Putting the Management Back in Vendor Management February 20, 2014
|
|
- Griffin Small
- 8 years ago
- Views:
Transcription
1 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan Mugge, CoreLogic
2 The New Landscape: Increasing Regulatory Scrutiny Vendor management practices have recently been subject to increased regulatory scrutiny. Banking regulators issued new guidance in 2012 and Recent enforcement actions have targeted vendor management deficiencies. Possible drivers of increased scrutiny Shift in supervisory focus to operational risks: operational risks increase when a vendor is involved in bank operations. Evolving nature of outsourcing relationships: increased reliance on cloud computing and other technology service providers that present greater operational risks. Some areas of focus: Data security Consumer protection compliance 2
3 Regulatory Guidance OCC OCC Bulletin : Third-Party Relationships OCC Bulletin : Foreign-Based Third-Party Service Providers FDIC FIL : Guidance for Managing Third-Party Risk FIL : Bank Technology Bulletin: Technology Outsourcing Information Documents Federal Reserve SR 13-19: Guidance on Managing Outsourcing Risk SR 00-4 (SUP): Outsourcing of Information Technology and Transaction Processing CFPB CFPB Bulletin : Service Providers 3
4 Regulatory Guidance (cont.) FFIEC IT Examination Booklet on the Supervision of Technology Service Providers (Oct. 2012) Guidance for examiners and banks on supervising TSPs. Uniform Rating System for Information Technology (URSIT). Exam Booklet on Outsourcing Technology Services Risk (Jun. 2004) Risk Management of Outsourced Technology Services (Nov. 2000) Administrative Guidelines Implementation of Interagency Programs for the Supervision of Technology Service Providers (Oct. 2012) 4
5 Enforcement Activity Several consent orders targeted alleged telemarketing sales tactics and/or billing issues by vendors involved in credit card add-ons. Amex: $16.2 million in penalties, $59.9 million in customer redress JPMorgan: $60 million in penalties, $309 million in customer redress. Discover: $14 million in penalties, $200 million in customer redress. Capital One: $60 million in penalties, $150 million in customer redress. Amex 2012 consent orders targeted alleged deceptive and other unlawful credit card practices arising out of oversight of affiliated service providers. $27.5 million in penalties and $85 million in customer redress. First Bank of Delaware consent order targeted alleged AML violations arising out of inadequate oversight of vendor payment processors. $15 million in civil money penalties, $500,000 in customer redress, and loss of charter. Mortgage foreclosure orders 5
6 Mortgage Foreclosure Orders Consent orders with servicers targeted unsafe and unsound practices related to servicing and foreclosure processing. Many of the deficiencies in foreclosure processing were by vendors acting on behalf of the banks, in particular by foreclosure attorneys. Among other things, vendor management deficiencies included: Insufficient policies and procedures governing the selection, management and termination of the law firms facilitating foreclosures; Absence of formal contracts with the law firms; Inadequate oversight of law firms; and Failures to retain originals or copies of documents maintained by foreclosure attorneys. Regulators even took enforcement action directly against vendors LPS and MERS under the Bank Service Company Act. 6
7 General Regulatory Expectations Banking regulators generally expect that a bank will ensure that each vendor: does not present a safety and soundness risk; and complies with applicable law when acting on behalf of the bank. Vendor management is risk-based: a bank should take appropriate risk management steps to identify, assess, monitor and control vendor risks. Risk management steps include: (i) a risk assessment; (ii) due diligence; (iii) an appropriate vendor contract; (iv) monitoring of vendor s performance and financial condition; and (v) contingency planning. OCC also identifies several additional phases of the continuous life cycle that include oversight and accountability, documentation and reporting and independent reviews. No one size fits all approach: tailored to a vendor s risk profile. Expectations apply not just to vendors, but to all third-party relationships. Includes other business arrangements where the bank has an ongoing relationship, e.g. joint ventures and affiliate relationships. OCC Bulletin. 7
8 CFPB Requirements CFPB Bulletin requires Due diligence to verify service provider understands and is capable of complying with Federal consumer financial law; Requesting and reviewing service provider s policies, procedures, internal controls, and training materials to ensure service provider conducts appropriate training and oversight of employees or agents having consumer contact or compliance responsibilities; Including in contract with service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices; Establishing internal controls and on-going monitoring to determine whether service provider is complying with Federal consumer financial law; and Taking prompt action to address fully any problems identified through monitoring process, including terminating relationship where appropriate. 8
