Technology and third-party relationships — with service providers and digitally-focused FinTechs — have helped transform banks’ operations.
Banks have been able to pivot fully into the digital age, serving a broader swath of customers than they otherwise might have if those partnerships had not been struck in the first place.
The PYMNTS Intelligence report “The FinTech-Bank Relationship Shifts Toward Collaboration” found that 95% of banks are focused on using partnerships to enhance their own digital product services and offerings, streamlining the time to market to get customer-facing features in place.
However, the same interdependencies and interconnectedness with relatively nascent firms in a world of new attack vectors and untested business models can lead to several avenues of risk for traditional financial services players.
Through the last few months, regulatory bodies overseeing the banking sector have noted that banks must take steps to maintain and bolster their operational resilience.
The “Semiannual Risk Perspective” from the Office of the Comptroller of the Currency (OCC) said: “Sound operational resilience includes identifying critical operations and core business lines and mapping interdependencies within a bank’s organization and with significant third parties. Increased interconnectedness and interdependencies across the financial industry elevate the threat of a single participant’s outage, creating broader sector disruption.”
Think, then, of a bit of domino effect. A FinTech or other partner is hit by a cyberattack, operational failure or loss of customers, forcing them to go dark, so to speak, and the ripple effects hit the federal banking system at large. The OCC said in the report that fraud is a “significant risk,” and timely suspicious activity reports on the part of the banks protect the financial institutions themselves but also their end users.
The Federal Reserve, in another example, last year issued guidance on the various stages of third-party life cycle management, which includes the wealth of considerations inherent in these relationships, such as the “direct contractual costs and indirect costs to augment or alter bank staffing, processes and technology,” and the interactions that the third parties will have with end customers.
The interconnectedness is proving extensive, especially for smaller banks. The Fed, Federal Deposit Insurance Corp. (FDIC) and OCC said in a joint guide on third-party risk management that banks must glean insight into whether a third party’s information security program is consistent with the bank’s program and “expectations related to protecting the confidentiality, integrity and availability of information.” The third parties, in turn, may have relationships with other companies, including subcontractors, which expose them to risks, including breaches.
The Federal Reserve Bank of New York said in a June blog post that banks and nonbanks are “intimately interconnected,” and the latter are dependent on banks for term loans and lines of credit. Overall lending to shadow banks is estimated to exceed $1 trillion as of January. Term loans, which are upfront payments from the lenders that are paid out by the borrowers over time, represented a bit more than a quarter of lending to nonbanks, up from about 15% in 2015.
We’ll get a bit more insight this week when the FDIC releases its quarterly report card on the financial condition of the U.S. banking system. The second-quarter data will give details on problem banks and even the number of insured institutions extant, which has been declining. If the number of banks declines, the concentration of risk increases.