Hi There,
While the OCC regulates national banks and does regular examinations, it doesn't mean there can't be or won't be any issues with those banks. After all, the OCC regularly places enforcement actions against national institutions for regulatory violations all the time. Keep in mind that you can outsource your activity, but you can't outsource the risk.
A good rule of thumb is to treat those banks the same as any other third party regarding third-party risk management. That means performing due diligence. However, this is easier said than done sometimes. It is typical for national banks and other mega organizations (google, amazon, etc.) to be less than cooperative when providing documentation or filling out due diligence questionnaires. This is partly due to the number of requests they receive; it simply becomes impossible to respond to them all. As a result, many large organizations will provide documentation or other information on their websites. Best practices dictate that you make earnest attempts to complete due diligence. Suppose you can not get the information you are seeking. In that case, you should document your attempts and seek approval or an exception from Senior Leadership. Due diligence is not always an easy process. Still, you should be able to evidence your efforts should you be asked by an auditor or an examiner.
Those are my thoughts on the matter, but I would love to hear from other members.
Original Message:
Sent: 03-10-2022 01:48 PM
From: Anonymous Member
Subject: Collecting documents from National Banks
This message was posted by a user wishing to remain anonymous
Does anyone else collect due diligence from National banks? Since they are directly regulated by the OCC is it needed?