9 The Paradigm Has Shifted CFPB regulated entities are expected to carry out consumer protection responsibilities including vendor management. 9
10 Industry Challenges Important consumer protection objectives of policy are understood but there are legitimate concerns. For all regulated entities challenges include: 1. Uncertainty about expectations Which service providers are covered? Some are obvious? Independent entities? 2. Managing risks How much is enough? How much is too much? 3. Managing costs Due diligence, changes to practices, establishing controls, monitoring, etc. all have costs. 4. For independent mortgage bankers and many servicers requirements for vendor management on this scale are new. 10
11 Industry Costs Are Ultimately Consumers Retail Production Expenses ($ per Loan) 11
12 Direct Cost to Service ($/loan) Prime Servicers Specialty Servicers Source: MBA s Servicing Operations Study * Excludes corporate administration costs, unreimbursed FC and REO costs, and compensatory fees. Fully loaded servicing operations costs were $312 per loan for prime servicers and $687 per loan for specialty servicers. 12
13 Managing Challenges Regulatory concerns beyond vendor management requirements make vendor control imperative Servicing imperatives RESPA tolerances and RESPA TILA integration Data security issues Affiliations are one way to manage but QM points and fees calculation has made these difficult at least for third party charges Path- Policies and procedures that guide due diligence Compliance Essentials New agreements Monitoring and scrutiny 13
14 Vendor Risk Management Presented by: Dan Mugge Vice President, Technology Solutions Asset Management & Processing Solutions
15 Compliance Reputational Operational Financial Stability Information Security Business Continuity Others Vendor Risk Management Framework First it should be part of larger Enterprise Governance Risk and Compliance Program Second it should consider numerous risk types Governance Strategy Third, it should be based on five main pillars: 1. Due Diligence & Vendor Selection 2. Risk Assessment 3. Contract Management 4. Monitoring and Oversight 5. Exit Plan Risk Compliance Ultimately the lender is responsible for compliance but remember that one size does not fit all 15
16 Enterprise Governance, Risk & Compliance (GRC) Framework Corporate Strategy, Goals, Objectives Examples of Artifacts Risk Appetite Statement Enterprise Laws, Regs, Policies, Standards, Contracts Governance Purpose Establishes corporate oversight and organizational strategy, goals, objectives, risk appetite, and compliance expectations Enterprise Risk Assessment ERM Process Risk Scan Form and Process Risk Action Plans Enterprise Risk Management (ERM) Identifies and assesses risks that, should they occur, may affect the ability of the organization to achieve its goals and objectives Annual Compliance Plan & Assessment Compliance Process Legal and Regulatory Inventory Compliance reports Compliance Management Ensures organization operates in accordance with laws, regulations, industry standards, internal policies and processes, contracts and other commitments Issue Identification Form Issues Management Process Issues Reporting Issues Management Provides formal mechanism for tracking, escalating, reporting and resolving all organizational issues (e.g., non-compliance, complaints, IT gaps, etc. You must have your house in order 16
17 Vendor Risk Management Program Vendor Risk Management 1. Due Diligence & Vendor Selection 2. Contract Management 3. Risk Assessment 4. Monitoring and Oversight 5. Exit Plan Old World Order Price Performance Expertise Performance Penalties Operational Information Security Business Resiliency Spend Transactional Performance Loosely follow exit terms New World Order Consumer Impact GRC Maturity Policies & Procedures Fiscal Health Business Model Lawsuits/Complaints Training Programs Compliance Expectations Enforceable Consequences Consumer Risk Compliance Risk Financial Risk Reputational Risk Critical Quality Indicators Key Risk Indicators Key Performance Indicators Corrective Action Plans Documented for critical vendors Transfer phase identified Third parties can provide staffing, services and expertise but do not assume ultimate responsibility for compliance 17
18 Pitfalls Inadequate understanding internally and externally of expectations Broader range of risks not considered Lack of expertise within the institution on what the vendor actually does Approaching without a continuous improvement mindset Accountability not clearly defined Lack of investment in mock or internal audits Training and communication not funded Information to support the program and survive an audit was not considered and/or defined A holistic and sustainable approach can help identify and manage risk 18
