The CFPB in their Supervision Manual discusses what it expects supervised and non-supervised entities to do relative to managing compliance by their vendors. As always you have to mold your compliance program to meet the make-up and complexity of your business. That means companies with many branches, multi-state operations, and multiple product offerings have different challenges than smaller more focused business such as most of the members of the IFAI. I would suggest as a minimum you make sure your consumer facing vendors (jargon for collection agencies, repo companies, collection attorneys, ancillary product providers and claims processors and other firms that actually directly impact your customers are licensed if necessary, have given you a copy of that license, and acknowledge in writing that they will comply with consumer protection laws.
A recent article on vendor management systems is attached.
As always this is not legal advice. Consult your own attorney for that advice.
CFPB Amends its Vendor Management Guidance Blog Consumer Financial Services Litigation and Compliance
Smith Debnam Narron Drake Saintsing & Myers LLP
USA November 2 2016
The CFPB has amended its guidance on vendor management. According to the CFPB, the amendment was necessary to “clarify that the depth and formality of the risk management program for service vendors may vary depending upon the service being performed – its size, scope, complexity, importance and potential for consumer harm.”CFPB Bulletin 2016-02.The Bulletin, like its 2012 predecessor, makes clear that the supervised entities are responsible with their service providers for their service providers’ compliance with federal consumer financial laws. “While due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable...”
The Bulletin set forth a number of nonexclusive steps it expects covered institutions to take in managing their service providers:
Doing due diligence to insure their service providers understand and are capable of complying with applicable consumer financial laws;
Requesting and reviewing their service providers’ policies, procedures, internal controls, and training materials to insure their service providers are providing adequate training and oversight to insure compliance with applicable consumer financial laws;
Providing contractual provisions in their vendor agreements that provide clear expectations of compliance, as well as appropriate and enforceable consequences for any failure to comply;
Insuring that service providers are prohibited from unfair, deceptive or abusive acts or practices, as well as violations of specific federal consumer financial laws;
Establishing internal controls and on-going audits and examinations of service providers to insure their continued compliance; and
Taking prompt action to address problems identified through the monitoring process, including termination of relationships, if appropriate.
Moreover, the Bulletin makes clear that the CFPB takes the position that it has supervisory and enforcement authority over bank and nonbank supervised service providers and “will exercise the full extent of its supervisory authority over supervised service providers, including its authority to examine for compliance with Title X’s prohibition on unfair, deceptive, or abusive acts or practices.” Service providers and supervised entities alike can expect the CFPB to expand its enforcement net to include entities which are not otherwise covered by the CFPB.
Supervised entities should review their vendor management policies and shore up any weaknesses in their compliance management systems with respect to their vendor management relationships. Service providers, meanwhile, should be reviewing their own policies and procedures to insure compliance with all applicable consumer financial laws. Both supervised entities and service providers should review the CFPB’s Supervision and Examination Manual: Compliance Management Review andUnfair, Deceptive and Abusive Acts or Practices.
Smith Debnam Narron Drake Saintsing & Myers LLP - Caren D.