In July 2016, the Federal Deposit Insurance Corp. (FDIC) issued proposed guidance for third-party lending that is intended to supplement the FDIC’s current guidance for managing third-party risk.
This proposed guidance is important on two fronts. First, it will affect the relationships between banks and marketplace lenders and similar companies at a time when both industries are becoming more interconnected. And second, it continues the emphasis by the bank regulators on expressly holding boards of directors and senior management responsible for arrangements between banks and third parties. While the proposed guidance would not apply to banks and thrifts regulated by the other federal banking agencies, such regulators could also, independently or collectively, clarify and expand their existing third-party risk management guidance.
The partnering of marketplace lenders and banks has become a focus of federal and state banking regulators. Forums have been held and studies conducted on the marketplace lending industry. The Consumer Financial Protection Bureau recently released its proposal to regulate payday lenders and has been accepting consumer complaints about online lenders since the beginning of 2016. The proposed guidance issued by the FDIC would indirectly regulate marketplace lenders and other third parties that partner with banks.
The FDIC proposed guidance would apply to any FDIC-supervised institution that engages in third-party lending—for example, a lending arrangement that relies on a third party to perform a significant aspect of the lending process, such as marketing, credit underwriting, customer service, regulatory compliance or debt collection, among other things. Generally, third-party lending arrangements would include institutions originating loans for third parties, institutions originating loans through third-party lenders or jointly with them, and institutions originating loans using third-party platforms.
As with other recent regulatory pronouncements by banking regulators, the proposed guidance expressly states that an institution’s board of directors and its senior management bear the ultimate responsibility for managing third-party lending relationships and for identifying and controlling the risks associated with such relationships.
Under the proposed guidance, an institution must take into account the risks associated with third-party lending, including strategic risk, operational risk, credit risk and compliance risk, and establish and have the board approve a third-party lending risk management program and related policies before it enters into a significant third-party lending relationship. For purposes of the guidance, a “significant” third-party lending relationship is one that could have a material impact on revenues, expenses or capital, involve multiple third parties, involve lending volumes that are large in relation to the institution’s balance sheet or present material risk of consumer harm.
The third-party lending program would have to include, among other things, limits as a percentage of total capital for each third-party arrangement and for the entire lending program that takes into account origination volumes, credit exposure and growth, and monitoring of third parties and the institution’s overall lending activity to identify and assess risks, including fair lending. The guidance also sets forth specific terms that should be included in written agreements governing third-party lending arrangements, in addition to those terms that are required under the FDIC’s current guidance for all third-party relationships.
The guidance discusses certain supervisory considerations that institutions should take into account if it is a party to a third-party lending arrangement. These include credit underwriting and administration, capital adequacy, liquidity, profitability, data security, compliance with consumer regulations and BSA/AML.
An institution that has significant third-party lending relationships will be subject to examination (risk management and consumer compliance) by the FDIC at least every 12 months and could be subject to interim visits if the agency identifies significant risk in the lending program relationships. FDIC examiners may also conduct targeted exams of significant third-party lending arrangements, and many also conduct targeted exams of other third parties where authorized.
The FDIC is accepting comments on the proposed guidance until October 27, 2016. Institutions that are involved in third-party lending arrangements or contemplating such arrangements should review the proposed guidance and consider commenting, given the impact it could have on third-party lending programs.