ABA Bank Compliance - July/August 2014

■ ■ ■ Confirm that the service feature is a standard offering of the provider. What is the extent of clients with that service? Perhaps obtain a reasonable estimate of the percentage of the provider’s clients that require the same service feature as the subject bank (for example, a fee disclosure for banks offering prepaid cards).

What are other banks doing that have the same business need?

■ ■ ■ Survey other banks to determine if they have a compliant alternative to the service/feature subject to criticism.

If surveyed banks offer the same service or feature, the discussion can serve as a heads-up regarding the potential for examiner criticism, and help create sufficient client demand to motivate the provider to take corrective action–– essentially form a user group.

What are the implications for canceling the service provided by the current provider?

■ ■ ■ Is there a feasible and cost effective alternate to corrective action?

■ ■ ■ Are there alternative service providers?

■ ■ ■ What is the bank cost of contracting with a new service provider? If dismantling the service provided, are there other areas that will be affected? What is the impact on other operations the vendor supports? Are there system capacity challenges associated with a change in provider, or disruption in operations, etc?

■ ■ ■ What is the impact of the changes on operations and customers?

OCC Bulletin 2013-29 encourages a contingency plan for contract termination as part of the bank’s vendor management program. In this regard, considering performance thresholds to drive the decision may be useful.

What’s your interim solution to address the finding?

■ ■ ■ Explore an interim workaround, especially if the examination finding poses significant harm to the consumer.

What’s your strategy for responding to the examination report?

■ ■ ■ Document all of the above including any other bank efforts to work with the provider to implement the corrective action.

■ ■ ■ Keep examiners apprised throughout process milestones, starting with when you learned of the provider’s inability to correct the action. The goal is to ensure examiners understand the full extent of the bank’s efforts to respond to examination findings, and additionally understand associated challenges that could extend the lapse period to corrective action.

Has the service provider expressed difficulty? What is the rationale and the significance of the provider to bank operations? Does the bank have limited or no alternative providers? Answering these questions will also highlight the potential systemic risk the provider poses to other institutions.

Key considerations include :

■ ■ ■ Will corrective action require an extended period because the service provider has expressed an inability to make the change?

■ ■ ■ Is the bank working with the provider and also exploring feasible alternatives to achieve completion? How will the bank minimize the likelihood of significant harm to consumers in the interim?

Be sure to maintain documentation for examiner review and there should include a reference if there is a provider user group.

What can the examiner do?

The regulator’s objective is to require action to address identified issues and mitigate compliance risk. When the third-party service provider is not receptive to corrective action, consider the following:

■ ■ ■ Is the vendor a substantive third-party provider with potential for systematic incidence/ risk?

■ ■ ■ Ascertain if the finding relates to mission-critical core functions and the vendor is a major provider by determining the extent of clients affected.

■ ■ ■ If the vendor is a major provider, determine if other exams in the agency’s immediate district, or other districts, noted the issue.

Is the issue potentially systematic, i.e., cited at other client institutions of the provider?

If the finding was addressed, was corrective ac-
tion implemented by the provider? If not, did
the client bank(s) identify an alternate service
provider or otherwise correct the issue?
Responses to these questions will confirm
that corrective action is feasible either through
the current service provider, or alternatively
through a different provider or other means.
Although examiners are prohibited from
sharing specifics about other institutions, the
responses will provide context to advise the
subject bank about viable options for correc-
tive action.

If the finding was not addressed, align corrective action expectations of the subject bank with that for the other banks with the issue. In addition, to the extent the service provider was the critical obstacle to corrective action, documentation regarding the issue can be shared within the agency for consideration in the service provider examination program.

If there is no evidence of the finding at other institutions, what are agency’s corrective action expectations of the subject bank?

Share with the subject bank that there was no evidence of the issue at other institutions. Corrective action options should be pursued.

Bottom Line—Bankers and Regulators
Working Together Helps

The expectation that financial institutions are responsible for advancing corrective action and compliance more broadly, even in the face of obstacles presented by third-party relationship, is increasingly apparent. However, it is also clear that agency protocols can help, such as examinations and the repository of information facilitated by the exam process. The value of these protocols depends on bankers and examiners maintaining an open dialogue and information exchange. Doing so promotes an understanding of the implications of issues and options for reasonable resolutions, commensurate with the circumstances. ■

ABOUT THE AUTHOR

BONITA G. JONES, president of San
Francisco-based Bonita Jones &
Associates, LLC, is a retired principal
in the Banking Supervision and
Regulation Division of the Federal
(415) 297-1784.