The Federal Deposit Insurance Corporation (“FDIC”) is seeking comment on proposed examination guidance for Third-Party Lending. [1] The proposed guidance, issued July 29, provides banks with safety, soundness and consumer compliance measures to be followed when lending through a business relationship with a third party. The proposed guidance will apply to all banks that engage in third-party lending, and will also affect all institutions that seek to originate loans with banks. The proposed guidance, while appearing technical, follows a pattern of federal regulators showing increased interest in holding financial institutions accountable for the acts of those who they do business with, resulting in increased risk and increased compliance burdens on all involved.

Supplementing the FDIC’s existing Guidance for Managing Third-Party Risk [2], the proposed guidance defines Third-Party Lending broadly as any “lending arrangement that relies on a third party to perform a significant aspect of the lending process,” and is designed to capture the use of third parties in the following portions of the lending process:

  • marketing;
  • borrower solicitation;
  • credit underwriting;
  • loan pricing;
  • loan origination;
  • retail installment sales contract issuance;
  • customer service;
  • consumer disclosures;
  • regulatory compliance;
  • loan servicing; and
  • debt collection, and data collection, aggregation, or reporting.

The proposal places special attention on three types of third-party relationships: (1) banks originating loans for third parties; (2) banks originating loans through third-party lenders or jointly with third-party lenders; and (3) banks originating loans using platforms developed by third parties. Additionally, bank participation in practices such as indirect auto lending would likely receive heightened scrutiny under the proposed guidance.

The FDIC believes numerous risks may arise or be heightened from a bank’s use of third parties in the lending process and the proposed guidance focuses on the following risks:

  • Strategic (potential misalignment of incentives and goals)
  • Operational (key operational factors not under the direct supervision of the bank)
  • Transaction (volume of loan and multiple parties increase risk exposure)
  • Pipeline and liquidity (transactions failing to be consummated and funded as expected)
  • Model (potential regulatory compliance issues related to financial models used by third parties)
  • Credit risk (misalignment of incentives and concerns about loan quality)
  • Compliance (failure to observe applicable law or internal policy)
  • Consumer compliance (fair lending, debt collection, credit reporting, privacy etc…)
  • Bank Secrecy Act/Anti-Money Laundering (potentially inadequate procedures at the third party level)

Examples of regulators’ existing interest in these areas include examination by banking regulators and enforcement actions by the Consumer Financial Protection Bureau for “disparate impact” violations under the Equal Credit Opportunity Act arising out of banks indirect auto lending operations, and regulators effective elimination of the market for refund anticipation loans by enforcement actions against banks involved in such loans.

A bank’s board of directors and senior management are ultimately responsible for managing the bank’s third-party lending arrangements as if such activities were handled within the bank. The proposed guidance expects banks to establish third-party lending risk management programs and policies prior to entering into significant third-party lending relationships. Such programs should be tailored based on the significance, complexity, risk profile, transaction volume and number of third-party lending relationships. The FDIC also wants banks to establish processes to evaluate and monitor specific third-party lending relationships. Examples of the potential programs and processes necessary under the proposal include:

  • Incorporation of third-party lending in the strategic planning process, establishment of clear risk tolerance limits, increasing staffing to ensure oversight capability, and developing back-up plans;
  • Implementation of procedures and policies relating to third-party lending activities developed by management and approved by the bank’s board;
  • Initial and ongoing risk assessment practices relating to third-party lending relationships coupled with comprehensive due diligence and oversight of each third party relationship; and
  • Review of the contract and structuring of third-party lending relationships.

FDIC Examiners will assess each bank’s third party lending relationships in conjunction with the proposed guidance. Banks with significant third-party lending relationships can expect increased supervisory attention, including a 12-month examination cycle with concurrent risk management and consumer protection examinations, off-site monitoring, targeted examinations of significant third-party lending arrangements and possible review of the third parties themselves. The proposed 12-month examination cycle would apply to all banks, and not just lower rated institutions. This would likely lead to more routine examinations and increased compliance costs for smaller community banks.

Comments are sought on the entire proposed guidance with particular emphasis on those areas outlined in the FDIC’s Financial Institution Letter number FIL-50-2016. Comments will be accepted until September 12, 2016. Comments should be sent to and will be posted on the FDIC’s website at


[1] FDIC Seeking Comment on Proposed Guidance for Third-Party Lending, FIL‑50-2016 (July 29, 2016)  

[2] Guidance for Managing Third-Party Risk, FIL‑44-2008 (June 6, 2008)