FFIEC Appendix J and E
FFIEC Appendix J and Appendix E.
Join us for Third Party Thursday to learn about Appendix J and Appendix E of the FFIEC guidance. We will go over what each of them are, what they mean and how your teams can stay informed on new guidance and regulations.
Welcome to this week's Third Party Thursday. My name is Dana Bowers and I'm the CEO and Founder here at Venminder. Today we're going to be talking about FFIEC appendix J and appendix E.
Everyone in third party risk needs to pay close attention to the recent amendments to appendix J and appendix E in the FFIEC guidance, which spans across all the regulatory bodies.
Appendix J can be found in the FFIEC IT examination handbook and addresses the importance of strengthening the resilience of outsourced technology services. So in other words, if your operations go down, when your third party goes down, both you and your vendor need a strong plan to prevent and remediate that unlikely but highly impactful event. I would strongly encourage you to read, understand and address that guidance as part of your vendor management program. Well after all, it's effectively the examination playbook.
Now Appendix E talks about mobile banking and it's the first and best real attempt to set guidance specifically to mobile banking products. It's tough because the nature of the development of the technology is that it's certainly more nimble than the regulations can ever be. Appendix E calls out third parties in 18 different places. So, again, you know it's an area of real focus and concern.
The ability of financial institutions to keep up with new regulations, not to mention the ability to interpret them, in the context of some of these really innovative new products is quite the challenge and one that I think the industry is struggling with - just to keep up with all the developments in the fintech world. It will be interesting to see how heavily the fintech companies themselves are impacted by the regulatory environment. I know there have been numerous articles and conjectures on the topic but I think it's still a bit of a wait and see mode.
Incidentally, I would like to suggest a best practice in trying to grapple with all the changes and regulations and guidance - one that doesn't include trying to slog your way through hundreds of pages of very in-depth and often highly detailed reading. I like to follow the comprehensive and much more concise legal guidance that gets published soon after new or proposed regulations are released.
In particular, I really like some of the work done by Ballard Spahr, JD Supra, Bryan Cave and WilmerHale, just to name a few. They do a nice job of dissecting regulations, distilling points you need to be aware of and also discussing the possible impacts.
So I'm Dana, thanks for watching. And forget to subscribe for next week's Third Party Thursday video.
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.