Third-Party Relationships Still in the Spotlight

On July 25, 2024, the Federal Reserve, the FDIC, and the OCC issued a “Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services.” The Statement reiterates regulator focus on third party relationships, particularly fintech partnerships. It seems to be responding to the increasing number of fintech companies providing brokered deposit services, including the headline-making failures of some fintech companies operating in this space. These failures have resulted in substantial consumer harms, according to the regulators, making these types of relationships a likely future focus of regulatory action and scrutiny moving forward.

It is not news that regulators see excessive reliance on brokered deposits as a safety and soundness concern. The Joint Statement does reiterate that concern, but also emphasizes other risks, including UDAP, AML/CFT, and misrepresentation of FDIC insurance. Here are a few major takeaways from the Joint Statement:

  • Banks accepting brokered deposits remain responsible for compliance with all requirements that apply to deposit accounts, including AML/CFT, Reg DD, and Reg E. A bank may have a third party perform these functions, but when it does so, the bank must ensure that its oversight program ensures that the third party meets the requirements that apply to the bank. Particularly with new business models and technology-based services, third party oversight should be a comprehensive and rigorous program that monitors the third party’s stability as well as the bank’s ability to continue to meet its regulatory requirements in the event of sudden and unforeseen third-party failure.
  • Third party fintech relationships require multi-pronged oversight. The Joint Statement references the agencies’ more general guidance on managing third party relationships, which can be instructive for any third-party relationships. What the Joint Statement makes clear is that appropriate oversight of fintech partners should be multi-faceted and comprehensive. Fintech partnerships should include detailed and enforceable contract provisions, rigorous due diligence, ongoing auditing, and contingency planning to address potential operational disruption (including business failure by the third party).
  • While brokered deposit arrangements can facilitate rapid growth in deposits, they may increase risks to the bank as well. Banks must accurately report brokered deposits and establish plans for managing the associated risks, including unexpected deposit withdrawals and liquidity risk. Banks should also ensure that they are operationally prepared to manage a higher volume of deposit accounts as well as the risk that comes with having a significant percentage of the bank’s deposits dependent on a single vendor.
  • Banks should review fintech partners’ advertising to ensure that it does not misrepresent any aspect of FDIC insurance. The guidance expresses substantial concern that depositors may be led to mistakenly believe that these third parties are insured financial institutions or that depositors may be confused about how their access to their deposit depends on a third party that may not be as stable and trustworthy as an FDIC-insured bank.

While the prospect of increasing deposits is appealing particularly where a third party is at hand to perform a lot of the related work that would normally have to be done by the bank, banks should be wary of related risks. When embarking on these partnerships, it is essential that banks invest in the development of a comprehensive third-party risk management strategy that is appropriately tailored to the risk, the specific third party, and the terms of the relationship.