Welcome to today’s Third Party Thursday! My name is Branan Cooper and I’m the Chief Risk Officer here at Venminder.
Today we’re going to talk a little bit about how new technology poses real challenges to your third party risk management program and what you can do to help yourself through the due diligence process.
The fintech revolution is in full swing – the emergence of some really innovative and exciting new technologies over the past few years has been fun to watch… but they can be difficult to manage.
Regulations and guidance often move at a glacial pace – look at how long it has taken to create and revise and re-revise and say “whoa, this is still not the final prepaid rule or the length of time for implementation of fincen’s guidance on enhanced customer due diligence.” Meanwhile, new products and services are moving at warp speed.
I admit, we struggled at my prior institution to figure out what due diligence questions to reasonably ask or what standards should firmly be expected. With start-ups, sometimes you simply do not have all of the information needed.
So, you have to really spend time analyzing what to ask and what sort of things you might see to be deal breakers. Some questions might be:
- Does the management team have the necessary expertise?
- Do they have sound cybersecurity experience and a well-managed program?
- Do they have financial backing to sustain themselves?
- Have they conducted the right legal analysis to ensure their product or service follows all the applicable consumer protection statutes?
These are all very real questions we had to ask. My best advice is to document as much as you can around your approach, the analysis and the research done – clearly articulate the basis for your conclusions and absolutely keep your board and senior management informed.
Some regulators, such as the OCC, have taken a strong stance on the emerging technologies, including specifically spelling out and acknowledging some of the challenges. The OCC included this in their frequently asked questions commentary - bulletin 2017-21- they delivered in June of 2017. They also had a controversial stand on the proposed fintech charter – I can tell that is something we should all be watching very closely as it has huge implications not only as to how these fintechs are set up but rules and regulations they will have to follow as well. Right now, it’s a state of limbo for all involved and it’s drawing pointed commentary from the state regulators and even from the FDIC.
As I said, it’s a really interesting time to be in this business. Hopefully some of the due diligence tips I mentioned will help you in your due diligence efforts for your fintech vendors.
Again, I’m Branan and thank you for tuning in! Don’t forget to subscribe to the Third Party Thursday series.