Putting the Management Back in Vendor Management February 20, 2014

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Putting the Management Back in Vendor Management February 20, 2014"

Transcription

1 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan Mugge, CoreLogic

2 The New Landscape: Increasing Regulatory Scrutiny Vendor management practices have recently been subject to increased regulatory scrutiny. Banking regulators issued new guidance in 2012 and Recent enforcement actions have targeted vendor management deficiencies. Possible drivers of increased scrutiny Shift in supervisory focus to operational risks: operational risks increase when a vendor is involved in bank operations. Evolving nature of outsourcing relationships: increased reliance on cloud computing and other technology service providers that present greater operational risks. Some areas of focus: Data security Consumer protection compliance 2

3 Regulatory Guidance OCC OCC Bulletin : Third-Party Relationships OCC Bulletin : Foreign-Based Third-Party Service Providers FDIC FIL : Guidance for Managing Third-Party Risk FIL : Bank Technology Bulletin: Technology Outsourcing Information Documents Federal Reserve SR 13-19: Guidance on Managing Outsourcing Risk SR 00-4 (SUP): Outsourcing of Information Technology and Transaction Processing CFPB CFPB Bulletin : Service Providers 3

4 Regulatory Guidance (cont.) FFIEC IT Examination Booklet on the Supervision of Technology Service Providers (Oct. 2012) Guidance for examiners and banks on supervising TSPs. Uniform Rating System for Information Technology (URSIT). Exam Booklet on Outsourcing Technology Services Risk (Jun. 2004) Risk Management of Outsourced Technology Services (Nov. 2000) Administrative Guidelines Implementation of Interagency Programs for the Supervision of Technology Service Providers (Oct. 2012) 4

5 Enforcement Activity Several consent orders targeted alleged telemarketing sales tactics and/or billing issues by vendors involved in credit card add-ons. Amex: $16.2 million in penalties, $59.9 million in customer redress JPMorgan: $60 million in penalties, $309 million in customer redress. Discover: $14 million in penalties, $200 million in customer redress. Capital One: $60 million in penalties, $150 million in customer redress. Amex 2012 consent orders targeted alleged deceptive and other unlawful credit card practices arising out of oversight of affiliated service providers. $27.5 million in penalties and $85 million in customer redress. First Bank of Delaware consent order targeted alleged AML violations arising out of inadequate oversight of vendor payment processors. $15 million in civil money penalties, $500,000 in customer redress, and loss of charter. Mortgage foreclosure orders 5

6 Mortgage Foreclosure Orders Consent orders with servicers targeted unsafe and unsound practices related to servicing and foreclosure processing. Many of the deficiencies in foreclosure processing were by vendors acting on behalf of the banks, in particular by foreclosure attorneys. Among other things, vendor management deficiencies included: Insufficient policies and procedures governing the selection, management and termination of the law firms facilitating foreclosures; Absence of formal contracts with the law firms; Inadequate oversight of law firms; and Failures to retain originals or copies of documents maintained by foreclosure attorneys. Regulators even took enforcement action directly against vendors LPS and MERS under the Bank Service Company Act. 6

7 General Regulatory Expectations Banking regulators generally expect that a bank will ensure that each vendor: does not present a safety and soundness risk; and complies with applicable law when acting on behalf of the bank. Vendor management is risk-based: a bank should take appropriate risk management steps to identify, assess, monitor and control vendor risks. Risk management steps include: (i) a risk assessment; (ii) due diligence; (iii) an appropriate vendor contract; (iv) monitoring of vendor s performance and financial condition; and (v) contingency planning. OCC also identifies several additional phases of the continuous life cycle that include oversight and accountability, documentation and reporting and independent reviews. No one size fits all approach: tailored to a vendor s risk profile. Expectations apply not just to vendors, but to all third-party relationships. Includes other business arrangements where the bank has an ongoing relationship, e.g. joint ventures and affiliate relationships. OCC Bulletin. 7

8 CFPB Requirements CFPB Bulletin requires Due diligence to verify service provider understands and is capable of complying with Federal consumer financial law; Requesting and reviewing service provider s policies, procedures, internal controls, and training materials to ensure service provider conducts appropriate training and oversight of employees or agents having consumer contact or compliance responsibilities; Including in contract with service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices; Establishing internal controls and on-going monitoring to determine whether service provider is complying with Federal consumer financial law; and Taking prompt action to address fully any problems identified through monitoring process, including terminating relationship where appropriate. 8

