Season 2 | Ep 28: Enhancing Third-Party Risk Management: How to Safely Onboard & Partner with FinTechs

Season 2 | Ep 28: Enhancing Third-Party Risk Management: How to Safely Onboard & Partner with FinTechs

July 2, 2024


In this episode of the Risk Intel Podcast, host Ed Vincent, sat down with Shawn Ryan, Chief Financial Officer at SRA Watchtower, to delve into the intricacies of third-party risk management and how to safely onboarding FinTech partners. Their discussion centered on the recent May 2024 joint interagency guidance on third-party risk management and its implications for community banks. This episode is a must-listen for financial institutions navigating the complex landscape of risk and innovation.

The Importance of Regulatory Guidance

The episode kicked off with Ed Vincent highlighting the significance of the May 2024 guidance from the Federal Reserve, FDIC, and the OCC. Ed emphasized, "Anytime the FFIC is coming together and producing content, that's a good thing," which was echoed by Phil Goldfeder, CEO of the American Fintech Council in a previous episode. Its important to our industry when regulators' show a commitment to helping financial institutions implement effective controls and offer guidelines or programs on how to best work with third-party providers.

Key Components of the Guidance

Shawn Ryan provided a detailed breakdown of the guidance, focusing on five critical aspects of third-party risk management: planning, due diligence, contract negotiation, ongoing monitoring, and termination.

1) Planning: The Foundation of Effective Risk Management

One of the main discussion points made by Shawn and the 2024 guidance’s central theme was the necessity of thorough planning before engaging with any third-party providers. Shawn explained that this stage involves not only the executive team and the board but also a comprehensive assessment of what the institution hopes to achieve. He advised financial institutions to determine whether they aim to maintain competitive parity or pursue innovation. Shawn used the example of established FinTechs like Zelle, which offer widespread solutions, but may lack the innovative edge that smaller, emerging FinTechs can provide.

"During that planning stage, you have to recognize that there's going to be certain compromises you have to make," - Shawn Ryan stated, highlighting the need for a well-defined risk appetite.
2) Due Diligence: Ensuring Alignment and Capability

Due diligence is a critical step to ensure that third-party providers align with the institution's goals and possesses the necessary capabilities. Shawn emphasized the importance of thoroughly vetting potential partners, examining their financial stability, regulatory compliance, and operational capacity. This step is essential to mitigate risks associated with third-party engagements.

"You need to look at their ability to deliver the services you require and their history of performance," he advised.
3) Contract Negotiation: Defining Terms and Expectations

Contract negotiation is where the institution formalizes its relationship with the third-party provider. Shawn pointed out that this stage should include clear definitions of performance standards, responsibilities, and expectations. He even recommended including specific clauses related to data security, compliance with regulations, and mechanisms for resolving disputes.

4) Ongoing Monitoring: Maintaining Vigilance

Once the contract is in place, ongoing monitoring becomes crucial to ensure that the third party continues to meet the institution's standards. Shawn suggested implementing regular performance reviews, audits, and risk assessments.

"Continuous monitoring helps identify issues early and allows for timely corrective actions," he said.

This proactive approach ensures that the relationship remains beneficial and compliant with regulatory requirements.

5) Termination: Preparing for the End from the Beginning

Lastly, Shawn emphasized the importance of planning for termination right from the start. Quoting Stephen Covey's principle of "beginning with the end in mind," he explained that institutions need to have a clear exit strategy. This strategy should account for various scenarios, such as performance failures, risk management issues, or strategic shifts.

"You need to have a mechanism to get out of the contract if they're failing to perform," said Shawn, "termination for convenience clause can be crucial for flexibility."

Real-World Applications and Practitioner Insights

The episode concluded with a teaser for the next installment, where Ryan will share his experiences as a risk practitioner within a RegTech firm. This future discussion promises to provide valuable insights into the practical applications of third-party risk management strategies. Shawn Ryan also recently spoke on this same topic at the Independent Bankers Association of Texas, Connecting Leader Conference. You can download the full presentation below.

Download Presentation

This episode of the Risk Intel Podcast offers a comprehensive look at the evolving landscape of third-party risk management. With expert from the SRA Watchtower team, it provides financial institutions with the knowledge and strategies needed to navigate regulatory guidance and foster successful third-party relationships. Don't miss the next episode, where the conversation will continue with a focus on due diligence, contracting, and ongoing monitoring.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework


Book an


discovery session

enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.


Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.


watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.

Risk Intel

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.


Watchtower News

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework