The OCC has decided to update and in several respects substantively revise 2013 standards on third-party vendors with frequently-asked questions (FAQs) that lay out new official views in an arena of growing importance due to “rent-a-bank” arrangements, cloud computing, the growing use of data aggregators, and other fintech developments. The new FAQs also rescind a 2017 FAQ statement dealing with some of these questions, although all of it is retained largely unchanged. As in its prior statements, the OCC here emphasizes that using a vendor or third party to perform a function does not absolve a national bank of its responsibility to ensure effective risk controls, with more due diligence, monitoring, and control needed as the importance of a third-party relationship increases.
The full report is available to retainer clients. To find out how you can sign up for the service, click here.