19 Be Prepared: Check and Check Twice STRATEGY What is your supplier adoption strategy? Is there alignment to corporate strategies? GOVERNANCE Do you have VRM policies and procedures? Are your contractual terms aligned to risks? Do you have exit strategies? RISK Can you determine your vendor risk? Does your vendor have operational policies and procedures? Does your vendor have VRM policies and procedures? COMPLIANCE What measurements are possible, practicable and meaningful? Are you effectively communicating expectations? 19
FinTech Webinar Series: Vendor Management Principles
FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationThird-Party Risk Management: Busting Myths and Telling Truths
Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com
More informationNavigating Vendor Management Issues in Today s Regulatory Environment
Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More informationBoard Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.
Third-Party Risk Board Responsibility The Board of Directors and senior management are ultimately responsible for managing activities conducted through third-party relationships as if the activity were
More informationTo: Our Clients and Friends March 25, 2014
Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors
More informationCFPB Consumer Laws and Regulations
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationCurrent Issues in Mortgage Origination and Servicing
Current Issues in Mortgage Origination and Servicing Responding to Heightened Regulatory Demands and Scrutiny Mary Jo Johnson, Lisa Jack, Jonathan McKernan, Eamonn Moran March 19, 2015 Attorney Advertising
More informationVendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.
Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: August 2008 LETTER NO.: 08-CU-19 TO: SUBJ: Federally Insured Credit Unions Third-Party Relationships:
More informationCompliance Risk Management Survey A Point of View
FINANCIAL SERVICES Compliance Risk Management Survey A Point of View July 2014 kpmg.com Compliance Risk Management Survey A Point of View 3 Introduction As the financial crisis unfolded, regulators looked
More informationFEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.
FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. In the Matter of THE BANCORP BANK WILMINGTON, DELAWARE (INSURED STATE NONMEMBER BANK) CONSENT ORDER AND ORDER TO PAY CIVIL MONEY PENALTY FDIC-11-698b
More informationWho s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management
Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management 2015 LBA Bank Counsel Conference Marx Sterbcow, Managing Attorney, Sterbcow Law Group The Bureau s Scrutiny of Vendor Management
More informationVendor Management Best Practices
Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology
More informationPayment Processor Relationships Revised Guidance
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:
More informationAre You Ready for the New Foreclosure Processing Regulations?
Are You Ready for the New Foreclosure Processing Regulations? New regulator guidance provides banks servicing residential mortgages with expectations in effectively assessing foreclosure processing. The
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationVII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background
Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party
More informationVendor Compliance Management Series: Performing an Effective Risk Assessment
Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must
More information9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99
20/20 Vision for Vendor Management & Oversight 2013 WBA Technology Conference September 17, 2013 Ken M. Shaurette, CISSP, CISA, CISM, CRISC, IAM Director IT Services Disclaimer The views set forth are
More informationPayment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections
July 2015 RPL15-04 Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections Executive Summary The expansion of the Internet and the growth in electronic
More informationREGULATORY COMPLIANCE SERVICES
REGULATORY COMPLIANCE SERVICES COMPREHENSIVE, TAILORED SERVICES Proactive Regulatory Guidance Today s complex regulatory environment is presenting many diffi cult challenges to fi nancial institutions
More informationThe Other Side of CFPB Compliance
The Other Side of CFPB Compliance Strengthening your compliance program via vendor management Legal Disclaimer This information is for the use of attendees only. Any distribution, reproduction, copying
More informationGUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July
More informationExecutive Fraud Forum October 30, 2013
Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National
More information3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.
