Last week we notified you about
In re Fundtech et. al., a joint FDIC/OCC enforcement
action against financial services technology service providers. In
the Fundtech action, the regulators found that the service
providers operated without: (1) an internal auditor or an
integrated risk-focused audit program; (2) a comprehensive due
diligence program; (3) an enterprise-wide risk assessment program
to determine related risks and vulnerabilities of assets; (4) an
effective business continuity or disaster recovery plan; (e)
effective patch management procedures to identify and address
software vulnerabilities; or (f) an effective log review program to
detect, identify and act on potential threats in a timely
We believe In re Fundtech signals federal banking
regulators' increased focus on risk management and heralds the
coming of further enforcement actions against community and midsize
banks that do not quickly take steps to comply with the OCC's
Oct. 30, 2013, Guidance on Third-Party Relationships
("the Third-Party Guidance"). The Third-Party Guidance
directs national banks and federal savings associations on how to
assess and manage risks associated with third-party
The Third-Party Guidance requires comprehensive supervision
through each phase of a bank's relationship with third parties,
including, but not limited to, loan servicers, underwriters,
consultants, subsidiaries, payment processors, and computer network
and security contractors. The guidance is not strictly
prescriptive. Rather, in keeping with other regulatory guidance in
this area issued by the FFIEC and the SEC, the guidance instructs
banks to adopt risk-based processes proportionate with the level of
risk inherent in the third-party relationship. This means detailed
oversight of "critical activities" and less oversight of
The Third-Party Guidance is detailed and provides in-depth
direction for monitoring third-party relationships. Effective
third-party risk management programs will include the following
Due Diligence and Third-Party Selection
Oversight and Accountability
Documentation and Reporting
We expect small to midsize banks will face increased pressure to
meet these goals quickly and economically. McGuireWoods LLP's
community banking, data privacy and security, procurement and
sourcing and regulatory lawyers have experience helping financial
services clients create, implement and sustain risk-based
third-party relationship monitoring programs efficiently, and we
are prepared to help guide our clients through this era of
increased regulatory burden.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
One of the regulatory pillars of the EMIR is the requirement for parties to collateralize the marked-to-market exposure in over-the-counter derivatives transactions that are not cleared by a central clearing system.
Overseas Shipping Group ("Overseas") recently sued its former attorneys, a prominent New York-based law firm, for legal malpractice in drafting credit agreements that resulted in the company incurring an estimated $463 million in tax liability.
The Consumer Financial Protection Bureau ("CFPB" or "Bureau") recently announced an effort to better understand how "alternative data" could be used to expand access to credit. Through a formal notice and request for information just published, the CFPB is trying to learn more about the potential to use of what it calls "non-traditional" or "alternative" data points to develop credit scores.
The New York Department of Financial Services ("DFS") adopted final revisions to its new cybersecurity regulations, which apply to a wide range of insurance, banking and financial services companies...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).