The use of third-party vendors is essential in the BaaS ecosystem. However, while the use of third parties can increase an organization’s risk, such use of third parties does not diminish or remove the organization’s responsibility to perform all activities in a safe and sound manner, in compliance with applicable laws and regulations, including those related to consumer protection and security of customer information.
We advise fintechs and BaaS banks and help them implement sound third-party risk management programs that takes into account the level of risk, complexity, and size of the organization, as well as the nature of the specific third-party relationship. Our third-party risk management programs cover risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination.
BERCLA Consulting professionals have examination-tested experience establishing and implementing adequate third-party risk management programs consistent with regulatory guidance including the most recent regulatory guidance issued on June 6, 2023 (Interagency Guidance on Third-Party Relationships: Risk Management – FIL 29-2023)