A hot topic that has morphed from the Compliance frenzy is 3rd Party Vendor Management. Consumer Financial Protection Bureau (CFPB) regulators are clear about their stance: when a transaction between a financial institution and its customer involves a third-party, the financial institution is still responsible for compliance with laws and regulations.
The CFPB has examination authority for banks and certain nonbank entities, including debt collection and student loan servicing. The bureau currently is looking to determine what steps these entities and their vendors are taking to comply with consumer protection regulations.
National List’s Kacey Rask says, “The buzz I’m hearing in calls to our office is that many of our forwarding clients are requiring law firms to utilize an outside source to inspect all their vendors. I know that some of our clients are also requiring our law firm members to write policies and procedures on vendor management, and conduct inspections to ensure they aren’t using high risk vendors.”
How National List Can Help
In response to the increased pressure and work load being put on our attorney members by compliance issues, NL is developing partnerships with two companies that can do some of the work required to manage vendors and ensure compliance, both inside and outside of member firms, including:
- Writing policies & procedures for vendor management
- What to consider when auditing
- What to consider for site inspections
Writing Policies and Procedures
Our partner KirkpatrickPrice (KP) is making available a FREE webinar series hosted by NL and drawing on KP’s compliance expertise. The webinars are designed to assist any law firm, no matter what size, with possible CFPB concerns. You can access the webinar information at http://www.nationallist.com/webinars.
Members who want to learn more about these topics can contact NL for a referral to KirkpatrickPrice. The next webinar, scheduled for August 13, 2014 at 1:30 CST will specifically cover vendor compliance management and tools available to automate the process. To register, click here.
What to Consider for Onsite Inspections
NL Partner ComplyTraq (CT) offers compliance services for organizations that handle public and private consumer data. By working with CT, we soon will be able to offer our law firms and clients a “special rate” for vendor inspections. Watch for an email announcing when you can begin to take advantage of this partnership rate. Clients that are requiring onsite inspections are looking for video cameras and other on-site security, building specifications, data security, etc.
ComplyTraq is an approved third party credentialing vendor for Experian, Equifax, Trans Union and ChoicePoint. They are Credit bureau certified. Now mandated under FCRA requirements, the site survey process is critical to proper credentialing of users who access consumer information. Their site survey process includes:
- Onsite industry specific inspection
- Completion of property observation form
- Minimum of four clear photos of interior and exterior (a photo of the business license will be taken if available)
- Stringent on-site inspection guidelines from certified site inspectors
- Automated tracking and proven confirmation process for fast turnaround and rapid approvals
What to Consider When Auditing? Determine the risk associated with each vendor. The questions you ask should ensure you are covering the associated areas of risk.
- Does the vendor perform services that require consumer interactions? (i.e., Process Server)
- Does the vendor receive and store confidential data? (i.e., Data Vendor)
- Does the vendor require unattended access? (i.e., Office Cleaning)
- Define the audit program based on the associated risk
- Consider your acceptable requirements
- Base your site visit and remote audit on your requirements accordingly
Need more help? NL Partner KirkpatrickPrice can help you develop a vendor compliance management program including policies, procedures, audit framework and audit work plans.
1. Managing Third-Party Vendor Compliance Under the CFPB; This article appeared in “Risk and Compliance Journal.” Some the highlights of the article include:
In April 2012, the CFPB released guidance about its expectations around vendor risk management. Financial institutions are responsible for making sure third-party vendors that act on their behalf comply with consumer protection rules and laws. “That means that financial institutions under the jurisdiction of the CFPB and the other regulators will have to evaluate the risk profile of vendors, as well as retain evidence of risk and compliance management activities of those third parties,” said Kevin Blakely, senior advisor to Deloitte’s Governance, Regulatory and Risk Strategies Group.
CFPB expectations for third-party management
- Develop an effective process for managing the risks of third-party relationships.
- Ensure relationships with third parties do not present unwarranted risks to consumers and that the vendors are complying with federal consumer law.
- Demonstrate that unfair, deceptive or abusive acts or practices have not occurred.
Applying CFPB expectations
- Confirm the third party’s ability to comply with federal consumer financial laws.
- Assess the third party’s training and oversight of employees.
- Enforce compliance through contracts.
- Monitor the third party for compliance with federal consumer financial law.
- Ensure timely response to risk exposures and other consumer protection issues.
- “Three steps toward getting to ‘strong’ in compliance risk management are to: identify third parties that interact with customers, determine the third party’s risk profile, and manage the third party to the financial institution’s compliance standards,” Chris Spoth, a director in Deloitte & Touche LLP’s Banking & Securities Regulatory practice, noted.
To read the full article, click here.
2. Vendor Management: Best Practices for Your Small Business; this article appeared in Business Bee. Some tips included and enlarged upon in the article are:
- Take your time selecting a vendor.
- Know the terms of the contract.
- Meet the vendor’s needs.
- Monitor the vendor’s performance constantly.
To read the complete article, click here.
The National List is your Go-To-Resource for compliance. We lead the industry in compliance by providing clients with their own Compliance Program that aids them in gathering needed documentation and compliance data on their NL attorney network. You can learn more about it on our website. We aid attorneys in providing the documentation to qualified recipients so they don’t have to waste time and resources by doing it repeatedly themselves. We are expanding our compliance resources by partnering with companies like KirkatrickPrice and ComplyTraq.
by Marti Lythgoe, NL Editor