9 The Paradigm Has Shifted CFPB regulated entities are expected to carry out consumer protection responsibilities including vendor management. 9

10 Industry Challenges Important consumer protection objectives of policy are understood but there are legitimate concerns. For all regulated entities challenges include: 1. Uncertainty about expectations Which service providers are covered? Some are obvious? Independent entities? 2. Managing risks How much is enough? How much is too much? 3. Managing costs Due diligence, changes to practices, establishing controls, monitoring, etc. all have costs. 4. For independent mortgage bankers and many servicers requirements for vendor management on this scale are new. 10

11 Industry Costs Are Ultimately Consumers Retail Production Expenses ($ per Loan) 11

12 Direct Cost to Service ($/loan) Prime Servicers Specialty Servicers Source: MBA s Servicing Operations Study * Excludes corporate administration costs, unreimbursed FC and REO costs, and compensatory fees. Fully loaded servicing operations costs were $312 per loan for prime servicers and $687 per loan for specialty servicers. 12

13 Managing Challenges Regulatory concerns beyond vendor management requirements make vendor control imperative Servicing imperatives RESPA tolerances and RESPA TILA integration Data security issues Affiliations are one way to manage but QM points and fees calculation has made these difficult at least for third party charges Path- Policies and procedures that guide due diligence Compliance Essentials New agreements Monitoring and scrutiny 13

14 Vendor Risk Management Presented by: Dan Mugge Vice President, Technology Solutions Asset Management & Processing Solutions

15 Compliance Reputational Operational Financial Stability Information Security Business Continuity Others Vendor Risk Management Framework First it should be part of larger Enterprise Governance Risk and Compliance Program Second it should consider numerous risk types Governance Strategy Third, it should be based on five main pillars: 1. Due Diligence & Vendor Selection 2. Risk Assessment 3. Contract Management 4. Monitoring and Oversight 5. Exit Plan Risk Compliance Ultimately the lender is responsible for compliance but remember that one size does not fit all 15

16 Enterprise Governance, Risk & Compliance (GRC) Framework Corporate Strategy, Goals, Objectives Examples of Artifacts Risk Appetite Statement Enterprise Laws, Regs, Policies, Standards, Contracts Governance Purpose Establishes corporate oversight and organizational strategy, goals, objectives, risk appetite, and compliance expectations Enterprise Risk Assessment ERM Process Risk Scan Form and Process Risk Action Plans Enterprise Risk Management (ERM) Identifies and assesses risks that, should they occur, may affect the ability of the organization to achieve its goals and objectives Annual Compliance Plan & Assessment Compliance Process Legal and Regulatory Inventory Compliance reports Compliance Management Ensures organization operates in accordance with laws, regulations, industry standards, internal policies and processes, contracts and other commitments Issue Identification Form Issues Management Process Issues Reporting Issues Management Provides formal mechanism for tracking, escalating, reporting and resolving all organizational issues (e.g., non-compliance, complaints, IT gaps, etc. You must have your house in order 16

17 Vendor Risk Management Program Vendor Risk Management 1. Due Diligence & Vendor Selection 2. Contract Management 3. Risk Assessment 4. Monitoring and Oversight 5. Exit Plan Old World Order Price Performance Expertise Performance Penalties Operational Information Security Business Resiliency Spend Transactional Performance Loosely follow exit terms New World Order Consumer Impact GRC Maturity Policies & Procedures Fiscal Health Business Model Lawsuits/Complaints Training Programs Compliance Expectations Enforceable Consequences Consumer Risk Compliance Risk Financial Risk Reputational Risk Critical Quality Indicators Key Risk Indicators Key Performance Indicators Corrective Action Plans Documented for critical vendors Transfer phase identified Third parties can provide staffing, services and expertise but do not assume ultimate responsibility for compliance 17

18 Pitfalls Inadequate understanding internally and externally of expectations Broader range of risks not considered Lack of expertise within the institution on what the vendor actually does Approaching without a continuous improvement mindset Accountability not clearly defined Lack of investment in mock or internal audits Training and communication not funded Information to support the program and survive an audit was not considered and/or defined A holistic and sustainable approach can help identify and manage risk 18

