New Clarity on OCC Expectations for Bank-Fintech Relationships

Recently, we wrote about rumors swirling of regulatory crackdowns on bank-fintech partnerships and how to stay ahead of regulatory scrutiny. Those rumors have now become concrete.

Blue Ridge Bank, a US partner bank, disclosed an agreement with the US Office of the Comptroller of the Currency (OCC) limiting its ability to onboard new fintech partners while it bolsters its oversight of third-party fintech relationships and improves its BSA/AML risk management.

The OCC agreement is a helpful blueprint for compliance leaders to understand regulatory expectations of bank-fintech partnerships.

What are regulators expecting of partner banks?

The key risk management components that partner banks should have in place are:

1. A Third-Party Risk Management Program to assess, oversee, and manage risks posed by third-party fintechs, with a major emphasis on BSA/AML risk. Critical elements include AML/CTF and sanctions risk assessments for each fintech partner, an effective ongoing compliance monitoring program across the fintech portfolio, criteria for selecting and terminating fintech partners, and management and Board reporting about third-party fintechs.
2. A BSA Risk Assessment Program and BSA Audit Program with expanded coverage of all of the risks arising from the products, services, customers, entities, and geographies that are provided through or implicated by banks’ third-party fintech relationships.
3. Enhanced CDD, EDD, beneficial ownership information, and suspicious activity monitoring and reporting policies and procedures encompassing any risks arising from fintech partners’ own customers and their transactions. This means partner banks need the ability to implement and monitor controls that apply not only at the fintech partner account level, but also at the sub-account level.

What’s at stake for partner banks?

Many partner banks rely heavily on the third-party fintech line of business. Falling short of these regulatory expectations poses massive business risk.

Potential consequences include:

• Freezes on new fintech partners or new activities with existing fintech partners.
• Reputational damage impacting the ability to attract future fintech partners.
• Remediation costs and burdens diverting resources from business growth.
• A civil monetary penalty or other enforcement action for failing to remediate adequately.

What steps can you take today?

Cable is the only automated BSA/AML assurance platform enabling partner banks to have complete oversight of ALL of their fintech partners, and 100% of their customers, in real time. We’ve also built a dynamic risk assessment tool enabling partner banks to easily assess and manage risks arising from each of their fintech partners.

If you want to avoid these kinds of actions and stay on top of regulatory expectations, we’ve built the tools you need.

Get in touch with us here if you want to understand how Cable can help you.

Some further practical steps that compliance leaders can take today include:

• Assess your AML compliance program against the OCC agreement
• Determine where you should increase your capacity to assess, monitor, and manage risks from your fintech partners
• Communicate these new regulatory expectations to relevant compliance, risk, and legal functions and with key stakeholders
• Review the OCC’s bulletin on due diligence measures for fintech relationships

We can’t wait to help more partner banks successfully manage their growing BSA/AML compliance burdens. Reach out today to find out how Cable works.