August 30, 2000
Banks Urged to Remain Vigilant to Risks Stemming From Arrangements with Third Parties
WASHINGTON — The Office of the Comptroller of the Currency (OCC) today reminded national bank boards and management that they retain fiduciary responsibility for risks and activities they engage in with third parties such as vendors, agents, dealers, brokers, and marketers.
The OCC said in an advisory letter that since the beginning of 1999, a number of banks have suffered significant financial losses due to bank management's failure to exercise appropriate due diligence and risk analysis before engaging in some credit-related activities with third parties.
As an example, the OCC cited a case where a bank engaged a third party to monitor and control real estate construction disbursements for a residential development project without performing any due diligence on the third party. The bank also never verified whether the third party was performing the contracted services. The third party did not exercise appropriate verification and control over construction loan advances. As a result, the construction loan was overdrawn relative to the work performed. The developer eventually absconded, leaving the bank responsible for substantial extra funding. Other examples involve credit repair products and loan participation due diligence.
By not fully understanding the nature of the risks being introduced to the bank, the OCC said, "management and boards of directors breached their most fundamental fiduciary responsibility to depositors and shareholders." In some cases, the losses caused insolvency, requiring capital restoration from shareholders.
The OCC said that it encourages national banks to use third parties to enhance product offerings, improve earnings, and diversify assets and revenues. But even if vendors are reputable, their products may be unproven. The OCC has determined that problems occur most commonly when management is overly focused on potential returns or cost savings, or when management lacks sufficient knowledge about the risks involved with the new product, business, or activity.
The OCC said that bank management cannot rely solely on third party assertions, representations, or warranties when entering such relationships. At a minimum, the OCC said, third-party relationships should include front-end management planning and risk analysis, appropriate due diligence in selecting vendors, monitoring performance, and documenting management's efforts and findings. Deputy Comptroller for Credit Risk David D. Gibbons stated that "no bank should book credit risk until it is comfortable that the risk is properly understood, analyzed, and controlled." He added, "there are other risks to consider as well, particularly business reputation and compliance risks associated with some 'credit repair' products that appear to offer little, if any, value to customers."