(270) 506-5140 CONTACT US
Best Practices

We’re a Credit Union - Why Worry About the OCC and FDIC?

May 8, 2018 by Branan Cooper

I was at the NAFCU Conference and talked to quite a few risk managers during the time there. Nearly every one of them said they have had a major change of heart as to how closely they should be following the work and the guidance of the banking regulators.With the recent spate of enforcement actions and updated guidance from the OCC, it’s clear that all the regulators are taking a deeper dive on business practices, particularly as they all compare notes through the FFIEC.

Admittedly, it’s always been a best practice to look at what others are doing for the best way to grow and adapt your program, yet at the same time, the NCUA has not yet – key word being yet – made third party risk management the same laser focused topic as the banking regulators have. Well, that may be changing in short order.

Changes in Industry Guidance Seem to Be the Reason for the New Focus

The other regulators, particularly the OCC, FDIC and CFPB, have all pronounced and issued updated guidance or sweeping enforcement actions honed squarely on third party risk management. These include:

In addition, they’ve all admitted they need to step up their game in the face of the criticism by the Office of the Inspector General and know that the cybersecurity focus is challenged by the emergence of the new fintech companies. In the background, the OCC is battling the FDIC and the state agencies over their ideas for a fintech charter. Remember, these fintechs are your third parties in some cases. 

If that’s not enough, the CFPB has reiterated its plans and begun taking action in direct oversight of third parties. That should send a shiver down your spine as you’d hardly want the CFPB to find something or reach a conclusion you had not already come to yourself about one of your critical third parties.

Examiners Do Cross Paths

Finally, if all that is not convincing enough, remember the examiners do compare notes and assist one another. Look at the FFIEC, the credit union regulatory authorities actively participate in that roundtable, so you can bet they are listening to what the other regulators have determined are sources of concerned.

Forewarned is forearmed. Time to make sure your third party practices are at the cutting edge. 

OCC 2013-29 is what we call the, 'Golden Standard' for vendor risk management - download our guide now to ensure you're going above and beyond.

occ vendor lifecycle

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog