August 2, 2016

FDIC Releases Proposed Examination Guidance for Third-Party Lending

On July 29 the Federal Deposit Insurance Corporation (FDIC) released proposed examination guidelines (Proposal)[1] which, if adopted, could significantly impact marketplace lending platforms and other entities relying upon bank partners. The Proposal, which would extend the FDIC’s existing guidelines on insured banks’ relationships with third‑service providers,[2] focuses on the following third-party lending relationships:

  • Insured banks’ origination of loans for third parties that lack the necessary state licenses or that wish to rely upon federal preemption in order to charge interest rates in excess of state usury limits;
  • The origination of loans through, or jointly with, third parties acting, in essence, as agents for the bank; and
  • The use of platforms developed by third parties for use by the bank.

The first of these relationships would appear to encompass the major marketplace lending platforms’ arrangements with their state‑chartered, FDIC-insured bank partners, and—although it does not mention the industry specifically—the Proposal echoes earlier FDIC statements that directly address the perceived risks associated with marketplace lending.[3]

The Proposal treats examinations of the three types of third-party lending in some detail but cautions both that it covers risks that are not present in every situation and that it does not include every possible risk. Among the types of risk discussed in the Proposal are the following:

  • Strategic (alignment of incentives and goals);
  • Operational (supervision of people, processes and systems);
  • Transaction (management of numerous transactions);
  • Pipeline and liquidity (failure of refinancing through sale of loans);
  • Model (inadequacy of underwriting or regulatory compliance);
  • Credit (mismatch of incentives and loan quality, repurchase requirements);
  • Compliance (failure to observe laws or internal policy);
  • Consumer compliance (fair lending, debt collection, credit reporting, privacy); and
  • Anti-money laundering (inadequate procedures at the third party).

The Proposal suggests that, despite the potentially great value of working with third parties, these risks are heightened for banks because they lack control over the third party, making it especially necessary to develop programs to assess, measure, monitor and control these risks. Among the programs that may be necessary, depending on the nature and level of the risks involved are:

  • Establishment of risk-tolerance limits, acquisition of adequate management, staffing and expertise, development of adequate back-up plans and capital;
  • Development and imposition standards, procedures and training for the types and volumes of lending activities that are contemplated;
  • Initial and ongoing evaluation of the risks potentially created by the third party with whom the bank will cooperate and extensive diligence regarding all aspects of its business activities (such as policies, internal control, experience, repurchase requirements, compliance systems, consumer complaints, litigation, earnings and funding);
  • Initial and ongoing validation of the third party’s model in terms of reliability, conceptual soundness, conformity with consumer lending regulations and susceptibility to error in varying economic circumstances; and
  • Adequate documentation of the relationship with the third party, including recourse (including, potentially, insurance), lack of limitations on the ability of the bank to sell loans to other entities if the third party fails to purchase, termination rights, full authority on the part of the bank to require the third party to implement procedures treated as outsourced, and full access to third-party data necessary for the bank’s compliance and risk management programs.

The FDIC expects that the bank, and not the third party, will establish the applicable underwriting and administration standards and that these standards will conform to the bank’s and the FDIC’s existing expectations about such standards and be supported by adequate capital and a funded allowance for loan and lease losses. Among other things, this will require ongoing monitoring of loan performance and periodic re-evaluation of lending standards in the light of the data provided by such monitoring. A classification and charge-off policy for loans must be developed. Special procedures are applicable to subprime lending programs. Capital is expected to be maintained at a level well above the regulatory minimum. Potential liquidity difficulties arising from the failure of resales should be compensated by back-up arrangements. Profit expectations must be evaluated prior to entry into arrangements with third parties and re‑evaluated periodically, with changes in economic circumstances and exit costs being taken into account.

A bank will be treated as responsible for compliance with consumer lending requirements to the same extent as if it were conducting all activities by itself. Special attention is required if the bank has direct contact with borrowers, develops documents that are sent to consumers or provides new, complex or unique products. This allocation of responsibility also holds for anti‑money laundering compliance and the maintenance of consumer privacy.

The Proposal concludes by describing the frequency and types of examinations to which banks and the third parties with which they are collaborating will be subjected. The FDIC will accept comments on the Proposal until September 12, 2016.


[1]               FDIC Seeking Comment on Proposed Guidance for Third-Party Lending, FIL‑50-2016 (July 29, 2016).

[2]               See Guidance for Managing Third-Party Risk, FIL‑44-2008 (June 6, 2008).

[3]               See, e.g., FDIC, Supervisory Insights (Winter 2015), p.12.

Subscribe Link

Email Disclaimer