The CFPB recently issued Compliance Bulletin 2016-02, which updates the Bureau’s guidance on vendor management and oversight. The Bulletin clarifies that the depth and formality of the risk management program put in place to monitor service providers may vary depending on the type of service(s) being performed and the performance of the service provider in complying with federal consumer financial laws and regulations. Specifically, the Bureau noted that the size, scope, complexity, importance, and potential for consumer harm were factors to take into consideration when assessing the scope of a vendor risk management and oversight program. Consistent with previous guidance, the Bulletin noted that in order to limit the potential for statutory or regulatory violations and related consumer harm, supervised banks and nonbanks should take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers and outlined a number of recommended actions. Interestingly, the Bureau continued to emphasize the potential for UDAAP (Unfair, Deceptive and Abusive Acts or Practices) violations inherent in third party service provider relationships, an area we have seen the Bureau enforce heavily via enforcement actions in the past few years.
As a mortgage banking focused law firm, AMLG continues to be involved in our clients’ vendor management efforts. If you need assistance setting up or strengthening your company’s vendor management oversight program, updating your related policies and procedures, negotiating related contracts, or more, please contact AMLG Managing Member James Brody by clicking here.