3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. Abstract: Kudos to the FFIEC agencies efforts to bring more attention and effort to managing 3rd party risk. With so much focus
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationRisks and Precautions with Title Lending
AL 2000 11 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Title Loan Programs TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More informationTable of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...
... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...
More informationVII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background
Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party
More informationCFPB Update: Regulatory and Enforcement Developments
CFPB Update: Regulatory and Enforcement Developments December 16, 2014, 12:30 1:30 pm ET American Law Institute Webinar Jonathan L. Pompan Alexandra Megaris 1 Agenda Supervision and Examinations What is
More informationOffice of Inspector General
Audit Report OIG-14-034 Not Sufficiently Documented April 21, 2014 Office of Inspector General Department of the Treasury Contents Audit Report Background... 2 Results of Audit... 4 OCC Has Updated Guidance
More informationUNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP)
UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) EXAMINATION PROCEDURES Examination Objectives To assess the quality of the credit union s compliance risk management systems, including internal
More informationCommunity Bank Risk-Focused Consumer Compliance Supervision Program
Community Bank Risk-Focused Consumer Compliance Supervision Program I. INTRODUCTION Overview of the Risk-Focused Framework The consumer compliance risk-focused supervision program is designed to promote
More informationRISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions
RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions Presented by: Dixie K. Hieb and Robb Schlimgen Davenport, Evans, Hurwitz & Smith, LLP www.dehs.com 2014 Davenport, Evans,
More informationFEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose
FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS Purpose This advisory bulletin communicates the Federal Housing Finance Agency s (FHFA)
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin
More informationSupporting Effective Compliance Programs
October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,
More informationCFPB Focus. Five Questions to Ask Before January 10, 2014
Five Questions to Ask Before January 10, 2014 Courtney H. Gilmer, 615.726.5747, cgilmer@bakerdonelson.com 1. Compliance Procedures. Have you updated your written policies and procedures for each of your
More informationNavigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions
Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions Section of Antitrust Law 2013 Spring Meeting Wednesday, April 10, 2013 Jonathan L. Pompan Partner, Co-Chair
More informationWhat Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)
What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB) LeadsCon March 18, 2013 Mirage Hotel & Casino, Las Vegas, NV Jonathan L. Pompan Venable LLP 1 Agenda for Today What
More informationConsumer Financial Services. Industry-leading counsel in regulatory compliance, product development, and litigation. Attorney Advertising
Consumer Financial Services Industry-leading counsel in regulatory compliance, product development, and litigation Attorney Advertising Recognized for national excellence by Chambers. Vast regulatory experience.
More informationFortifying the Three Lines of Defense to Combat Compliance Risk
Fortifying the Three Lines of Defense to Combat Compliance Risk Today s Presenters Thomas Grundy CRCM, Senior Regulatory Consultant, Wolters Kluwer 30 years regulatory/compliance experience: OCC and Federal
More informationManaging specialty finance compliance requirements with a compliance management system
Managing specialty finance compliance requirements with a compliance management system Prepared by: Andrew Amrine, Supervisor, RSM US LLP andrew.amrine@rsmus.com, +1 253 382 2239 September 2013 For over
More informationVendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching
Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching John Barnes 713.210.7441 jbarnes@bakerdonelson.com Jessica Hinkie 713.210.7405 jhinkie@bakerdonelson.com Kat Statman
More informationNew CFPB mortgage servicing rules present significant challenges for mortgage servicers
New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey
More informationPreparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship
THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC
More informationThird-Party Payment Processing and Financial Crimes March 14, 2012
