James Stevens, co-leader of Troutman Pepper’s Financial Services Industry Group, was quoted in the March 28, 2024 FinXTech article, “What Regulators Want From Banks Partnering With Third Parties, Fintechs.”

Managing third-party partners starts at the due diligence stage. Prudential regulators like the Federal Deposit Insurance Corp., the Federal Reserve and the Office of the Comptroller of the Currency are concerned that fintechs interested in working with banks may present more or different risks than existing relationships. In turn, they expect a bank’s risk assessment to reflect these heightened risks during due diligence, says James Stevens, an Atlanta-based partner with Troutman Pepper.

Banks need to modify due diligence processes to be “substantially more comprehensive” if the third party will be used by customers or could market to them, Stevens says. The relationships can include cryptocurrency services, payments facilitation or banking as a service arrangements, where a financial institution partners with another company that uses the bank’s charter to attract customers.

Due diligence transforms into active oversight once a bank begins a third-party partnership. Regulators want to see evidence that banks are monitoring their partners and managing the programs, Stevens says. Bank boards and executives need to think about how to provide the necessary resources like staffing and funding, infrastructure, technology controls and organizational capabilities to manage and oversee these relationships.

For example, if a bank engages with a third party that offers the bank’s deposit product to consumers through an external website or mobile application, the bank should have ongoing monitoring of the third party’s consumer disclosures and customer onboarding process, Stevens says. The bank should also know about the third party’s history of, and approach to, customer complaints and establish a process for complaints the third party must report to the bank, so the bank can act appropriately.