19 Be Prepared: Check and Check Twice STRATEGY What is your supplier adoption strategy? Is there alignment to corporate strategies? GOVERNANCE Do you have VRM policies and procedures? Are your contractual terms aligned to risks? Do you have exit strategies? RISK Can you determine your vendor risk? Does your vendor have operational policies and procedures? Does your vendor have VRM policies and procedures? COMPLIANCE What measurements are possible, practicable and meaningful? Are you effectively communicating expectations? 19

FinTech Webinar Series: Vendor Management Principles

FinTech Webinar Series: Vendor Management Principles FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special

More information

Any business relationship between a bank and another entity, by contract or otherwise

Any business relationship between a bank and another entity, by contract or otherwise An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise

More information

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

Third-Party Risk Management: Busting Myths and Telling Truths

Third-Party Risk Management: Busting Myths and Telling Truths Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com

More information

Vendor Risk Management Compliance Considerations

Vendor Risk Management Compliance Considerations Vendor Risk Management Compliance Considerations Outlook Live Webinar May 2, 2012 Ariane Smith, Senior Compliance Manager Cathryn Judd, Compliance Examiner Mark Jennings, Compliance Examiner Visit us at

More information

Navigating Vendor Management Issues in Today s Regulatory Environment

Navigating Vendor Management Issues in Today s Regulatory Environment Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services

More information

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility. Third-Party Risk Board Responsibility The Board of Directors and senior management are ultimately responsible for managing activities conducted through third-party relationships as if the activity were

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

Current Issues in Mortgage Origination and Servicing

Current Issues in Mortgage Origination and Servicing Current Issues in Mortgage Origination and Servicing Responding to Heightened Regulatory Demands and Scrutiny Mary Jo Johnson, Lisa Jack, Jonathan McKernan, Eamonn Moran March 19, 2015 Attorney Advertising

More information

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay

More information

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: August 2008 LETTER NO.: 08-CU-19 TO: SUBJ: Federally Insured Credit Unions Third-Party Relationships:

More information

Payment Processor Relationships Revised Guidance

Payment Processor Relationships Revised Guidance Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:

More information

Compliance Risk Management Survey A Point of View

Compliance Risk Management Survey A Point of View FINANCIAL SERVICES Compliance Risk Management Survey A Point of View July 2014 kpmg.com Compliance Risk Management Survey A Point of View 3 Introduction As the financial crisis unfolded, regulators looked

More information

CFPB. Nature and Structure of Products

CFPB. Nature and Structure of Products The sections below include (1) factors that specifically increase the risk that unfair, deceptive, abusive acts or practices, discrimination, or other violations of Federal consumer financial law will

More information

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. In the Matter of THE BANCORP BANK WILMINGTON, DELAWARE (INSURED STATE NONMEMBER BANK) CONSENT ORDER AND ORDER TO PAY CIVIL MONEY PENALTY FDIC-11-698b

More information

Vendor Management Best Practices

Vendor Management Best Practices Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology

More information

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management 2015 LBA Bank Counsel Conference Marx Sterbcow, Managing Attorney, Sterbcow Law Group The Bureau s Scrutiny of Vendor Management

More information

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements isl Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements DataGuardZ White Paper Forti5 BNP Paribas [Pick the date] What is the history behind FFIEC compliance?

More information

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections July 2015 RPL15-04 Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections Executive Summary The expansion of the Internet and the growth in electronic

More information

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014) Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July

More information

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

Are You Ready for the New Foreclosure Processing Regulations?

Are You Ready for the New Foreclosure Processing Regulations? Are You Ready for the New Foreclosure Processing Regulations? New regulator guidance provides banks servicing residential mortgages with expectations in effectively assessing foreclosure processing. The

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. 3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. Abstract: Kudos to the FFIEC agencies efforts to bring more attention and effort to managing 3rd party risk. With so much focus

More information

The Other Side of CFPB Compliance

The Other Side of CFPB Compliance The Other Side of CFPB Compliance Strengthening your compliance program via vendor management Legal Disclaimer This information is for the use of attendees only. Any distribution, reproduction, copying

More information

Executive Fraud Forum October 30, 2013

Executive Fraud Forum October 30, 2013 Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National

More information

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99 20/20 Vision for Vendor Management & Oversight 2013 WBA Technology Conference September 17, 2013 Ken M. Shaurette, CISSP, CISA, CISM, CRISC, IAM Director IT Services Disclaimer The views set forth are

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-14-034 Not Sufficiently Documented April 21, 2014 Office of Inspector General Department of the Treasury Contents Audit Report Background... 2 Results of Audit... 4 OCC Has Updated Guidance

