Jim Freis discusses regulatory compliance and speculates on what might happen in regards to sub-contractor due diligence.
Subcontractor due diligence is definitely one of the areas where more attention is going to need to be given than has been the case in the past. There are practices in the past that are quite common that refer in a contractual agreement, so in the fine print, that says that notice must be given with respect to subcontracting. You can’t effectively pass on this contractual relationship or the delivery of the service to other parties. But in the practical business environment, this is an aspect of challenge. What does it mean?
Ultimately, the regulators are going to hold the financial institutions accountable. And when the financial institutions are held accountable for this, they’re going to put the pressure on their service provider to be able to deliver, to be able to give answers in that regard. It’s going to be a differentiation factor.
The regulations, in some ways –and this is part of the challenge for the banks — conflict with each other. There’s a principle where the language within the regulation itself exhibits the inherent tension between two different things. One is that a financial institution’s focus is meant to be risk-based, meaning that there’s not one-size-fits-all. In each and every subcontractor-contractor relationship, you need to run the full realm of every possible aspect of due diligence, best practices, which are listed therein. On the other hand, how do you know about a potential risk, especially down the chain, if you haven’t asked some of those questions?
So a big part of the challenge for financial institutions is first, where do you prioritize? A big part of that is understanding which services, which relationships, which activities being addressed by these relationships and services are critical for your institution. And in those cases, you definitely have to do the equivalent of what we would call in other areas “enhanced due diligence” and focus down the subcontractor chains.
One of the things that I think the regulators should opine on, and which I put in my public comment letter, is that more guidance should be expected as to how much effort should need to go to this aspect of defining potential subcontractors as well as potential foreign counterpart exposure in any service provider relationship, even beyond those that meet the highest standards of criticality. That’s an open question for us.
