying their focus on effective third-party risk management. The FDIC’s announcement of three new consent orders in February and March on this subject highlights this priority, underscoring the imperative for banks to continuously improve their risk management frameworks in response to the multifaceted risks inherent in third-party relationships.

At True Digital, we believe harnessing the collective knowledge, experience, and resources of peer institutions should be a key element of a robust third-party risk management strategy.

Deciphering FDIC Priorities

While the precise details of the allegations leading to the consent orders remain confidential, banks can extract valuable insights from the stipulated requirements, including:

  • Tailoring third-party risk management programs to match the degree of risk and intricacy of the bank’s third-party engagements.
  • Developing and maintaining a complete inventory of third-party relationships.
  • Clearly delineating authority and responsibility to ensure adherence to established bank protocols.
  • Maintaining rigorous due diligence and risk evaluation procedures, alongside well-defined criteria.
  • Implementing procedures to ensure compliance with applicable laws and regulations.
  • Conducting effective compliance oversight and ongoing monitoring.

The Bigger Picture

The recent consent orders seem to primarily relate to BaaS partnerships, yet their significance extends further when considered alongside the Interagency Guidance released in June of 2023, which provides a comprehensive framework for third-party risk management. This guidance and the accompanying commentary repeatedly references the benefits of collaboration, particularly among community banks, for example to gain efficiencies, leverage specialized expertise, or address limited negotiating power.  The guidance suggests that such cooperative arrangements could be advantageous throughout all phases of the risk management life cycle, including due diligence and oversight activities.

Pathway to Collaboration

We advocate for financial institutions to think about third-party risk management outside of the confines of traditional isolated practices and consider the broader landscape of peer insights. This holistic perspective can enable banks to improve their ability to identify, assess, and mitigate risks through collaboration.

Our Platform offers a variety of tools designed to complement any financial institution’s third-party risk management program:

  • My Vendor List: Maintain an organized inventory of current vendors, products, and product categories. Optionally assign an internal “owner” for each product.
  • Explore Vendors and Products: Search for and explore vendors and products across hundreds of categories and goals to identify alternative or backup providers to supplement diligence efforts and enhance strategic agility.
  • Making Connections: Get the most out of your membership by making connections with other banks based on common vendors or products, allowing you to partner on due diligence and oversight, troubleshoot around operational risks and issues, or find unbiased references prior to onboarding a new vendor.  

We are also exploring a new feature that would allow members to anonymously “flag” a vendor or product based on a list of specific criteria, such as an SLA failure, compliance concern, or data breach, thereby alerting other members to potential issues or oversight concerns. As always, we value your feedback and suggestions on this initiative and ask you to join us in shaping a solution that meets the collective needs of the industry.

Embracing a New Era in Third-Party Risk Management

The landscape of third-party risk management presents greater challenges and complexities than ever before. The recent FDIC consent orders are not just isolated mandates but signals of a broader regulatory expectation for more dynamic and sophisticated risk management frameworks. As regulators raise their expectations, banks are called to reconsider their approach to managing these risks.

Collaboration stands as a powerful differentiator, particularly for smaller financial institutions striving to achieve the types of efficiencies and resources typically only enjoyed by the largest financial institutions. A willingness to collaborate, coupled with the right tools to do so, can enable all institutions to fortify their defenses against third-party risk.

The True Digital Platform is built for bankers (and only for bankers) to foster collaboration and streamline complexities around vendors and technology solutions. We invite you to consider how True Digital’s tools can be integrated into your risk management strategy.