Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence



Similar documents
NCUA LETTER TO CREDIT UNIONS

Any business relationship between a bank and another entity, by contract or otherwise

Outsourcing Technology Services A Management Decision

CFPB s Final Mortgage Regulations:

Office of Inspector General

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

Navigating Vendor Management Issues in Today s Regulatory Environment

CFPB Consumer Laws and Regulations

Summary of Key Proposed Changes to NCUA s Member Business Loan Rule

White Paper on Financial Institution Vendor Management

How To Write A Credit Union Loan Policy

Information Technology

Vendor Risk Management in the New Regulatory Environment. kpmg.com

WiFiAccessCode: LEADSPEDIA Follow at #leadscon Thursday, 4:00 4:45PM

The Other Side of CFPB Compliance

COMMENTARY. occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products JONES DAY

Vendor Compliance Management Series: Performing an Effective Risk Assessment

OCC 98-3 OCC BULLETIN

Reverse Due Diligence A New Trend In Financial M&A

CFPB Update: Regulatory and Enforcement Developments

Compliance Risk Management Survey A Point of View

Cybersecurity Workshop

Minimizing Legal and Compliance Risk for Credit Furnishers

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Due Diligence and Effective Vendor Management. Corporate America Credit Union 30 th Annual Meeting May 1, 2012

How To Be Ethical With Lead Generation

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

CONFERENCE OF STATE BANK SUPERVISORS AMERICAN ASSOCIATION OF RESIDENTIAL MORTGAGE REGULATORS NATIONAL ASSOCIATION OF CONSUMER CREDIT ADMINISTRATORS

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit

Charter of the Compliance and Operational Risk Management Office (CORMO)

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

NCUA LETTER TO CREDIT UNIONS

Vendor Management Best Practices

Do You Know Who Your Closing Agent is? MBA's Risk Management and Quality Assurance Forum September 9-11, 2012 Omni Dallas Hotel Dallas, TX

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies

January 6, The financial regulators 1

Supervisory Letter. Current Risks in Business Lending and Sound Risk Management Practices

CFPB Readiness Series: Compliant Vendor Management Overview

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection

Servicing Issues Update

Credit Union Liability with Third-Party Processors

Work Plan ongoing and planned audit and evaluation projects. Current as of June 5, 2015

Managing Sub-Servicing Partnerships

Questions and Answers About the Identity Theft Red Flag Requirements

TILA RESPA An Overview

Anti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents

CFPB Regulations on Ability to Repay and Qualified Mortgages. MDDCCUA Training

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

CLIENT UPDATE THE CFPB ISSUES BULLETIN ON INDIRECT AUTO LENDING AND COMPLIANCE WITH THE EQUAL CREDIT OPPORTUNITY ACT

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions

How To Comply With The Safety And Security Act Of 2008

Risks and Precautions with Title Lending

Contents. NCRC Analysis of Bank Account Complaints by Zip Code Summary of Findings. Summary of Findings Recommendations... 4

Supporting Effective Compliance Programs

Time to Revamp the Compliance Management System

The New Third-Party Oversight Framework: Trust but Verify kpmg.com

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

NCUA LETTER TO CREDIT UNIONS

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

Privacy of Consumer Financial Information

Title Insurance and Settlement Company Best Practices. American Land Title Association

Joint Statement on the New Accounting Standard on Financial Instruments - Credit Losses

Regulatory Practice Letter September 2012 RPL 12-17

Transcription:

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence November 20, 2014 2 p.m. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. Sponsored by Affinion Benefits Group E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153 eakeeney@kaufcan.com http://www.kaufmanandcanoles.com/movies/credit-unions.html 2 1

The Past, the Present and the Future 3 4 2

The Good News! Parameters have been established. National Credit Union Administration (NCUA) Consumer Financial Protection Bureau (CFBP) Office of the Comptroller of the Currency (OCC) Sufficient regulatory guidance is in place for Credit Unions to: Contemplate the criticality of vendors Determine the level of risk associated with third party relationships and the processes they facilitate Determine degree of rigor to which third parties should be managed 5 Third Party Due Diligence Guidance OCC CFPB NCUA Guardrails to help you develop an effective third party vendor management program 6 3

