Oversight of Third Parties: Outsourced Activities, Retained Responsibility

Enhanced expectations by regulators for how financial firms – including debt collectors – manage their relationships with third parties and the costly consequences of failing to do so properly are prompting major changes in both the processes and business case for outsourcing.

New standards from the Office of the Comptroller of the Currency and the Federal Reserve Board for managing third-party risks are detailed and sweeping. These agencies and the Consumer Financial Protection Bureau are scrutinizing areas of concentrated third-party risk, such as securing customer data, processing payments, collecting debts and offering credit card add-on products.

The guidance from the prudential regulators breaks new ground in its scope and specificity as it sets forth a dynamic oversight model to govern the entire life cycle of a third-party relationship. The net effect is to ratchet up the expectations for processes designed to make sure these relationships do not threaten safety and soundness or consumer protection. Firms – large and small, bank and nonbank – cannot delegate that responsibility, and therefore they bear the risk of third-party errors.

View this content by subscribing

Please register to unlock this content

I already have an account. Log in