FDIC Proposes Guidance For Managing Third Party Risk


On July 29, 2016, the Federal Deposit Insurance Corporation (“FDIC”) released its  proposed Guidance on Managing Third-Party Risk (“FDIC Proposal”).  The FDIC Proposal (available at https://www.fdic.gov/news/news/financial/2016/fil16050.html) invites comments on proposed guidance for third-party lending.  The purpose of the guidance is to set forth safety and soundness and consumer compliance measures that FDIC-supervised institutions should follow when lending through a business relationship with a third party.


The FDIC Proposal owes its existence to changes in credit markets following the financial crisis of 2007-2008.  In the wake of the crisis, many traditional financial institutions pulled back from lending to small and medium-sized institutions and individuals.  This credit shortfall caused new players to enter the market offering lending, brokerage, analysis, servicing, trading platforms, and other related products and solutions.  For example, so-called marketplace lenders — i.e., typically, a nonbank financial platform that leverages technology to reach potential borrowers, evaluate creditworthiness, and facilitate loans — arose in the wake of the crisis as one of a number of new avenues for consumers and small businesses to obtain loans not available from traditional sources.

In recent years, the potential for connections between the marketplace lending industry and the banking sector have attracted attention from regulators at both the state and federal level.  At the federal level, Consumer Financial Protection Bureau, U.S. Department of the Treasury, the Federal Trade Commission, the Office of the Comptroller of the Currency (“OCC”), and the FDIC have conducted studies, taken consumer complaints, sponsored forums, and/or released guidance concerning marketplace lending and other emerging financial technologies and their implications for consumers and small businesses.  In addition, officials from the Board of Governors of the Federal Reserve System (“FRB”) and U.S. Securities and Exchange Commission have scrutinized aspects of the industry, as well. At the state level, the New York Department of Financial Services and the California Department of Business Oversight reportedly have conducted studies of and launched investigations into the activities of certain industry participants.  The FDIC’s proposal adds to this increasingly long list of government/regulator action.


  • The FDIC’s proposed guidance defines third-party lending as an arrangement that relies on a third party to perform a significant aspect of the lending process. Categories include (but are not limited to): institutions originating loans for third parties; institutions originating loans through third parties or jointly with third parties; and institutions originating loans using platforms developed by third parties.  Highlights from the proposal include the following:

The proposal makes it clear that the board of directors and senior management of an FDIC-supervised institution ultimately are responsible for managing third-party lending arrangements as if the activity were handled within the institution. The FDIC notes in its proposing release that managing and controlling risks can be challenging when origination volumes are significant or there are numerous third-party relationships.

The proposed guidance emphasizes that institutions should establish a third-party lending risk management program and compliance management system (CMS) that is commensurate with the significance, complexity, risk profile, transaction volume, and number of third-party lending relationships. Consistent with existing guidance, the risk management program and CMS should address risk assessment, due diligence and oversight, and contract structuring when selecting and managing individual third-party lending relationships, according to the FDIC.

  • For institutions that engage in significant lending activities through third parties the proposal includes increased supervisory attention, including a 12-month examination cycle, concurrent risk management and consumer protection examinations, offsite monitoring, and possible review of third parties.
  • The FDIC has stated that it will accept written comments on the Proposal until October 27, 2016.
Christine Chung