FDIC Seeks to Supplement Vendor Management FIL with Third Party Lending Guidelines
Business Law Articles
View more from News & Articles or Primerus Weekly
By: Caren D. Enloe
As vendor management continues to be a key issue for regulators, the FDIC has issued its Proposed Guidelines for Third-Party Lending. The deadline to comment was originally September 12, 2016, and was extended through October 27, 2016, in response to several requests for an extension of time.
In its proposal, the FDIC outlines the risks associated with third party lending, sets forth its minimum expectations for associated risk management systems, its supervisory considerations and the examination procedures related to third party lending.
Here are the highlights:
The Proposed Guidelines define third-party lending as being an arrangement that relies on a third party to perform a significant aspect of the lending process. It includes situations where the insured institution originates loans for third parties, situations where the insured institution originates loans through third party lenders or jointly with third party lenders and situations where the institution originates loans using third party platforms.
The Proposed Guidelines make clear that an institution’s board of directors and senior management are ultimately responsible for managing third party lending arrangements and cannot divest itself of liability.
The Proposed Guidelines reiterate much of what is set forth in FIL-44-2008 regarding third party risk management.
Specifically, the proposal makes clear that risk management programs should consider the following risks: strategic, operational, transaction, pipeline and liquidity, model, credit, lending compliance, consumer compliance, and BSA/AML.
**In that regard, the Proposal requires institutions engaged in third-party lending to develop risk management programs that incorporate:
–Strategic planning which establishes the risk tolerance limits and ensures necessary management, staffing, and expertise to properly manage, oversee, and audit third party lending relationships. Strategic planning should also address and incorporate exit strategies and backup plans for third-party lending arrangements that do not go as planned;
–Third-Party Lending Policies that at a minimum:
–The Proposed Guidelines also make it clear that all proposed third-party lending arrangements should fit within the institution’s strategic plan and business model.
–Additionally, third-party lending relationships require ongoing oversight and due diligence, and sets forth the FDIC’s minimum expectations that include such matters as:
–The Proposal sets forth the minimum expectation that institutions understand the models used by third-party lenders to ensure they are consistent with the institution’s underwriting and loan policies and compliance with applicable consumer protection laws, among other things.
–Like other third-party relationships, third-party lending relationships should be memorialized by a contractual agreement establishing the parties’ rights and the lender’s expectations. The Proposed Guidelines reiterate that contractual agreements should address:
–The FDIC expects that credit underwriting and administration guidelines will be established by the institution and not the third party.
–Partnering with third parties does not relieve the institution from ultimate responsibility for compliance with all applicable laws and regulations, including consumer protection and fair lending. “Third parties that have direct contact with borrowers, develop customer-facing documents, or provide new, complex, or unique loan products require enhanced compliance-related due diligence and oversight by the institution to ensure areas of potential consumer harm are identified and mitigated…and should be particularly attuned to potential elevated fair lending risks.”
–Institutions engaged in significant lending activities through third parties will receive increased supervisory attention, including concurrent and more frequent examinations.
The proposal should come as no surprise to lenders who have been monitoring the recent enforcement actions and continued focus on third party vendor management issues from all regulators. As the FIL will apply to all FDIC-supervised institutions engaged in third-party lenders, FDIC institutions should reassess their risk management programs and compliance management systems to ensure all are in compliance with the proposed guidelines.