Banks use a lot of different third-party vendors to help fulfill the services and products they provide for customers. However, the compliance and security standards required for these vendors have increased exponentially since the beginning of Know Your Vendor regulation—and even earlier than that when vendor risk management came into focus in 2008.

Are banks now able to use third-party marketers (TPM) that market for them or third-party administrators (TPA) that administer insurance, to increase their revenue, or are they required to operate these agencies in-house?

The short answer is yes, with the proper due diligence and compliance vetting. Or better yet, choose a TPA that offers marketing because they are already regulated by each individual state for their carriers and the National Association of Insurance Commissioners for themselves.

What Does Know Your Vendor (KYV) Mean for Banks?

As recent headlines have shown, when regulations are not in place—or safety precautions are not followed properly—banks can risk losing customers’ trust, cause harm to customers’ financial wellness, and even collapse the bank itself.

So, how do you know where to toe the line between avoiding all new third-party vendors or having a growth strategy? Well, a good start is to ensure you are working with a compliant vendor that has extensive compliance experience.

Most banks are aware of OCC Bulletin 2013-29 and Know Your Vendor. However, understanding which vendors are affected and how they can avoid financial penalties is a little more difficult.

How is a third-party relationship defined? OCC Bulletin 2013-29 defines a third-party relationship as any business arrangement between the bank and another entity, by contract or otherwise.

Can Banks Use Third-Party Marketers?

Third-party marketers obviously fall under the definition of a third-party relationship given by OCC Bulletin 2013-29, meaning they are affected by Know Your Vendor.

The CFPB views TPMs as they view other third-party vendors and has told banks that any digital or direct marketing providers must provide federal consumer finance protections.

While this has been the case since the start of Know Your Vendor, it was not explicitly stated until the interpretive rule issued in August of 2022 stated that “digital marketers that are involved in the identification or selection of prospective customers or the selection or placement of content to affect consumer behavior are typically service providers for purposes of the law.”

Banks should not work with just any TPM, and the ones they do work with should be vetted thoroughly, to ensure they comply with consumer finance protection requirements and have significant compliance experience. A TPM that does not specialize in insurance marketing for financial institutions could put your bank at risk of marketing compliance violations, potentially resulting in significant fines.

Are Banks Allowed to Use Third-Party Administrators?

Some third-party marketers are also third-party administrators that help banks add insurance programs to their list of offerings to increase revenue and build consumer loyalty.

Insurance providers, including TPAs, are monitored by the Department of Insurance, so their compliance standards vary by state, but even with their stricter regulations, much had to change to ensure they were now complying with banks’ Know Your Vendor requirements.

However, many banks cut ties with their TPAs at the onset of Know Your Vendor, partly because the guidelines were unclear, and partly because it was just more vendor screening they would have to do to ensure compliance.

Many banks are also still unsure if they are able to provide insurance to customers through a TPA rather than trying to operate entire agencies in-house.

Banks choosing to work with reputable TPAs that are properly licensed and compliant with marketing laws can rest assured that their customers will be protected and that TPAs will not put the bank at risk of violating Know Your Vendor.

Since insurance regulations vary on a state-by-state level, TPAs are required to abide by each state’s laws regarding operational procedures, marketing, and products they can offer in that state. TPAs work with many vendors too, in providing insurance administration services. Each of these vendors is vetted according to the same guidelines banks are required to use for vetting their own vendors.

Benefits of Using a TPA or TPM for Banks

Outsourcing marketing services or utilizing a TPA to provide insurance to your customers has many benefits for banks, many of which directly affect the return on investment of an insurance program offered by your institution. Trying to build an entire program like this in-house may cost more than it makes due to the large number of highly knowledgeable employees and resources you would need to fund. Some other benefits include:

  • Access to an entire team of experts rather than just a few in-house employees
  • Savings over investing in in-house marketing, data analysis, and insurance administration
  • Access to the products of multiple top-rated insurance companies
  • Ability to offer customers complimentary coverage, often increasing loyalty and retention
  • Additional revenue generated without increasing workload for internal marketing staff or paying for direct marketing
  • Ability to offer insurance to all customers regardless of income level
  • Consistency of service that isn’t reliant on internal staffing/retention

Tips for Navigating Know Your Vendor

Many banks are just now getting back into the process of hiring third-party vendors outside of everyday services like payment processing.

While using TPAs and TPMs is allowed under KYV, here are some tips to ensure you’re following the KYV practices that will help keep your bank, customers, and bottom line safe.

  1. Conduct thorough vendor due diligence through risk compliance programs and vendor onboarding. Make sure you’re asking the simple questions too, like what compliance experience do you have with marketing, and do you know how to ensure we are following all state and federal compliance regulations?
  2. Ask questions about their insurance, what outside vendors they use and their vetting process for them, and their background check process for employees.
  3. Review the vendor’s data management practices, including how data is acquired, processed, and stored and the protections put into place for your customers.

With the Know Your Vendor compliance efforts you have probably already put in place over the past few years, these vendor risk assessments should be pretty routine and help ensure you are covered with CFPB and FDIC requirements for financial institutions.

Compliant Third-Party Vendor That Increases Revenue

Franklin Madison can offer you a team of insurance industry marketing experts for financial institutions. And for 50 years, we’ve helped forward-thinking banks and credit unions bring new levels of protection and peace of mind to their consumers.

Not only do we take measures to ensure we are compliant with all state and federal insurance marketing laws, but we also stringently vet all of our own vendors. Learn how our financial wellness products can help build customer loyalty and increase revenue for your bank.