Highlights from the FDIC's Guide for Fintechs and Third Parties

The Federal Deposit Insurance Corporation (FDIC) which serves as the primary regulator for more than 3,400 banks in the U.S., has firm expectations on third-party risk, which are codified in their financial institution letters (FILs) 44-2008 and 3-2012.

Now, they’ve gone a step further and told third parties what to expect to participate in today’s financial services’ world. Conducting Business with Banks: A Guide for Fintechs and Third Parties is a guide developed by the FDIC’s technology lab, FDiTech, to encourage innovation in the banking sector.

Per the FDIC, “Businesses from outside the banking industry can bring innovation and new insights into the highly regulated business of banking. Understanding the environment in which banks operate will help innovators navigate the regulatory requirements unique to banking.”

Highlights from the FDIC Guide

Here are some highlights on what the guide covers:

1. A list of due diligence that bank management may request from a third party, including a breakdown by the following areas:
• Background, Initiatives and Ownership Information
• Policies, Procedures and Infrastructure
• Financial Information and Marketing Materials
• FDIC Supervised Bank Terms
  
  
2. An overview of how banks decide which third parties to use – according to the FDIC there are four basic elements to most third-party risk management programs that a third-party vendor who’d like to conduct business with a bank should be aware of:
• Assessing the risk associated with the activity being conducted
• Conducting due diligence in selecting a third party
• Structuring contracts and reviewing those contracts at appropriate levels at the bank
• Overseeing and managing the third-party relationship on an ongoing basis
  
  
3. What to do if you want to provide a service to, or partner with, a bank which includes the following:
• Understanding a bank’s framework of laws and regulations that they must comply to
• Proof of a well-managed and strong business
• Preparing well for bank questions
• Appropriate monitoring systems
  
  
4. Additional resources recommended to review to assist with the process which includes, but is not limited to, guidance like the following:
• FIL-26-2004: Unfair or Deceptive Acts and Practices Under Section 5 of the Federal Trade Commission Act
• FIL-44-2008: Guidance for Managing Third-Party Risk
• FIL-3-2012: Payment Processor Relationships Guidance

The new guide is significant as it’s not aimed at FDIC member institutions, but instead directed at expectations of the third parties themselves. Put simply, you need to be prepared to deliver due diligence requests and documents as well as submit to oversight and ongoing monitoring.

For more information, check out the guide here.

Check out more third-party risk management best practices for FinTech's. Download the infographic.