Laws and Regulations
Key laws and regulations that pertain to FDIC-supervised institutions; note that other laws and regulations also may apply depending on the nature of the third-party relationship.
- Appendix A to Part 364 — Interagency Guidelines Establishing Standards for Safety and Soundness (ecfr.gov) provide operational and managerial standards for safety and soundness, and institutions should ensure that third-party relationships are managed consistent with these standards
- Appendix B to Part 364 — Interagency Guidelines Establishing Information Security Standards (ecfr.gov) address administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information
Frequently asked questions, advisories, statements of policy, and other information issued by the FDIC alone, or on an interagency basis, provided to promote safe-and-sound operations.
- Guidance for Managing Third-Party Risk (FIL-44-2008) provides a general framework for oversight and risk management of third-party relationships and discusses the board of directors' responsibility for outsourced activities
- Statement Concerning the Responsibilities of Bank Directors and Officers (FIL-87-92) addresses duties of loyalty and care owed to shareholders, depositors, and other creditors of the bank
- Section VII. Unfair and Deceptive Practices - Third-Party Risk of the Consumer Compliance Examination Manual provides a framework for an effective compliance management system when considering third-party relationships
Supplemental information related to safe-and-sound banking operations.
- FDIC's Supervisory Insights — Special Corporate Governance Edition 2016 - PDF discusses key governance concepts, roles, and responsibilities of directors and senior management
- Conducting Business with Banks, A Guide For Fintechs and Third Parties - PDF is the first in a series of resources from FDiTech to help fintechs and third parties partner with banks
- The BSA/AML Resource Page and Information Technology Resource Page provide relevant information useful to manage third-party relationships if the activities are subject to BSA/AML regulations or relate to IT
- The Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks - PDF is intended to help community banks in conducting due diligence when considering relationships with fintech companies.