Third-Party Payment Processing and Financial Crimes March 14, 2012 Michael Benardo Chief, Cyber Fraud & Financial Crimes Section Division of Risk Management Supervision Federal Deposit Insurance Corporation
More informationIV. CREDIT CARD PROGRAM DEVELOPMENT
IV. CREDIT CARD PROGRAM DEVELOPMENT The board of directors is responsible for conducting the bank s affairs, including credit card activities. Credit card programs differ considerably among banks because
More informationHow To Be Ethical With Lead Generation
Lender Accountability for Lead Generation Tips, Tools and Regs That You Should Know About Presented by: Sarah Hulbert, 1 st Reverse Mortgage USA (Moderator) Bill Trask, Security 1 Lending Jean Noble, Urban
More informationCFPB Mortgage Servicing Transfers
PwC s CFPB Mortgage Servicing Standards Perspectives Issue 9/October 2014 CFPB Mortgage Servicing Transfers Mortgage Servicing Transfer Bulletin: The revised CFPB guidelines should be a key chapter in
More information2014 Financial Services Industry Compliance Benchmark Study
2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals
More informationCFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues
CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues Presented by: Stefanie H. Jackman Consumer Financial Services Group 678.420.9490 jackmans@ballardspahr.com Trevor Salter Consumer
More informationVermont Department of Financial Regulation. Together...Working for Vermont
Vermont Department of Financial Regulation Together...Working for Vermont PROTECTS, LICENSES, AND REGULATES T he Department of Financial Regulation (DFR) is a state agency that touches the lives of every
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationCOMPLIANCE MANAGEMENT SYSTEM
COMPLIANCE MANAGEMENT SYSTEM Ensuring Your Bank Meets Regulatory Standards Overview of Compliance Exams Examination Purpose: Assess the quality of an institution s compliance management system (CMS) for
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationUnfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think
Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think November 15, 2012 Mary Thorson VP, Chartwell Compliance/ICBA CRM I. UDAAP Overview Background II. UDAAP An emerging
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationRegulatory Practice Letter December 2012 RPL 12-24
Regulatory Practice Letter December 2012 RPL 12-24 CFPB Nonbank Supervision - Larger Participants for Debt Collection and Credit Reporting Final Rules Executive Summary In February 2012, the Bureau of
More informationTHIRD PARTY PAYMENT PROVIDERS
THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment
More informationBOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS
BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS Shannon Phillips Jr. Independent Bankers Association of Texas 1700 Rio Grande Street Austin, Texas 78701 sphillips@ibat.org 512.275.2221
More informationManaging third-party relationships: It s complicated
Regulatory November 2013 brief A publication of PwC s financial services regulatory practice Managing third-party relationships: It s complicated Overview On October 30, 2013, the Office of the Comptroller
More informationFAQs about ALTA Best Practices for Real Estate Settlement Attorneys and Title Companies
Why do I need to have ALTA Best Practices policies and procedures in place and have a CPA give assurance on my compliance to mortgage lenders? In accordance with Consumer Financial Protection Bureau (CFPB)
More informationOutsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP
Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationUnderstanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence
Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence November 20, 2014 2 p.m. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. Sponsored by Affinion Benefits Group E. Andrew Keeney,
More informationBoard of Directors and Management Oversight
Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management
More information2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT
2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT CONFERENCE COLUMBIA, SOUTH CAROLINA INTRODUCTIONS: DOWSE B. ("BRAD") RUSTIN IV is a partner with
More informationSupervisory Highlights. Summer 2013
Supervisory Highlights Summer 2013 Table of Contents 1. Introduction... 3 2. Supervisory Observations... 5 2.1 Compliance Management Systems... 5 2.2 Mortgage Servicing... 11 2.3 Fair Lending Provision
More informationValidating Third Party Software Erica M. Torres, CRCM
Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationFinancial Services Update June 11, 2013
Financial Services Update June 11, 2013 HIGHLIGHTS Federal Regulatory Developments: CFPB Amends Examination Manual State Regulatory Developments: Texas Proposes Constitutional Amendment Regarding Reverse
More informationUNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC.
UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC. FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. OFFICER OF COMPTROLLER OF THE CURRENCY WASHINGTON,
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationII. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight
Compliance Management System Introduction Financial institutions operate in a dynamic environment influenced by industry consolidation, convergence of financial services, emerging technology, and market
More informationOFHEO Director of Supervision OFHEO Office of the Director and Associate Directors Chief Executive Officers of Fannie Mae and Freddie Mac
OFHEO Examination Guidance Issuance Date: November 8, 2006 PG-06-002 Subject: Examination for Compensation Practices To: OFHEO Director of Supervision OFHEO Office of the Director and Associate Directors
More informationThird Party Payment Processors Job Aid
Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with
More informationVIRGINIA ASSOCIATION OF COMMUNITY BANKS
VIRGINIA ASSOCIATION OF COMMUNITY BANKS Spring Internal Audit / Risk Seminar Presented by Lee G. Lester May 26, 2016 Regulatory Hot Topics > De-Risking > Marketplace Lending > Consumer protection initiatives
More informationFDIC Updates Guidance on Payment Processor Relationships
February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationThe CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change
The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change Agenda What is the CFPB? Brief chronology of the CFPB CFPB investigations and examinations; the cost of non-compliance
More informationFederal Regulatory Agencies Administrative Guidelines. Implementation of Interagency Programs for the Supervision of Technology Service Providers
Federal Regulatory Agencies Administrative Guidelines Implementation of Interagency Programs for the Supervision of Technology Service Providers OCTOBER 2012 for the Supervision of Technology Service Providers
More informationLRES Corporation. Best Business Practices for an Appraisal Management Company
LRES Corporation Best Business Practices for an Appraisal Management Company [This document outlines the key principles and characteristics of an appraisal management company. The contents contained within
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationFINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings
FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings EDWARD G. ROSENBLATT, MCGUIREWOODS LLP, WITH PRACTICAL LAW CORPORATE & SECURITIES This Note discusses broker-dealers' affirmative
More informationCompliance Management Systems A Blueprint for Success
Compliance Management Systems A Blueprint for Success Date or subtitle May 13, 2015 1 Tim Tedrick, CRCM, CRP Partner 815.626.1277 ttedrick@wipfli.com 2 Page 1 Regulatory FDIC https://www.fdic.gov/regulations/compliance/manual/p
More informationACI S 6 TH NATIONAL FORUM ON
ACI S 6 TH NATIONAL FORUM ON PREPAID CARD COMPLIANCE The New A in UDAAP, Privacy, Third Party Relationships, and Marketing: Regulatory and Compliance Considerations for Prepaid Cards October 11-12, 2012
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationThe New Residential Mortgage Origination and Servicing Regulatory Landscape
The New Residential Mortgage Origination and Servicing Regulatory Landscape September 27, 2013 Robert R. Davis American Bankers Association 1120 Connecticut Avenue, NW Washington, DC 20036 (202) 663 5588
More informationCFSA Compliance School, Part II: Implementing an Effective Compliance Management System
CFSA Compliance School, Part II: Implementing an Effective Compliance Management System Michelle Hemerley Managing Director FIS Enterprise Governance, Risk & Compliance (EGRC) SoluBon February 2014 Overview
More informationOffice of Audits and Evaluations Report No. AUD-15-008
Office of Audits and Evaluations Report No. AUD-15-008 The FDIC s Role in Operation Choke Point and Supervisory Approach to Institutions that Conducted Business with Merchants Associated with High-Risk
More informationTHIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one.
THIRD PARTY SUPPLIER RISK MANAGEMENT Meeting Emerging Financial Services Regulatory Requirements By Joseph Yacura, ISG Director www.isg-one.com INTRODUCTION U.S. and Canadian financial services companies
More informationCOMMENTARY. occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products JONES DAY
December 2013 JONES DAY COMMENTARY occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products The Office of the Comptroller of the Currency ( OCC ) and the Federal
More informationDRAFT: SunTrust Mortgage: Consent Order - Response. Version: 3.0 Date: December 6, 2011
DRAFT: SunTrust Mortgage: Consent Order - Response Enhanced Audit Program Enhanced Audit Program Version: 3.0 Date: December 6, 2011 Table of Contents 1. Enhanced Audit Program... 3 1.1 Overview... 3 1.2
More information