Last week we notified you about
In re Fundtech et. al., a joint FDIC/OCC enforcement
action against financial services technology service providers. In
the Fundtech action, the regulators found that the service
providers operated without: (1) an internal auditor or an
integrated risk-focused audit program; (2) a comprehensive due
diligence program; (3) an enterprise-wide risk assessment program
to determine related risks and vulnerabilities of assets; (4) an
effective business continuity or disaster recovery plan; (e)
effective patch management procedures to identify and address
software vulnerabilities; or (f) an effective log review program to
detect, identify and act on potential threats in a timely
We believe In re Fundtech signals federal banking
regulators' increased focus on risk management and heralds the
coming of further enforcement actions against community and midsize
banks that do not quickly take steps to comply with the OCC's
Oct. 30, 2013, Guidance on Third-Party Relationships
("the Third-Party Guidance"). The Third-Party Guidance
directs national banks and federal savings associations on how to
assess and manage risks associated with third-party
The Third-Party Guidance requires comprehensive supervision
through each phase of a bank's relationship with third parties,
including, but not limited to, loan servicers, underwriters,
consultants, subsidiaries, payment processors, and computer network
and security contractors. The guidance is not strictly
prescriptive. Rather, in keeping with other regulatory guidance in
this area issued by the FFIEC and the SEC, the guidance instructs
banks to adopt risk-based processes proportionate with the level of
risk inherent in the third-party relationship. This means detailed
oversight of "critical activities" and less oversight of
The Third-Party Guidance is detailed and provides in-depth
direction for monitoring third-party relationships. Effective
third-party risk management programs will include the following
Due Diligence and Third-Party Selection
Oversight and Accountability
Documentation and Reporting
We expect small to midsize banks will face increased pressure to
meet these goals quickly and economically. McGuireWoods LLP's
community banking, data privacy and security, procurement and
sourcing and regulatory lawyers have experience helping financial
services clients create, implement and sustain risk-based
third-party relationship monitoring programs efficiently, and we
are prepared to help guide our clients through this era of
increased regulatory burden.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
FinCEN notified U.S. financial institutions that the Financial Action Task Force updated the list of jurisdictions with strategic anti-money laundering ("AML")/countering the financing of terrorism deficiencies.
The last thirty years have witnessed a dramatic rise in bank adoption of the bank holding company ("BHC") structure. Inherent in this trend is an apparent accepted orthodoxy about the need of such structures from both a business and regulatory perspective.
Recent years have been marked by low interest rates and a highly liquid loan market, creating a very favorable environment for leveraged loans used to fund mergers and acquisitions, sometimes in conjunction with large one-time dividend payouts.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).