More information

CFPB Update: Regulatory and Enforcement Developments

CFPB Update: Regulatory and Enforcement Developments CFPB Update: Regulatory and Enforcement Developments December 16, 2014, 12:30 1:30 pm ET American Law Institute Webinar Jonathan L. Pompan Alexandra Megaris 1 Agenda Supervision and Examinations What is

More information

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions Section of Antitrust Law 2013 Spring Meeting Wednesday, April 10, 2013 Jonathan L. Pompan Partner, Co-Chair

More information

REGULATORY COMPLIANCE SERVICES

REGULATORY COMPLIANCE SERVICES REGULATORY COMPLIANCE SERVICES COMPREHENSIVE, TAILORED SERVICES Proactive Regulatory Guidance Today s complex regulatory environment is presenting many diffi cult challenges to fi nancial institutions

More information

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... ... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...

More information

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS Purpose This advisory bulletin communicates the Federal Housing Finance Agency s (FHFA)

More information

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions Presented by: Dixie K. Hieb and Robb Schlimgen Davenport, Evans, Hurwitz & Smith, LLP www.dehs.com 2014 Davenport, Evans,

More information

TO: Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel

TO: Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel AL 2000 11 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Title Loan Programs TO: Chief Executive Officers of All National Banks, Department and Division Heads,

More information

Community Bank Risk-Focused Consumer Compliance Supervision Program

Community Bank Risk-Focused Consumer Compliance Supervision Program Community Bank Risk-Focused Consumer Compliance Supervision Program I. INTRODUCTION Overview of the Risk-Focused Framework The consumer compliance risk-focused supervision program is designed to promote

More information

Lender Accountability for Lead Generation

Lender Accountability for Lead Generation Lender Accountability for Lead Generation Tips, Tools and Regs That You Should Know About Presented by: Sarah Hulbert, 1 st Reverse Mortgage USA (Moderator) Bill Trask, Security 1 Lending Jean Noble, Urban

More information

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching John Barnes 713.210.7441 jbarnes@bakerdonelson.com Jessica Hinkie 713.210.7405 jhinkie@bakerdonelson.com Kat Statman

More information

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB) What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB) LeadsCon March 18, 2013 Mirage Hotel & Casino, Las Vegas, NV Jonathan L. Pompan Venable LLP 1 Agenda for Today What

More information

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP)

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) EXAMINATION PROCEDURES Examination Objectives To assess the quality of the credit union s compliance risk management systems, including internal

More information

Vermont Department of Financial Regulation. Together...Working for Vermont

Vermont Department of Financial Regulation. Together...Working for Vermont Vermont Department of Financial Regulation Together...Working for Vermont PROTECTS, LICENSES, AND REGULATES T he Department of Financial Regulation (DFR) is a state agency that touches the lives of every

More information

Supporting Effective Compliance Programs

Supporting Effective Compliance Programs October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think November 15, 2012 Mary Thorson VP, Chartwell Compliance/ICBA CRM I. UDAAP Overview Background II. UDAAP An emerging

More information

Regulatory Practice Letter December 2012 RPL 12-24

Regulatory Practice Letter December 2012 RPL 12-24 Regulatory Practice Letter December 2012 RPL 12-24 CFPB Nonbank Supervision - Larger Participants for Debt Collection and Credit Reporting Final Rules Executive Summary In February 2012, the Bureau of

More information

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

THIRD PARTY PAYMENT PROVIDERS

THIRD PARTY PAYMENT PROVIDERS THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment

More information

Managing specialty finance compliance requirements with a compliance management system

Managing specialty finance compliance requirements with a compliance management system Managing specialty finance compliance requirements with a compliance management system Prepared by: Andrew Amrine, Supervisor, RSM US LLP andrew.amrine@rsmus.com, +1 253 382 2239 September 2013 For over

More information

IV. CREDIT CARD PROGRAM DEVELOPMENT

IV. CREDIT CARD PROGRAM DEVELOPMENT IV. CREDIT CARD PROGRAM DEVELOPMENT The board of directors is responsible for conducting the bank s affairs, including credit card activities. Credit card programs differ considerably among banks because

More information

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

New CFPB mortgage servicing rules present significant challenges for mortgage servicers New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey

