We all know the money market has changed. While some people still prefer drive-through banking and face-to-face interactions with their money managers, I for one prefer to handle all my finances within the palm of my hand. Of course, that comes with a lot of trust.
The irony is that I probably understand, more than most, the risk involved with that level of trust. Being a part of the third-party risk management industry means having your finger on the pulse of organizations’ interconnectivity.
We encounter major organizations with fundamental risk management flaws, up-and-coming start-ups with all their ducks in a row and everything in between. With that comes the general hypothesis that you cannot assume the maturity of any particular control environment without scratching the surface. We also know that there is a perpetual dissension between trying to meet regulatory expectations while also taking the necessary risks initiates needed to stay competitive in a rapidly changing marketplace.
The FDIC and Third-Party Risk: Then and Now
The FDIC has been setting standards for third-party risk that have essentially paved the way for other regulators and industries to follow-suit. You might say that this is why financial institutions have been some of the first to make necessary investments in third-party risk management resources.
Naturally, this is often a disadvantage to the smaller financial institutions, as the added administrative resources create a financial strain that makes it even harder to invest in technological advancements.
So, what is the FDIC doing now to help create effective, ongoing change?
- The FDIC seems to be paving the way once again by being a regulator that could actually assist with vetting technology vendors! They’ve opened discussions about a potential Voluntary Certification Program for fintechs and proposed the creation of standards for model risk management with the goal to support the adaptation of third-party models and technologies.
- The FDIC is giving a voice to financial institutions, including community banks, lenders and, in my opinion, all organizations that struggle to engage with third parties. The FDIC is effectively cutting through regulatory burdens and the red tape that comes with assuring consumer protection, safety and soundness standards. The inevitable due diligence and assessments required for onboarding a third-party technological advancement can be such an expenditure of time and resources that the any tactical advantage is lost: a plight that the FDIC has also acknowledged.
- It’s not every day you hear a regulator ask how they can help you comply with their requirements, and that’s exactly what the FDIC is doing. I hope there’s a great response to the FDIC’s Request for Information (RFI) on this topic, because if this idea gains traction, it could mean that organizations wouldn’t have to essentially conduct a full-scale review of all applicable third parties, but rather validate standards and/or certifications that have already blessed by the FDIC.
Will Fintechs Invite the FDIC Over for a Voluntary Exam?
Without knowing the results of the FDIC’s RFI, I think so. Not only is it imperative for financial institutions to adapt to technological advancements to keep a competitive edge, but it is equally imperative for fintechs and other technology innovators to embrace regulatory and security guidelines.
What Could This Mean for The Future of Third-Party Risk Management?
Not only could this initiative alleviate some third-party risk management tasks, but I also feel that freeing up resources could add value to existing programs by supporting more advanced and holistic risk management. My hope is that this adaptive regulatory posture will spread to other industries, making it easier truly mitigate the risks associated with vendor engagements.
The ongoing interconnectivity of organizations affects all of us. It is an invisible organism that is fully integrated into our modern lives, now more than ever. As a consumer, we may not fully see and understand the impacts of regulatory expectations, security requirements, technology investments, vendor contracts, due diligence, etc., but they’re all essential elements of supporting this organism that we trust and rely on every day.
The FDIC is taking strides to increase its health and wellness by way of safety and soundness. I encourage anyone interested to take a look at the RFI and see if we can’t help provide some valuable information to help them help us manage our third-party risks.
Better monitor your third-party risk compliance risk with this infographic. Download your copy.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
