BaaS-enabled banks have been working in a regulatory minefield lately. Since late 2023, the U.S. FDIC and CFPB have issued a number of consent orders to banks, citing their BaaS relationships because the trigger. From the angle of an onlooker, it appeared that regulators had been issuing the consent orders to make examples out of sure gamers within the trade, foregoing formal BaaS regulation.
This has been notably troubling for neighborhood banks, which regularly depend on BaaS to adapt to trendy client preferences by layering the latest fintech instruments on high of their legacy core programs, with out the necessity to construct know-how in-house or replace previous know-how.
In response to this new stress positioned on the nation’s smallest monetary establishments, three U.S. regulators– the Board of Governors of the Federal Reserve System, the FDIC, and the OCC– have revealed a brand new third occasion threat administration information for neighborhood banks. The information is meant to complement the Interagency Steering on Third-Social gathering Relationships: Threat Administration doc the businesses revealed in June of final yr.
The businesses’ newly revealed doc could disappoint, nonetheless. That’s as a result of the brand new doc doesn’t present formal Baas regulation by laying out guidelines by which neighborhood banks can abide to be able to keep away from consent orders. As an alternative, the brand new doc lays out “potential issues, potential sources of data, and examples” for threat administration, due diligence, contract negotiation, ongoing monitoring, termination, and governance with third events.
“This information is meant to help neighborhood banks when creating and implementing their third-party risk-management practices,” the brand new doc states. “This information just isn’t an alternative choice to the TPRM Steering. Reasonably, it’s supposed to be a useful resource for neighborhood banks to contemplate when managing the danger of third-party relationships. This information just isn’t a guidelines and doesn’t prescribe particular risk-management practices or set up any protected harbors for compliance with legal guidelines or laws.”
Baas-enabled banks looking for to navigate third-party relationships could discover the brand new useful resource irritating, nonetheless. Whereas a number of the recommendation within the doc is useful, the businesses have constructed numerous wiggle room for themselves into the doc. In the end, nonetheless, the steerage is healthier than nothing.
No matter what it lacks, each neighborhood banks and even bigger monetary establishments will seemingly discover it helpful to match the information’s “potential issues” to their present inside processes. And ultimately, the steerage could assist deter one other tidal wave of consent orders.
Photograph by Joshua Hoehne on Unsplash
