LBA
HANCOCK HOLDING COMPANY – Hancock Bank/Whitney Bank 2013 LBA Bank Counsel ConferenceOverview of Managing Third-Party Relationships and Related Risk IntroductionManaging Third-Party Relationships is currently a hot regulatory topic. Most regulators/agencies have issued guidance on the topic and this area is under heightened examination scrutiny. Financial institutions can shift the performance of the activity but not the ultimate responsibility and liability for managing/overseeing/monitoring the activity. Financial Institutions are responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution.Bottom line: To meet the expectations of regulators, financial institutions must make certain they understand the complex nature of their third-party vendor arrangements and ensure they conduct adequate due diligence for the engagement of the relationships and sufficient ongoing monitoring. If not, financial institutions will face enforcement actions and the possibility of significant civil money penalties. Examples of enforcement actions:JP Morgan Chase, N.A. and Chase Bank USA, N.A.Capital One Bank, N.A.Discover BankAmerican Express, FSBTypical Use of Third-Party Vendors or Service Providers by Financial InstitutionsTo perform activities/services/functions on the financial institution’s behalf (“outsourcing”).To provide products or services that the financial institution does not originate. One reason third-party relationships is such a hot regulatory topic/area is because financial institutions have increased the number and complexity of relationships with both domestic and foreign third parties. Examples of how financial institutions have used third-party vendors:Outsourcing entire bank functions (e.g., tax, legal, audit, or IT)Outsourcing lines of business or productsRelying on third parties to perform multiple activities to such an extent that third party becomes integral component of bank’s operationsWorking with third parties that engage directly with customersWorking with third parties that subcontract activities to other foreign or domestic providersWorking with third parties whose employees, facilities, and subcontractors may be geographically concentratedWorking with third parties to address deficiencies in bank operations or compliance with laws or regulationsAppropriate Use of Third Party Providers Can Be BeneficialEffective use of third party providers can permit financial institutions to enhance product offerings, diversify assets and revenues, access needed expertise and industry best practices, devote scarce resources to core businesses, facilitate operations restructuring, and reduce costs.Regulators recognize that use of third party providers can be beneficial and support and accept the appropriate and effective use of third party providers.Regulators may also have authority to examine third party vendors. Risks Associated With Third-Party RelationshipsSome risk arise from underlying activity itself but other potential risk arise from or is heightened by the use and involvement of a third party provider. Some of the key potential risks associated with third-party relationships:Operational RiskCompliance RiskReputation RiskStrategic RiskCredit RiskOther risks (e.g., concentration risk, country risk) Risk Management Program/Process/Practices for Third-Party RelationshipsGeneralMust be commensurate with level of risk and complexity of financial institution’s third-party relationships. Regulators expect more comprehensive and rigorous oversight and management of third-party relationships that involve critical activities or significant bank functions (e.g., payments, clearing, settlements, custody, activities having significant customer impacts).Effective risk management program or process follows a continuous life cycle for all relationships and incorporates the following phases:Strategic Planning and Risk AssessmentDue Diligence and Selection of Third-Party Vendors Contract Negotiation and StructuringOversight and On-Going Monitoring of Third-Party VendorsDocumentation and ReportingResources/Guidance on Managing Risks Associated With Third-Party Providers See attached list Also see Appendix B in OCC Bulletin 2013-29 issued October 30, 2013 Regulatory Resources and Guidance on Risk Management Principles Applicable to Use of Third Party VendorsA.The Office of the Comptroller of the Currency (OCC) (now including former OTS);1.OCC Bulletin 2013-29- Third-Party Relationships (October 30, 2013) supersedes OCC Bulletin 2001-47-Third Party Relationships (November 1, 2001) 2.OCC Bulletin 2006-39 - Automated Clearing House Activities (September 1, 2006)3.OCC Bulletin 2008-12 - Payment Processors: Risk Management Guidance (April 24, 2008)4.OCC Bulletin 2011-27- Prepaid Access Programs (June 28, 2011)5.OCC Bulletin 2011-29- Foreclosure Management (June 30, 2011)6. Supervision of Technology Service Providers Booklet (October 31, 2012) OCC Bulletin 2012-34B.The Federal Deposit Insurance Corporation (FDIC)1.Financial Institution Letter FIL-44-20082.Financial Institution Letter FIL-3-20123. Financial Institution Letter FIL-127-2008 4.Financial Institution Letter FIL-43-2013 C.The Board of Governors of the Federal Reserve System (Fed) SR 13-19/CA 13-21 (“Guidance on Managing Outsourcing Risk”) (Dec. 5, 2013)D.Consumer Financial Protection Bureau (CFPB)CFPB Bulletin 2012-03 (April13, 2012)E.Federal Financial Institutions Examination Council (FFIEC) - The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of institutions by the Fed, the FDIC, the NCUA, the OCC, and the CFPB, and to make recommendations to promote uniformity in the supervision of financial institutions.1.FFIEC Information Technology Examination Handbook, "Audit"2.FFIEC Information Technology Examination Handbook, "Business Continuity Planning"3.FFIEC Information Technology Examination Handbook, "Development and Acquisition"4.FFIEC Information Technology Examination Handbook, "Electronic Banking"5.FFIEC Information Technology Examination Handbook, "Information Security"6.FFIEC Information Technology Examination Handbook, "Management"7.FFIECInformationTechnologyExaminationHandbook,"Outsourcing Technology Services"8.FFIEC Information Technology Examination Handbook, "Retail Payment Systems Booklet"F. Proposed Interagency (Federal Reserve, CFPB, FDIC, NCUA, OCC, SEC) Joint Standards for Assessing Diversity Policies and Practices (Oct. 23, 2013) ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.