The Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) jointly issued a new guide created with the intention to help community banks conduct due diligence on financial technologies companies (a/d/a fintechs). Use of the guide is voluntary and it does not anticipate all types of third-party relationships and risks. Therefore, a community bank can tailor how it uses relevant information in the guide, based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activities offered by the fintech company. While the guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships.
Due diligence is an important component of an effective third-party risk management process, as highlighted in the federal banking agencies’ respective third-party, vendor guidance. During due diligence, a community bank collects and analyzes information to determine whether third-party relationships would support its strategic and financial goals and whether the relationship can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements.
The scope and depth of due diligence performed by a community bank will depend on the risk to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence efforts with other resources as appropriate, such as use of industry utilities or consortiums that focus on third-party oversight. The guide focuses on six key due diligence topics, including relevant considerations, potential sources of information and illustrative examples. There may be other topics, considerations, and sources of information to consider, depending on the unique relationship and the role of the fintech company.