Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Collecting documents from National Banks

    This message was posted by a user wishing to remain anonymous
    Posted 03-10-2022 02:11 PM
    This message was posted by a user wishing to remain anonymous

    Does anyone else collect due diligence from National banks? Since they are directly regulated by the OCC is it needed?


  • 2.  RE: Collecting documents from National Banks

    Posted 03-15-2022 03:58 PM

    Hi There,

    While the OCC regulates national banks and does regular examinations, it doesn't mean there can't be or won't be any issues with those banks. After all, the OCC regularly places enforcement actions against national institutions for regulatory violations all the time. Keep in mind that you can outsource your activity, but you can't outsource the risk.

    A good rule of thumb is to treat those banks the same as any other third party regarding third-party risk management. That means performing due diligence. However, this is easier said than done sometimes. It is typical for national banks and other mega organizations (google, amazon, etc.) to be less than cooperative when providing documentation or filling out due diligence questionnaires. This is partly due to the number of requests they receive; it simply becomes impossible to respond to them all. As a result, many large organizations will provide documentation or other information on their websites. Best practices dictate that you make earnest attempts to complete due diligence. Suppose you can not get the information you are seeking. In that case, you should document your attempts and seek approval or an exception from Senior Leadership. Due diligence is not always an easy process. Still, you should be able to evidence your efforts should you be asked by an auditor or an examiner.

    Those are my thoughts on the matter, but I would love to hear from other members.

     




  • 3.  RE: Collecting documents from National Banks

    Posted 03-15-2022 04:24 PM
    Copies of the bank evaluations may be obtained by submitting a request electronically through the OCC's Freedom of Information Act (FOIA) website https://foia-pal.occ.gov/palMain.aspx or by writing to the Office of the Comptroller of the Currency, Communications Division, Suite 3E-218, Washington, DC 20219.

    Bauer Financial also provides reviews of national banks and credit unions for a fee.

    Rosalie Stremple
    Westfield Bank, Ohio​


  • 4.  RE: Collecting documents from National Banks

    This message was posted by a user wishing to remain anonymous
    Posted 03-16-2022 08:03 AM
    This message was posted by a user wishing to remain anonymous

    Yes, we conduct due diligence reviews and ask for documentation from banks/financial institutions regardless who regulates them.


  • 5.  RE: Collecting documents from National Banks

    Posted 03-16-2022 08:04 AM
    If they are a vendor, they should be vetted as any other third party.  We have some national banks within our portfolios and we assess them based on the level of risk they present to the organization.  Generally, bigger organizations will not complete questionnaires or control surveys but rather provide you their compliance package or generic information that most often does satisfies requirements.  Level of risk is determined on what your organizations risk appetite and risk tolerance is of third parties.  In instances where residual risk is elevated, we often will consult with our infosec teams and determine actions/next steps.  We have P&P that align to the regulatory guidance that dictate actions as well various metrics and key reporting to committee.  My rule of thumb has always been to document decisions to evidence review and rationale on decisions and approvals.