In a time when financial institutions are increasingly reliant on third-party technologies and solutions, banking regulators are intensifying their focus on effective third-party risk management. The FDIC’s announcement of three new consent orders in February and March on this subject highlights this priority, underscoring the imperative for banks to continuously improve their risk management frameworks in response to the multifaceted risks inherent in third-party relationships.
At True Digital, we believe harnessing the collective knowledge, experience, and resources of peer institutions should be a key element of a robust third-party risk management strategy.
Deciphering FDIC Priorities
While the precise details of the allegations leading to the consent orders remain confidential, banks can extract valuable insights from the stipulated requirements, including:
The Bigger Picture
The recent consent orders seem to primarily relate to BaaS partnerships, yet their significance extends further when considered alongside the Interagency Guidance released in June of 2023, which provides a comprehensive framework for third-party risk management. This guidance and the accompanying commentary repeatedly references the benefits of collaboration, particularly among community banks, for example to gain efficiencies, leverage specialized expertise, or address limited negotiating power. The guidance suggests that such cooperative arrangements could be advantageous throughout all phases of the risk management life cycle, including due diligence and oversight activities.
Pathway to Collaboration
We advocate for financial institutions to think about third-party risk management outside of the confines of traditional isolated practices and consider the broader landscape of peer insights. This holistic perspective can enable banks to improve their ability to identify, assess, and mitigate risks through collaboration.
Our Platform offers a variety of tools designed to complement any financial institution’s third-party risk management program:
We are also exploring a new feature that would allow members to anonymously “flag” a vendor or product based on a list of specific criteria, such as an SLA failure, compliance concern, or data breach, thereby alerting other members to potential issues or oversight concerns. As always, we value your feedback and suggestions on this initiative and ask you to join us in shaping a solution that meets the collective needs of the industry.
Embracing a New Era in Third-Party Risk Management
The landscape of third-party risk management presents greater challenges and complexities than ever before. The recent FDIC consent orders are not just isolated mandates but signals of a broader regulatory expectation for more dynamic and sophisticated risk management frameworks. As regulators raise their expectations, banks are called to reconsider their approach to managing these risks.
Collaboration stands as a powerful differentiator, particularly for smaller financial institutions striving to achieve the types of efficiencies and resources typically only enjoyed by the largest financial institutions. A willingness to collaborate, coupled with the right tools to do so, can enable all institutions to fortify their defenses against third-party risk.
The True Digital Platform is built for bankers (and only for bankers) to foster collaboration and streamline complexities around vendors and technology solutions. We invite you to consider how True Digital’s tools can be integrated into your risk management strategy.