Risk & Compliance Hot Topics: Third-Party Risk Guidance, AI Chatbots in Banking, Regulatory Burden

This month’s roundup of recent news and developments in the world of governance, risk, and compliance (GRC) for financial services includes:

• New interagency guidance for third-party risk management
• Chatbot use and AI risks in consumer finance
• Regulatory compliance pressures

Let’s dive in:

Banking regulators issue final guidance on third-party risk management

On June 6, the Federal Reserve, FDIC, and OCC finalized their guidance on managing risks associated with third-party relationships. The long-awaited joint guidance, proposed in July 2021, offers principles for a risk-based approach to third-party management, covering the following stages of the vendor lifecycle: planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination.

The guidance replaces existing guidance for each agency, and while it doesn’t impose any new requirements, it has drawn some criticism for its potential impact on community banks and other smaller institutions.

“Although this guidance suggests that a sound third-party risk management framework should be appropriately tailored to a bank’s level of risk, complexity, and size, it does not provide the necessary clarity or supplemental tools to facilitate small bank implementation,” Michelle Bowman, a member of the Board of Governors of the Federal Reserve System, said in a statement.

“My expectation is that community banks will find the new guidance challenging to implement…. While today’s guidance may be a helpful step to promote sound third-party risk management and enhance interagency consistency among regulators, it is also part of a troubling pattern of the agencies’ deviation from the risk-based, tailored approach to supervising and regulating banks.”

CFPB flags AI chatbot risk factors for financial institutions

On June 6, The Consumer Financial Protection Bureau (CFPB) released a report on the use of chatbots for customer service in the financial services industry, highlighting the risks and potential problems of relying on advanced technology, particularly AI-powered tools and other automated solutions.

“Financial institutions risk violating legal obligations, eroding customer trust, and causing consumer harm when deploying chatbot technology,” the report states. “Like the processes they replace, chatbots must comply with all applicable federal consumer financial laws, and entities may be liable for violating those laws when they fail to do so. Chatbots can also raise certain privacy and security risks.”

This comes on the heels of a joint statement issued by the CFPB and other federal regulators in late April warning against AI-based discrimination and consumer rights concerns.

In related news reported by The Wall Street Journal, Securities and Exchange Commission (SEC) Chair Gary Gensler recently warned against the potential “systemic risk” posed to the U.S. financial system by artificial intelligence.

“You don’t have to understand the math, but [you have] to understand…the risk management,” Gensler said at a Financial Industry Regulatory Authority (FINRA) conference, emphasizing that despite the efficiency financial institutions stand to gain, AI systems should be closely scrutinized.

Survey of compliance professionals highlights rising regulatory burden

The latest Cost of Compliance Report from Thomson Reuters highlights challenges that compliance teams are facing this year, including the increasing volume of regulatory change and rising cost pressures.

Notably, 73% of survey respondents expect the volume of regulatory change to increase over the next 12 months, noting that this is a top challenge for boards and compliance officers.