The Federal Reserve, the Central Bank of the United States in August 2021 has released a paper intended to help community banks assess threats when considering connections with financial technology (fintech) companies.
This paper came up after the European Central Bank and the UK Prudential Regulatory Authority released regulations around operational resilience earlier in 2021. The Federal Reserve understood the global and interconnected nature of banks and the importance of a supervisory coordination among banks.
Innovations in the financial services geography is changing the way products and services are offered to the customers. Community Banks are looking at enhancing business potential by entering in arrangement with fintech companies.
Still, like any other third- party association, arrangement with fintech companies also introduce risks. Assessing the benefits and threats posed by these associations is crucial to a community bank’s due diligence.
What is Due Diligence?
“Due diligence is an important element of an effective third- party risk management process, as emphasized in the federal banking agencies’ individual guidance”.
During due diligence, a community bank collects and analyses information to decide whether third- party alliances would support its strategic & fiscal aims and whether the association can be executed in a secure and Well-Grounded manner, coherent with applicable legal and regulatory requirements.
The scope and depth of due diligence performed by a community bank will depend on the threat to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence works with other resources as appropriate, such as use of diligence utilities or institutions that focus on third- party oversight.
The guide covers six crucial areas of due diligence that community banks can consider when exploring arrangements with fintech companies’ business experience and qualifications, financial condition, legal and regulatory compliance, risk management and control processes, information security, and operational resilience. The aim of this write-up is to try and understand the sixth area viz. operational resilience in detail.
What is Operational Resilience and its steps for evaluation?
The ability of an enterprise to continue delivering services to consumers despite an unforeseen disturbance is known as operational resilience. The ability to forestall, respond to, recover from, and learn from operational interruptions is a crucial priority of operational resilience.
Community Bank needs to estimate the fintech company’s capability to continue operations through a disturbance.
As part of the evaluation the bank must:
- Look at the fintech company’s processes to identify, respond to, and secure itself and its customers from threats and implicit failures, as well as recover and learn from disruptive events.
- The continuity and adaptability planning are commensurable with the nature and criticality of activities performed for the bank.
Requirements for an operational resilient framework
A fintech should maintain the following in order to assure that the company follows an operational resilience framework
- A business continuity, incident response and a disaster recovery plan.
- Test results of set impact tolerance and factual recovery time and recovery point.
- Changes in tolerance degree to accommodate new types of incidents, threats and changes in market conditions. Also recording the impact of similar events.
- In sourced and outsourced activity of the fintech as well as the reliance of technology, on-premise or on-cloud, where data is stored, applicable laws.
- Proper checks and balances for outsourced activities.
- Status of insurance cover, coverage and fiscal capability.
- Service level agreements with well-defined recovery and response times.