Vendors pose a risk for banks and non-banks alike … and the Consumer Financial Protection Bureau (CFPB) is monitoring those risks. “Consumers are at a real disadvantage because they do not get to choose the service providers they deal with—the financial institution does,” said CFPB Director Richard Cordray in a release from the CFPB. “Consumers must not be hurt by unfair, deceptive or abusive practices of service providers. Banks and non-banks must manage these relationships carefully and can be held accountable if they break the law.”
The CFPB has specified that “supervised entities” are responsible for ensuring that their vendors and service providers are in compliance of federal financial laws.
Here are few items you should know about vendor management compliance.
1. There is a difference between a vendor and a service provider
A vendor is a person or organization that vends or sells a product. A service provider sells a service, like consulting or staffing. In the mortgage arena, vendors do not come in contact with consumers or client files. The “vendors” who usually cause the extra compliance risk are in fact “service providers.” These companies offer services that bring them into contact with consumers, consumer data, loan files, and decision-making processes which are regulated by the government. You are liable for your service providers when they are in contact with your consumers or loan files.
2. Be diligent about ensuring vendor/service provider compliance, or you put your own organization at risk
When you hire a vendor or service provider, they may seem like they are responsible and compliance-ready. You may feel confident to trust that they are compliant since they are a reputable company and actually doing the work that requires compliance. Do not follow this route.
The law holds you liable for their actions. Make sure you have policies and procedures in place to monitor their activities to ensure compliance of the law. More importantly, make sure you have a Compliance Management System in place for all aspects of CFPB compliance.
3. Get your senior management and board of directors involved
CFPB guidance clearly conveys the expectation that the board of directors and management will “develop a plan of action for oversight of service-provider (vendor) relationships.” Your vendor management policy requires their final approval. To take it a step further, your staff vendor management training should also reflect the internal policies of your business.
So, how do you manage vendor compliance?
The AllRegs Compliance Management System gives you the tools you need to ensure that your entire organization is compliant with the CFPB through technology and professional services. Our system gives you access to courses like Examining Vendor Management to train your staff. You can also work with the AllRegs Professional Services Group on a customized Vendor Management policy.
To learn more, visit us at www.allregs.com or contact your dedicated account executive at (800) 848-4904.
This article originally appeared in the May 2014 edition of National Mortgage Professional Magazine.