More information

Third-Party Payment Processing and Financial Crimes March 14, 2012

Third-Party Payment Processing and Financial Crimes March 14, 2012 Third-Party Payment Processing and Financial Crimes March 14, 2012 Michael Benardo Chief, Cyber Fraud & Financial Crimes Section Division of Risk Management Supervision Federal Deposit Insurance Corporation

More information

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin

More information

CFPB Focus. Five Questions to Ask Before January 10, 2014

CFPB Focus. Five Questions to Ask Before January 10, 2014 Five Questions to Ask Before January 10, 2014 Courtney H. Gilmer, 615.726.5747, cgilmer@bakerdonelson.com 1. Compliance Procedures. Have you updated your written policies and procedures for each of your

More information

CFPB Mortgage Servicing Transfers

CFPB Mortgage Servicing Transfers PwC s CFPB Mortgage Servicing Standards Perspectives Issue 9/October 2014 CFPB Mortgage Servicing Transfers Mortgage Servicing Transfer Bulletin: The revised CFPB guidelines should be a key chapter in

More information

CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues

CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues Presented by: Stefanie H. Jackman Consumer Financial Services Group 678.420.9490 jackmans@ballardspahr.com Trevor Salter Consumer

More information

FDIC Updates Guidance on Payment Processor Relationships

FDIC Updates Guidance on Payment Processor Relationships February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (

More information

Consumer Financial Services. Industry-leading counsel in regulatory compliance, product development, and litigation. Attorney Advertising

Consumer Financial Services. Industry-leading counsel in regulatory compliance, product development, and litigation. Attorney Advertising Consumer Financial Services Industry-leading counsel in regulatory compliance, product development, and litigation Attorney Advertising Recognized for national excellence by Chambers. Vast regulatory experience.

More information

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner

More information

Fortifying the Three Lines of Defense to Combat Compliance Risk

Fortifying the Three Lines of Defense to Combat Compliance Risk Fortifying the Three Lines of Defense to Combat Compliance Risk Today s Presenters Thomas Grundy CRCM, Senior Regulatory Consultant, Wolters Kluwer 30 years regulatory/compliance experience: OCC and Federal

More information

VIRGINIA ASSOCIATION OF COMMUNITY BANKS

VIRGINIA ASSOCIATION OF COMMUNITY BANKS VIRGINIA ASSOCIATION OF COMMUNITY BANKS Spring Internal Audit / Risk Seminar Presented by Lee G. Lester May 26, 2016 Regulatory Hot Topics > De-Risking > Marketplace Lending > Consumer protection initiatives

More information

Third Party Payment Processors Job Aid

Third Party Payment Processors Job Aid Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Board of Directors and Management Oversight

Board of Directors and Management Oversight Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory

More information

Managing third-party relationships: It s complicated

Managing third-party relationships: It s complicated Regulatory November 2013 brief A publication of PwC s financial services regulatory practice Managing third-party relationships: It s complicated Overview On October 30, 2013, the Office of the Comptroller

More information

2014 Financial Services Industry Compliance Benchmark Study

2014 Financial Services Industry Compliance Benchmark Study 2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals

More information

Financial Services Update June 11, 2013

Financial Services Update June 11, 2013 Financial Services Update June 11, 2013 HIGHLIGHTS Federal Regulatory Developments: CFPB Amends Examination Manual State Regulatory Developments: Texas Proposes Constitutional Amendment Regarding Reverse

More information

Supervisory Highlights. Summer 2013

Supervisory Highlights. Summer 2013 Supervisory Highlights Summer 2013 Table of Contents 1. Introduction... 3 2. Supervisory Observations... 5 2.1 Compliance Management Systems... 5 2.2 Mortgage Servicing... 11 2.3 Fair Lending Provision

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Compliance Management Systems A Blueprint for Success

Compliance Management Systems A Blueprint for Success Compliance Management Systems A Blueprint for Success Date or subtitle May 13, 2015 1 Tim Tedrick, CRCM, CRP Partner 815.626.1277 ttedrick@wipfli.com 2 Page 1 Regulatory FDIC https://www.fdic.gov/regulations/compliance/manual/p

More information

OFHEO Director of Supervision OFHEO Office of the Director and Associate Directors Chief Executive Officers of Fannie Mae and Freddie Mac

OFHEO Director of Supervision OFHEO Office of the Director and Associate Directors Chief Executive Officers of Fannie Mae and Freddie Mac OFHEO Examination Guidance Issuance Date: November 8, 2006 PG-06-002 Subject: Examination for Compensation Practices To: OFHEO Director of Supervision OFHEO Office of the Director and Associate Directors

