Abstract
Modern banks rely on numerous third-party service providers. They host data using cloud services, rely on clearinghouses to settle financial transactions, and automate their operations using financial technology and artificial intelligence. Alongside convenience, cost savings, and sophistication, reliance on these service providers brings risks. Dysfunction in third-party services can lead to data breaches, core service outages, or—potentially—systemic risk. And the odds of these risks coming to fruition only increase as the market for service provision becomes more concentrated.
However, one clause of a little-studied antitrust statute from the 1960s provides regulators with the ability to supervise third-party services. This statute—the Bank Service Company Act—stands as a bulwark against third-party risk: when banks export enumerated services to third parties, the bank regulators may supervise the services as if the bank itself were performing them. This Note provides a comprehensive history of the Act and a detailed explanation of its current application. Focusing on three main areas—scope, enforcement, and transparency—this Note finds the statute’s outer limits and recommends changes based on these limits. While some parts of the Act, including its enforcement powers and scope, should be revised, agency action could improve transparency around services and service providers even under the statute’s current form.
Citation
Jacob Cunningham,
The Limits of the Bank Service Company Act,
74 Duke Law Journal
227-268
(2024)
Available at: https://scholarship.law.duke.edu/dlj/vol74/iss1/4