- ICBA supports and encourages community banks as they innovate, both organically and through partnerships with other innovators.
- ICBA supports a legal and regulatory framework, coupled with a supervisory process and operational environment, that allows this innovation.
- ICBA urges banking regulators and other policymakers to ensure that non-banks that offer financial services directly to customers adhere to the same regulatory requirements and are subject to the same oversight as financial institutions.
- ICBA supports the use of data analytics to help community banks identify and eradicate fraud and enhance the customer relationship by obtaining insight into customers’ financial practices.
- ICBA strongly advocates for the development of financial services, channels, and standards that are centered around secure, insured financial institutions while protecting customer funds, information, and privacy preferences.
- ICBA supports initiatives to improve and enhance banking and payments technological and standards infrastructure that are open to all financial institutions, regardless of size.
- ICBA strives to foster awareness of emerging technologies among community banks through education and member communications.
- Community banks rely on core processing technology to maintain a competitive advantage in today’s ever-changing environment. ICBA is working to ensure core processing technology enables community banks to:
- meet and exceed customer expectations for banking products and services;
- comply with legal and regulatory requirements;
- manage expanded operational risk;
- enhance customer information security; and
- achieve ongoing efficiency and profitability.
- ICBA encourages expansion of the Multi-Regional Data Processing Servicer Program (MDPS), the supervisory program for the largest, systemically-important technology service providers, to include financial technology firms, regardless of their size or industry-risk concentrations.
- ICBA supports streamlining the initial due-diligence requirements banks must conduct on third-party vendors.
Technological innovation and deployment, particularly web and mobile, continues to alter the way that consumers and businesses conduct banking and commerce and influences the products that community banks offer. Additionally, technology deployment is altering the risk profile of community banks and subjecting them to a myriad of regulatory requirements and expanded oversight.
The banking agencies play a valuable role in defining and identifying the risks of existing and emerging technologies for both community banks and their service providers. Any guidance should be crafted in a manner that does not hamper innovation or impose undue burden.
Fintech. Financial technology (known as fintech) companies offer new channels to financial products and services for consumers and small business. Fintech companies can serve as valued partners to community banks, but can also disrupt community banks when they provide financial services directly to customers. Federal and state regulatory frameworks for the licensing and regulation of fintech products and services should include consumer and data-security protections consistent with those that apply to the banking industry.
Data Analytics. Community banks desire to use data analytics to deepen their understanding of their customers and help them make better decisions regarding their financial needs. However, this capability is typically not supported by the core processors serving the community bank marketplace.
Core Processing Technology. Core processing technology, the foundational infrastructure for customer transactions, balances, and histories, is now under greater industry scrutiny and market pressure due to advances in online and mobile channels as well as the entry of non-traditional firms. The established and interconnected nature of core processing technology further compounds community banks’ reliance on this capability to stay competitive, efficient, and profitable.
Expansion of Supervision Authority. The current MDPS program allows for a coordination of agency efforts in the evaluation of the firm as well as a “Single Report of Examination” which is provided to the firm and to the firm’s clients. However, it is mostly the larger core processors with concentrated risk that are the focus of regulatory examinations. Examinations of these companies provide some assurances to their customers, and to themselves, that they meet a certain level of safety and soundness –assurances that are not enjoyed by small technology companies and their customers. Expanding examinations to include more third parties would encourage higher security standards across the industry and provide consistency to the small third-party providers as well as their bank customers. It would also provide another layer of scrutiny, in addition to the bank’s due diligence, on the practices of the third-party.
Additionally, limiting examinations to only the largest processors gives those third parties a competitive edge over small businesses when banks are initially requesting proposals and conducting a review of potential relationships. With the benefit of a successful regulatory examination, these companies obtain more clients, continue to grow their market share and reduce competitive market forces. Furthermore, such a trend places community banks at a disadvantage when negotiating contract terms and requesting certain audits and documentation consistent with their regulatory responsibilities.
Banks are responsible for compiling and submitting initial requests for proposals (RFP) from third parties. Banks must evaluate a third-party’s financial condition, business experience and reputation, legal and regulatory compliance program, risk management program, information security program, reliance on subcontractors and insurance coverage.
Staff Contacts: Cary Whaley and Jeremy Dalpiaz