More information

The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change

The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change Agenda What is the CFPB? Brief chronology of the CFPB CFPB investigations and examinations; the cost of non-compliance

More information

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT 2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT CONFERENCE COLUMBIA, SOUTH CAROLINA INTRODUCTIONS: DOWSE B. ("BRAD") RUSTIN IV is a partner with

More information

LRES Corporation. Best Business Practices for an Appraisal Management Company

LRES Corporation. Best Business Practices for an Appraisal Management Company LRES Corporation Best Business Practices for an Appraisal Management Company [This document outlines the key principles and characteristics of an appraisal management company. The contents contained within

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

COMPLIANCE MANAGEMENT SYSTEM

COMPLIANCE MANAGEMENT SYSTEM COMPLIANCE MANAGEMENT SYSTEM Ensuring Your Bank Meets Regulatory Standards Overview of Compliance Exams Examination Purpose: Assess the quality of an institution s compliance management system (CMS) for

More information

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS Shannon Phillips Jr. Independent Bankers Association of Texas 1700 Rio Grande Street Austin, Texas 78701 sphillips@ibat.org 512.275.2221

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

FAQs about ALTA Best Practices for Real Estate Settlement Attorneys and Title Companies

FAQs about ALTA Best Practices for Real Estate Settlement Attorneys and Title Companies Why do I need to have ALTA Best Practices policies and procedures in place and have a CPA give assurance on my compliance to mortgage lenders? In accordance with Consumer Financial Protection Bureau (CFPB)

More information

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence November 20, 2014 2 p.m. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. Sponsored by Affinion Benefits Group E. Andrew Keeney,

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again www.pwc.com/consumerfinance www.pwcregulatory.com The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again January 2015

More information

Regulatory Practice Letter February 2014 RPL 14-05

Regulatory Practice Letter February 2014 RPL 14-05 Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)

More information

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC.

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC. UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC. FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. OFFICER OF COMPTROLLER OF THE CURRENCY WASHINGTON,

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations Secure and Fair Enforcement for Mortgage Licensing Act 1 The Secure and Fair Enforcement for Mortgage Licensing Act of 2008 2 () was enacted on July 30, 2008, and mandates a nationwide licensing and registration

More information

ACI S 6 TH NATIONAL FORUM ON

ACI S 6 TH NATIONAL FORUM ON ACI S 6 TH NATIONAL FORUM ON PREPAID CARD COMPLIANCE The New A in UDAAP, Privacy, Third Party Relationships, and Marketing: Regulatory and Compliance Considerations for Prepaid Cards October 11-12, 2012

More information

CFSA Compliance School, Part II: Implementing an Effective Compliance Management System

CFSA Compliance School, Part II: Implementing an Effective Compliance Management System CFSA Compliance School, Part II: Implementing an Effective Compliance Management System Michelle Hemerley Managing Director FIS Enterprise Governance, Risk & Compliance (EGRC) SoluBon February 2014 Overview

More information

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight Compliance Management System Introduction Financial institutions operate in a dynamic environment influenced by industry consolidation, convergence of financial services, emerging technology, and market

More information

Validating Third Party Software Erica M. Torres, CRCM

Validating Third Party Software Erica M. Torres, CRCM Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT

More information

The New Third-Party Oversight Framework: Trust but Verify kpmg.com

The New Third-Party Oversight Framework: Trust but Verify kpmg.com Financial Services Regulatory Point of View The New Third-Party Oversight Framework: Trust but Verify kpmg.com The New Third-Party Oversight Framework: Trust but Verify 1 Financial services regulatory

More information

Federal Regulatory Agencies Administrative Guidelines. Implementation of Interagency Programs for the Supervision of Technology Service Providers

Federal Regulatory Agencies Administrative Guidelines. Implementation of Interagency Programs for the Supervision of Technology Service Providers Federal Regulatory Agencies Administrative Guidelines Implementation of Interagency Programs for the Supervision of Technology Service Providers OCTOBER 2012 for the Supervision of Technology Service Providers

More information

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one.

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one. THIRD PARTY SUPPLIER RISK MANAGEMENT Meeting Emerging Financial Services Regulatory Requirements By Joseph Yacura, ISG Director www.isg-one.com INTRODUCTION U.S. and Canadian financial services companies

More information