The American Fintech Council (AFC) has called upon the Financial Stability Board (FSB) to expand the reach of its third-party risk management toolkit, suggesting inclusion of authentic bank-fintech partnerships and banking-as-a-service models.
The toolkit, released for public consultation by the FSB in June for financial institutions and authorities, aims to offer clarity for both the industry and regulators and establish a more secure financial services environment for consumers.
Its design adopts a holistic approach that extends beyond outsourcing, with the goal of reducing regulatory fragmentation, bolstering institutions’ risk management, and enhancing the financial system’s resilience by fostering coordination among stakeholders.
In a letter in response to the toolkit, the AFC – a trade association representing ‘responsible fintechs and innovative banks – acknowledged the positive aspects of the toolkit, but highlighted its limitation to IT-related third parties, excluding lending, certain payment relationships, and banking-as-a-service models.
Phil Goldfeder, CEO of the AFC, explains: “In order to have the most effective third-party risk management, both industry and regulators must move beyond the traditional understanding of third-party service towards a new understanding that includes core banking functions and banking-as-a-service.
“We thank the FSB for the opportunity to collaborate and look forward to our continued partnership to ensure the scope of their guidance reflects the safe and innovative business models in the modern banking system.”
Next steps
The AFC urged coordination between the FSB and US financial services regulatory agencies to harmonise rules and requirements addressing third-party risk. The recently published interagency TPRM (Third-Party Risk Management) guidance in the US underlines the need for clear federal leadership in this area.
Its letter said: “AFC recommends that as FSB finalises the Toolkit and any possible related guidance/rulemakings that it coordinates with US financial services regulatory agencies to ensure that rules and requirements addressing third-party risk fit within the FSB’s global approach and are not duplicative or contradictory to the work conducted by other regulators.
“In recent years, the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers have evolved and increased. These developments have brought both benefits and the introduction of different types of risks to financial institutions. If they are not appropriately managed, these relationships could lead to risks to financial stability.”
