An official website of the United States government
OCC Bulletin 2021-40
August 27, 2021
Share This Page:
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) today published Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks. This guide supports responsible innovation within the federal banking system by providing community banks1 with information that may be relevant when conducting due diligence on financial technology companies.
This guide is designed for community banks. Although the guide discusses community bank relationships with fintech companies, the content may be useful for banks of any size and for other types of third-party relationships.
Innovation and evolving customer preferences are significantly changing the financial services landscape, including the way financial products and services are delivered. As the banking industry becomes more complex and technologically driven, banks of all sizes are forming greater and deeper relationships with third parties to remain competitive, fulfill strategic goals and objectives, and help meet consumers' needs. Companies specializing in financial technologies (or fintech) may provide technical capabilities for banks to offer new or enhanced products and services, establish new delivery channels, improve bank processes, and remain competitive in a changing industry. These relationships can present an attractive alternative to a bank building a product, service, or activity in-house and are particularly relevant for community banks that may not have the requisite resources to otherwise reasonably consider developing or engaging in such activities on their own.
Community banks may approach relationships with fintech companies in a similar manner as they would any other third-party relationship. During due diligence, a community bank considers how the fintech company may assist the bank in meeting its strategic objectives and determines whether the relationship aligns with the bank's risk appetite.2 A community bank evaluates whether the proposed activity can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements.3 To augment existing resources, leverage specialized expertise, and gain efficiencies, community banks might collaborate or engage external resources when evaluating a proposed relationship with a fintech company.4
The agencies recognize that fintech companies have varying operational histories and governance and, in some cases, may be unfamiliar with or unable to provide the information that a community bank typically expects to evaluate during due diligence. The lack of certain information may not necessarily lead to disqualifying a fintech company as a prospective third party. Rather, a community bank may be able to evaluate other types of available information or take alternative approaches to prudently assess and manage risks. To assist community banks, the agencies collaborated on this guide as a resource for evaluating potential relationships with fintech companies and tailoring due diligence processes accordingly.
This guide serves as a resource for bank management, apart from the OCC's supervisory guidance on third-party risk management.5 The guide does not anticipate all types of third-party relationships or risks and should not be viewed as all-inclusive. Use of the guide is voluntary, and the relevance of specific information within the guide depends on the nature and extent of a community bank's third-party relationships and related activities. There may be other topics, considerations, and sources of information that a community bank should consider, depending on the prospective relationship.
Please contact Emily Doran, Governance and Operational Risk Policy Analyst, Operational Risk Policy Division, at (202) 649-6550.
Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy
2 In addition to the OCC's guidance on third-party risk management, refer to OCC Bulletin 2017-43, "New, Modified, or Expanded Bank Products and Services: Risk Management Principles."
3 Fintech companies employ varying business models across a wide spectrum of financial products and services. Specific legal and regulatory requirements will depend on the prospective activity and business arrangement.
4 For more information on collaboration and third-party assessment services, refer to OCC Bulletin 2020-10, "Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29"; and OCC News Release 2015-1, "Collaboration Can Facilitate Community Bank Competitiveness, OCC Says."
5 For more information, refer to OCC Bulletin 2013-29, "Third Party Relationships: Risk Management Guidance"; OCC Bulletin 2020-10; and OCC Bulletin 2002-16, "Bank Use of Foreign-Based Third-Party Service Providers: Risk Management Guidance." The agencies recently published for comment proposed interagency guidance for third-party relationships. Refer to "Proposed Interagency Guidance on Third-Party Relationships: Risk Management," 86 Fed. Reg. 38182 (July 19, 2021). This guide draws from the agencies' existing guidance and is consistent with the proposed interagency guidance.