Present Official Guidance NCUA Supervisory Letter 07-CU-13 December 2007 NCUA Supervisory Letter 07-01 October 2007 2012-03 April 13, 2002 NCUA Part 715.3 (a)(2) Establish practices and procedures sufficient to safeguard members assets. (b)(4) Policies and control procedures are sufficient to safeguard against error, conflict of interest, self-dealing and fraud. 7 Present Official Guidance (cont.) Supervisory Letter 07-01 Credit Unions must complete due diligence necessary to ensure the risks undertaken in a thirdparty relationship are acceptable in relation to their risk profile and safety and soundness requirements. CFPB CFPB Bulletin - (Service Providers) Fair Lending August 18, 2012 Service Providers Third-Party Vendors Indirect Lending NCUA 10-CU-15; August 2010 CFPB March 21, 2013 OCC Bulletin 2013-29 Third Party Relationships 8 4

Future NCUA seeking legislative authority to examine all CUSOs - Some authority to examine service providers CFPB CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships. - The CFPB will apply these expectations consistently, regardless of whether it is a supervised bank or nonbank that has the relationship with a service provider. The CFBP will continue to have a keen focus on ensuring financial institutions place emphasis on complying with the law and fair member treatment Sales practices and monitoring are and will continue to be key areas of CFPB focus. 9 CFPB Expectations Service Provider Oversight Service provider compliance with Federal consumer financial laws, rules and regulations Reviews of service providers policies, procedures, internal controls and training materials Confirmation that service provider contracts provide for appropriate and enforceable consequences for breach of contract as well as any compliance-related responsibilities Prompt corrective action as appropriate 10 5

Examples of Third-Party Vendors (Service Providers) Third Party Contractors Internet Providers Indirect Lending Information Technology Accounting and Legal Firms Insurance Companies Social Media Maintenance Firms Cloud Computing Firms Risk assessment is needed to determine risk rating of various service provider types. Risk ratings determine the due diligence required for third parties. 11 Importance of Comprehensive Due Diligence Credit Unions have responsibility for ensuring sound business practices are followed even if a third-party is involved. Credit Unions are responsible for protecting member assets. Credit Unions must demonstrate an understanding of the third party s organization. Credit Unions must ensure third parties comply with all aspects of consumer laws, rules and regulations. A due diligence review should contemplate the critical nature of the service, third party risk assessment and profile, level of expertise exhibited, and risk mitigation strategies. 12 6

Key Due Diligence Elements Company information Business Model Financials Policies and Procedures Risk Management Commercial Insurance Controls Information Security Business Continuity 13 Key Contracting Considerations Price; Delivery Date; Specific Services & Obligations Service Levels Member complaints handling and reporting Key performance indicator reporting Information protection Credit Union to prepare an RFP Obtaining proposed contract early in process Documentation; Documentation; Documentation 14 7

Common Pitfalls & Challenges Failure to include critical provisions Failure to set trigger to review contracts prior to renewal Not incorporating marketing materials Afraid to negotiate changes Not allowing sufficient time for contracting and due diligence process Resource constraints 15 Best Practices Periodically review NCUA Letters to Credit Unions Periodically review CFPB Bulletins Review NCUA Examiners Guide Review and update policies and procedures annually Leverage learning opportunities (webinars, forums, articles, etc.) Understand the requirements and what to ask for Use checklists to assist in ensuring all areas are covered Due diligence check list will be distributed to webinar attendees. Seek to partner with companies that understand the regulatory requirements and can help you interpret them 16 8

Summary of Key Points Regulatory guidance has been issued. Credit Unions must determine criticality of vendors and service provided. Risk of relationships should be determined. Appropriate due diligence activities must be completed. Process to effectively manage relationships ongoing must be developed and implemented. Affinion Benefits Group is here to help. 17 A Note from the Sponsor Affinion Benefits Group is committed to partnering with our Brokers and Credit Unions as you work to understand and apply third party due diligence and oversight requirements to your vendor management programs. Contact Information: Vanessa Stanfield Client Program Director, Vendor Management vstanfield@affiniongroup.com http://www.affiniongroup.com/ 18 9

Questions? 19 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153 eakeeney@kaufcan.com http://www.kaufmanandcanoles.com/movies/credit-unions.html 20 10