Risk management remains one of the most challenging aspects for any banking organization. In the US particularly, banks find it extremely difficult to cope up with the emerging threats and challenges arising from newer kinds of risks and disruptions. In a bid to fortify present-day risk management policies across the United States, three federal banking regulation agencies, the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) have invited the banking community to analyze and comment on their proposed guidance on Risk Management across the industry.
Top Fintech News: FOBI Integrates With World’s Leading Public Ledger Hedera Hashgraph
What the Proposed Risk Management Guidance entails?
The new proposed Risk Management guidance would replace and supersede all the existing principles associated with risk management practices in the US. The proposed risk management guidance would enable banking organizations to scale their risk management activities, especially involving relationships with third parties. Small or big, every banking organization could adopt management practices to commensurate “with the level of risk and complexity of their third-party relationships and the risk and complexity of the banking organization’s operations.”
The FRS (board), FDIC, and OCC have proposed risk management guidance as a framework to build sound risk management principles and policies for the US banking system. This guidance would work as a lever for banking organizations while adjusting to emerging risks across all stages of banking operations. It would particularly address the nature of risks, complexities involved, and other complex nuances of interacting with third-party entities.
Top Banking News: alva Reveals US Banking Leaders in New ESG Intelligence Index
The proposed guidance would offer a framework based on sound risk management principles for banking organizations to consider in developing risk management practices for all stages in the life cycle of third-party relationships that takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. The proposed guidance sets forth considerations with respect to the management of risks arising from third-party relationships. The proposed guidance would replace each agency’s existing guidance on this topic and would be directed to all banking organizations supervised by the agencies.
Why the US Needed a New Risk Management Guidance in 2021?
The banking systems need to upgrade their processes around emerging developments associated with digital payments, net banking, crypto and blockchain-based payments, and automation of back-office processes. Within the earlier policy framework, it would have been difficult to address emerging challenges and even harder to provide a reasonable solution that works best for all stakeholders in the banking systems. Most banks rely on third-party entities to extend services to customers across a range of products and activities, including home loans, insurance, and so on. It becomes extremely difficult to track how core banking processes adjust to third-party service demands considering the volume of banking operations keeps fluctuating every day and week.
In other words, banking organizations have to rely more than ever on third-party entities to deliver banking services and products. This is where the gap in services and experience management tangles with federal policies, regulations, and compliance. Risks increase when new products and services are introduced, and delivered through new technology channels, such as mobile app or digital wallets.
The FRS, FDIC, and OCC has come together to streamline this bank-third party relationship, expediting synergy through competition, technology innovations, and adoption of improved risk management policies.
Quick Overview of Proposed Guidance on Third-Party Relationships
Banks can use the latest risk management guidance as a standard framework to mitigate all risks associated with third parties. These risks would be taken care of through a contract or otherwise.
For example, the proposed guidance 5 OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance” and OCC Bulletin 2020-10 clearly highlights how outsourcing banking services and compliance to third parties doesn’t reduce the bank’s responsibility to provide a safe and secured transaction channel to customers and partners, even if all compliances are checked. Risk management guidance goes beyond merely tying banking organizations to third-party relationships, but identifies risks as part of life cycle management.
This means:
- Banks have to ensure due diligent verification of third parties before selecting them for any services;
- Banks have to develop a plan that highlights its strategy, responsibilities and duties toward identifying and mitigating risks arising out of activities involving third parties;
- Banks have to focus on written negotiations and agreements as per law of the land;
- Board of Directors to address the bank’s risk management processes and find innovative ways to use technology;
- Banks have to monitor the activities of third party entities;
- Banks have to build a contingency plan that can be executed at the time of terminating the relationship with third parties without any conflicts.
How should bank management address third-party risk management when using a third-party model or a third party to assist with model risk management?
The answer to this question is provided in the principles in OCC Bulletin 2013-29.
As per the OCC Bulletin, third-party models have to align with the bank’s third-party risk management processes. External sources can be engaged to conduct due diligence checks on the third-party relationship.
These activities include:
- Model validation and review
- Compliance functions, or
- Other activities in support of internal audit
As per the guidance issues, “Bank management should understand and evaluate the results of validation and risk control activities that are conducted by third parties.”
It remains to be seen how banks could leverage Regtech platforms to meet the new proposed guidelines of Risk Management in the US.
