In July, the Consumer Financial Protection Bureau (CFPB) entered into the first consent order affecting third-party service provider violations. ACE Cash Express Inc., a payday lender, agreed to pay $10 million to settle allegations of improper debt-collection activities. While nothing in the consent order indicates whether the CFPB believes that financial institutions should be held to a strict liability standard for the acts of their service providers, the order does state that the company’s “compliance monitoring, vendor management, and quality assurance did not prevent, identify, or correct instances of misconduct by some third-party debt collectors.” As a result, the CFPB seems to have reinforced its position that financial institutions that use service providers must evaluate and monitor those third parties or face potential financial penalty risks when consumers are harmed. In light of this action, and those that will inevitably follow, lenders can no longer wait to address third party service provider risk. Auditors, regulators, investors, warehouse banks all are concerned about how lenders are managing vendor risk and are increasingly seeking evidence that appropriate plans and policies are in place and working. So what is the best approach? Vetting and monitoring are minimum requirements to meet CFPB Bulletin 2012-3 directives. Lenders must have a plan to evaluate third party risk, monitor it over time and report it when audited. However, those being vetted and monitored need to have internal controls and standards and that is where best practices such as those promulgated by the American Land Title Association (ALTA) are important. Large companies generally have internal controls, corporate governance rules, data privacy and security measures in place. Smaller firms and solo practitioners generally do not. Uniform standards for good business operating rules help to create a baseline for measurement, as well as a uniform expectation of professionalism to give comfort to a vendor’s clients. When vetting (background evaluation and monitoring) and best practices meet, lenders can have reasonable assurances that high quality vendor management is taking place. However, even the best laid plans sometimes go awry. All the vetting in the world and even the most comprehensive best practices cannot stop all fraud. That is where insurance comes into play. Our company was honored in April when certain syndicates of Lloyd’s of London endorsed our vetting and monitoring program with Mortgage Settlement Insurance (MSI). The MSI policy stands behind low risk agents vetted through our platform. Whether it is MSI or some other insurance product (fidelity, errors and omissions or a combination product), lenders do well to seek out a solution to vendor management that incorporates all three elements: Best business practices, vetting and insurance. When these three critical tools interact, lenders thrive and consumers achieve the highest level of protection. The lapses in risk management and loan quality control that resulted in the 2008 collapse and the ensuing passage of the Dodd-Frank Wall Street Reform Act have to be addressed. The confluence of best practices, vetting and new forms of insurance answer the call for better controls, better counterparty relationships, and greater consumer protections. Andrew Liput is president and CEO of Secure Settlements Inc., a company he founded after nearly 10 years studying the problem of escrow and closing fraud and the uninsured risks associated with mortgage closing professionals. He may be reached by e-mail at [email protected].