.png)
In this episode of the Risk Intel Podcast, host Ed Vincent, sat down with Shawn Ryan, Chief Financial Officer at SRA Watchtower, to delve into the intricacies of third-party risk management and how to safely onboarding FinTech partners. Their discussion centered on the recent May 2024 joint interagency guidance on third-party risk management and its implications for community banks. This episode is a must-listen for financial institutions navigating the complex landscape of risk and innovation.
The episode kicked off with Ed Vincent highlighting the significance of the May 2024 guidance from the Federal Reserve, FDIC, and the OCC. Ed emphasized, "Anytime the FFIC is coming together and producing content, that's a good thing," which was echoed by Phil Goldfeder, CEO of the American Fintech Council in a previous episode. Its important to our industry when regulators' show a commitment to helping financial institutions implement effective controls and offer guidelines or programs on how to best work with third-party providers.
Shawn Ryan provided a detailed breakdown of the guidance, focusing on five critical aspects of third-party risk management: planning, due diligence, contract negotiation, ongoing monitoring, and termination.
One of the main discussion points made by Shawn and the 2024 guidance’s central theme was the necessity of thorough planning before engaging with any third-party providers. Shawn explained that this stage involves not only the executive team and the board but also a comprehensive assessment of what the institution hopes to achieve. He advised financial institutions to determine whether they aim to maintain competitive parity or pursue innovation. Shawn used the example of established FinTechs like Zelle, which offer widespread solutions, but may lack the innovative edge that smaller, emerging FinTechs can provide.
"During that planning stage, you have to recognize that there's going to be certain compromises you have to make," - Shawn Ryan stated, highlighting the need for a well-defined risk appetite.
Due diligence is a critical step to ensure that third-party providers align with the institution's goals and possesses the necessary capabilities. Shawn emphasized the importance of thoroughly vetting potential partners, examining their financial stability, regulatory compliance, and operational capacity. This step is essential to mitigate risks associated with third-party engagements.
"You need to look at their ability to deliver the services you require and their history of performance," he advised.
Contract negotiation is where the institution formalizes its relationship with the third-party provider. Shawn pointed out that this stage should include clear definitions of performance standards, responsibilities, and expectations. He even recommended including specific clauses related to data security, compliance with regulations, and mechanisms for resolving disputes.
Once the contract is in place, ongoing monitoring becomes crucial to ensure that the third party continues to meet the institution's standards. Shawn suggested implementing regular performance reviews, audits, and risk assessments.
"Continuous monitoring helps identify issues early and allows for timely corrective actions," he said.
This proactive approach ensures that the relationship remains beneficial and compliant with regulatory requirements.
Lastly, Shawn emphasized the importance of planning for termination right from the start. Quoting Stephen Covey's principle of "beginning with the end in mind," he explained that institutions need to have a clear exit strategy. This strategy should account for various scenarios, such as performance failures, risk management issues, or strategic shifts.
"You need to have a mechanism to get out of the contract if they're failing to perform," said Shawn, "termination for convenience clause can be crucial for flexibility."
The episode concluded with a teaser for the next installment, where Ryan will share his experiences as a risk practitioner within a RegTech firm. This future discussion promises to provide valuable insights into the practical applications of third-party risk management strategies. Shawn Ryan also recently spoke on this same topic at the Independent Bankers Association of Texas, Connecting Leader Conference. You can download the full presentation below.
This episode of the Risk Intel Podcast offers a comprehensive look at the evolving landscape of third-party risk management. With expert from the SRA Watchtower team, it provides financial institutions with the knowledge and strategies needed to navigate regulatory guidance and foster successful third-party relationships. Don't miss the next episode, where the conversation will continue with a focus on due diligence, contracting, and ongoing monitoring.
%20(600%20%C3%97%20350%20px)%20(1).png)
.png)
%20(350%20%C3%97%20400%20px)%20(1000%20%C3%97%20800%20px)%20(2).png)