With evolving regulatory expectations and increased enforcement exposure, financial institutions are under more scrutiny than ever. Nowhere is this more evident than in the management and oversight of service providers. When service providers are part of an institution’s business practice, understanding the expectations of regulators, investors, and counterparties for compliance with consumer financial laws is critical.
In 2012, the CFPB issued Bulletin 2012-03, which outlines the CFPB’s expectations regarding supervised institutions’ use of third party service providers. Banks and nonbanks alike are expected to maintain effective processes for managing the risks presented by service providers, including taking the following steps:
- Conducting thorough due diligence of the service provider to ensure that the service provider understands and is capable of complying with federal consumer financial law
- Reviewing the service provider’s policies, procedures, internal controls, and training materials
- Including clear expectations in written contracts
- Establishing internal controls and on-going monitoring procedures
- Taking immediate action to address compliance issues
Implementing consistent risk-based procedures for monitoring third party service provider relationships is an extremely important aspect of meeting the CFPB’s expectations and mitigating risk to the institution. Read more…