On 27 Aug 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB), and the Federal Deposit Insurance Corporation (FDIC) published “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks.” This guide is intended to be a resource for community banks when performing due diligence on prospective relationships with financial technology (FINTECH) companies. While the guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships.
Provides information relating to six common areas of due diligence discussed in existing supervisory guidance: Business Experience and Qualifications; Financial Condition; Legal and Regulatory Compliance; Risk Management and Controls; Information Security; Operational Resilience
Focuses on general considerations, potential sources of information, and illustrative examples that may be relevant as a community bank conducts due diligence on a FINTECH company
Reiterates that the scope and depth of due diligence performed by a community bank depends on the risks posed by each third-party relationship and the nature and criticality of the prospective product, service, or activity (collectively, activity)
Relevant federal banking agencies’ supervisory guidance for institutions:
OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance” (October 30, 2013)
FDIC Financial Institution Letter-44-2008, “Third-Party Risk Guidance for Managing Third-Party Risk,” (June 6, 2008)
FRB SR letter 13-19 “Guidance on Managing Outsourcing Risk” (December 5, 2013)