Inspector General Warns FDIC Oversight Failures Endanger Banks

The expansion of banking ecosystems has long been in place as financial institutions (FIs) link with providers to fine-tune and modernize operations.

PYMNTS Intelligence has found that a majority of traditional financial services firms have inked pacts with third-party providers, including FinTechs. Past surveys indicate that 65% of banks and credit unions have entered into at least one FinTech partnership, with 76% of banks viewing FinTech partnerships as necessary to meeting customer expectations. Ninety-five percent of banks are focused on using partnerships to enhance their own digital product offerings.

But gaps remain when it comes to oversight and identification of the risks tied to those partnerships, and particularly the monitoring of banks’ vendors; call it, perhaps, the ongoing assessment of the state of the financial supply chain.

A recent report by the Federal Deposit Insurance Corp’s Office of the Inspector General (OIG) has determined that the FDIC does not have the yardsticks in place that would gauge that aforementioned risk when assessing third-party providers of software, hardware and other offerings used by the banks. There’s been no real way to mark whether the current significant service provider (SSP) Examination Program has been effective through the past five years.

The headline finding was not about cybersecurity or payment glitches. It was about oversight itself: the agency’s struggle to keep pace with the sprawling network of third-party firms that now run much of banks’ technology, payments and data infrastructure.

The OIG concluded that the FDIC has yet to establish clear performance goals and metrics for its oversight of large vendors. The absence leaves regulators and banks alike without a reliable way to measure whether examinations are actually protecting against the risks posed by vendors whose failures could ripple across the financial system.

“In the absence of clear programmatic goals and metrics, the FDIC has limited assurance that the SSP Examination Program is achieving its intended purpose,” the OIG report stated. “Developing program-level goals and metrics will allow the FDIC to define programmatic success, measure the effectiveness of the SSP Examination Program, and support the FDIC’s efforts to achieve its strategic objectives related to risk management for third-party service providers.”

In terms of the scope of the exams themselves, from 2020 through 2023, the FDIC and partner agencies conducted 55 exams of large service providers—an average of 14 a year. By contrast, 118 smaller, regional vendors were examined in the same period. Some vendors examined serve as few as 10 banks, while others touch more than 4,200, with enormous variations in assets and payments processed. A failure at a single large provider could cascade across the sector.

Even when exams occur, banks often receive outdated or stale reports, the OIG said. New guidance requires reports be delivered within 45 days of request.

The report also highlights the FDIC’s limited resources. Efforts to build a new Inherent Risk Methodology Analysis—a more quantitative way to rank which vendors deserve the most scrutiny—remain unfinished. Until then, exam selection remains “highly subjective” and vulnerable to gaps, according to the audit.

The FDIC agreed with the inspector general’s recommendation and pledged corrective actions by March. But for banks and their customers, the lag underscores the tension in today’s financial system as oversight must evolve to match the deepening reliance FIs place on outside vendors.

The post Inspector General Warns FDIC Oversight Failures Endanger Banks appeared first on PYMNTS.com.