ABA Urges OCC to Supervise Outside Service Providers

The American Bankers Association ("ABA") urged regulators to supervise third-party service providers by expanding examination beyond IT security to assess providers' ability to support compliance with new laws and regulations. 

In a comment letter responding to the Office of the Comptroller of the Currency's "Request for Information Regarding Community Banks’ Engagement with Core Service Providers and Other Essential Third-Party Service Providers," the ABA alleged that core outside service providers often "hinder community bank modernization" through restrictive practices and outdated technology support. The ABA argued that some core providers restrict access to essential data and treat Application Programming Interfaces ("APIs") as premium features rather than baseline infrastructure, often charging high fees or failing to support connections altogether. The ABA noted that resource constraints at these providers result in excessive delays, with banks often waiting 12 to 18 months for data extraction support needed for innovation projects.

Further, the ABA asserted that restrictive non-disclosure agreements ("NDAs") prevent banks from comparing prices and contract terms, which "reinforces concentration risk" and discourages banks from switching providers.

The ABA also recommended that regulators support industry-led, consensus-based due diligence standards for AI, to address risks such as model bias and data security. They acknowledged that community banks are exploring stablecoins and tokenized deposits but require clear regulatory guidance and a level playing field with non-bank competitors.

Finally, the ABA described contracting challenges, urging regulators to reinforce the importance of enforceable Service Level Agreements and noting the difficulties banks face when negotiating with FinTechs that lack familiarity with bank regulatory requirements.