Regulators Tighten Rules on Vendor Management

Banker Resource
April 16, 2014 — 2,168 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

While the financial services industry is not new to vendor management and oversight issues, the enforcement measures taken by Consumer Financial Protection Bureau (CFPB) and Office of the Comptroller of the Currency (OCC) highlight the increased attention taken by federal regulators. The board of directors of any bank must remain vigilant of the possible hazards due to outsourcing of functions to the third parties. If it is not done, then the financial institution may face considerable financial and reputation harm.


The CFPB entered the arena armed with the mandate made by Title X of Dodd Frank Act created for the protection of consumers. It issued the Bulletin 2012-03. Although the bulletin contained a message nearly the same to the guidance which was issued by the FDIC and OCC, it offered additional insight. The bulletin took note that the Title X of Dodd-Frank offered a definition of “service provider” which is inclusive of any person who offers a material service to any covered person in association with  provision or offering by such a covered person of a financial service or product.

More importantly, the bulletin offered banks a non-comprehensive list of the steps to make sure that the business arrangements with the service providers do not present consumers the element of unwarranted risk. This include:

  • Conducting an exhaustive due diligence to make sure that the service provider can understand and is capable of all compliance with the consumer financial law.
  • Reviewing and requesting the procedures, policies, training materials and internal controls to guarantee that service provider conduct the proper training and the oversight of agents or employees who have compliance responsibility and consumer contact.
  • The contract with service provider offers clear  expectations about compliance and also the appropriate and enforceable results for violating against compliance-related responsibilities, including the engagement in abusive, deceptive or unfair act or practices.
  • Establish internal controls. Monitoring to find out whether the service provider is fully complying with the laws related to federal consumer finance.  
  • The taking of any swift action to solve problems that are identified via the monitoring process. This includes ending the relationship where it is appropriate.

Like old boss

Although not any one among the three-FDIC, CFPB and OCC offers community banks with explicit exemption from the mandates of vendor management, the set of rules include a statements which is similar in the content to which is expressed in FIL-44-2008.

Banker Resource