The Department of Financial Institutions (DFI) is authorized to regulate state-chartered financial institutions, including banks, savings banks, savings and loan associations, and other similar institutions. Service providers may contract with financial institutions to provide a variety of services, and the DFI generally has limited authority under state law to examine or regulate such providers.
The Director of the Department of Financial Institutions (Director) is authorized to examine a service provider that provides a certain service to a state-chartered bank, savings bank, or savings and loan association, to the same extent as if the service was performed by the financial institution itself, provided that the Director finds that:
The Director may enter into examination and information sharing agreements with any state or federal agency that has joint or concurrent jurisdiction over a service provider. The Director may accept service provider reports of examination made by any other state or federal agency in lieu of examination authorized under state law. A service provider report of examination written or obtained by the Director is confidential, subject to state and federal law and certain exceptions.
If the Director performs an examination with any other state or federal agency and produces a joint service provider report of examination, a copy may be furnished to:
If the Director performs an examination and produces a state-only service provider report of examination, a copy may be furnished to:
The Director may take enforcement actions against a service provider for planning, attempting, or currently violating any state or federal law, or engaging in any unsafe or unsound practice, to the same extent and as if the service was performed by the financial institution itself. The Director may enter into joint examinations or joint enforcement actions with other state or federal agencies having joint or concurrent jurisdiction over a service provider.
(In support) Over the years, key banking functions have migrated off bank premises. Banks now utilize third-party service providers for key functions, such as cybersecurity, data privacy, and other consumer protections. The Department of Financial Institutions (DFI) is seeking authority to cooperate with other state and federal regulatory partners to share information and participate in examinations related to service providers. Thirty-five other states already have similar authority. This bill was developed with industry stakeholders, and the DFI understands that the stakeholders support this bill.