In a recent episode of the Wrestling Payments podcast, Joe Casali welcomes back Nanci McKenzie, an independent consultant and expert in banking and risk management, to discuss third-party relationships in the financial industry. Recorded live at the 2024 Payments Management Conference (PMC), this episode offers a comprehensive update on regulatory changes, risk management, and the evolving nature of third-party relationships.
Evolving Third-Party Relationship Guidelines
The financial landscape has seen significant changes, particularly regarding third-party relationships. Nanci explains that the updated interagency guidance approved in June 2023 consolidates previous directives from the OCC, FDIC, and Federal Reserve Board of Governors. This comprehensive document now explicitly includes fintech companies, reflecting the growing complexity of third-party relationships beyond traditional vendors.
"It's very difficult to determine what that relationship really looks like. It's not just for vendors anymore, right? That relationship can be in the form of any sort of service or product that you are offering to a commercial non-consumer customer or member, whether that be in your treasury management services or if they are a vendor of yours." — Nanci McKenzie
Importance of Consumer Data Protection
In today's world, data protection and privacy are paramount concerns. Nanci emphasizes the need for robust information security programs and adherence to the updated Gramm-Leach-Bliley Act's safeguards rule, which now extends to third-party entities. Ensuring compliance with these regulations is crucial for mitigating risks associated with data breaches and financial crimes.
"And in today's world, data protection and data privacy are huge issues that everybody has to be not just aware of, but concerned with. And where is my data? Who has it? Who has access to it?" — Nanci McKenzie
Role of Consent Orders in Shaping Risk Management
The episode also delves into the impact of consent orders issued by regulatory bodies. These orders often highlight deficiencies in BSA/AML programs and third-party risk management. Nanci points out that financial institutions must periodically review and manage high-risk customers and transactions effectively to avoid regulatory penalties and ensure operational safety.
"So what's very common in all of the consent orders is that they are looking at the BSA/AML program since we've had so many problems with financial crimes, especially in money laundering and those types of activities." — Nanci McKenzie
Challenges of Open Banking and Data Privacy
The conversation shifts to the challenges posed by open banking and the CFPB's new rule under the Gramm-Leach-Bliley Act. Nanci notes that while these regulations complicate the compliance landscape, they are essential for protecting consumer data. Financial institutions must navigate these complexities while maintaining robust data protection measures.
"I feel that it's going to very much complicate things even more, make things very much more difficult for us. But on the other side of things, we really need to have them in place." — Nanci McKenzie
Conclusion
This episode of the "Wrestling Payments" podcast provides valuable insights into the evolving landscape of third-party relationships in banking. Nanci McKenzie's expertise underscores the importance of regulatory compliance, robust risk management, and vigilant data protection. For those navigating this complex area, the updated interagency guidance is an essential resource.
Listen to the full podcast episode for more insights and detailed discussion on third-party relationships in banking.