US regulatory agencies encourage community banks to evaluate the operational resilience of fintech providers
- Published: Thursday, 02 September 2021 07:32
The US Federal Reserve Board, FDIC, and OCC have issued jointly developed guidance to help community banks assess risks when considering relationships with financial technology (fintech) companies. Amongst six key areas of due diligence the guidance highlights operational resilience as an area for consideration.
The guide, ‘Conducting Due Diligence on Financial Technology Firms: A Guide for Community Banks’ covers: business experience and qualifications, financial condition, legal and regulatory compliance, risk management and control processes, information security, and operational resilience as the top items that need consideration when assessing the risks associated with a fintech provider. The guide also highlights practical sources of information that may be useful when evaluating fintech companies.
The operation resilience section of the guide focusses mainly on business continuity and incident management suggesting that community banks evaluate:
- Business continuity plans, incident response plans, disaster recovery plans and related testing
- Recovery objectives, such as any established recovery time objectives and recovery point objectives.
Other areas highlighted for consideration include: How a fintech company considers changing operational resilience processes to account for changing conditions, threats, or incidents, as well as how the company handles threat detection (both in-house and outsourced).
Read the guidance (PDF).
Federal Reserve Board - Board of Governors of the Federal Reserve System
FDIC - Federal Deposit Insurance Corporation
OCC - Office of the Comptroller of the Currency.