Vendor Management: Your Questions Answered



Similar documents
Navigating Vendor Management Issues in Today s Regulatory Environment

To: Our Clients and Friends March 25, 2014

The Other Side of CFPB Compliance

Any business relationship between a bank and another entity, by contract or otherwise

Vendor Management Compliance Top 10 Things Regulators Expect

Reverse Due Diligence A New Trend In Financial M&A

Vendor Risk Management in the New Regulatory Environment. kpmg.com

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Third-Party Risk Management: Busting Myths and Telling Truths

Bob Davis, Executive Vice President Mortgage Markets, Financial Management and Public Policy

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

CFPB Readiness Series: Compliant Vendor Management Overview

Risk Management of Outsourced Technology Services. November 28, 2000

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Regulatory Practice Letter February 2014 RPL 14-05

Regulatory Practice Letter December 2012 RPL 12-24

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

White Paper on Financial Institution Vendor Management

Student Loan Servicing and the CFPB

Managing specialty finance compliance requirements with a compliance management system

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

FDIC Updates Guidance on Payment Processor Relationships

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Credit Union Liability with Third-Party Processors

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

Outsourcing Technology Services A Management Decision

THE LEAD GENERATION COMPANY: MANAGING THE RISKS. Jonathan Foxx *

CFSA Compliance School, Part II: Implementing an Effective Compliance Management System

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

Managing Outsourcing Arrangements

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

9/13/ /20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

Vendor Management Compliance Top 10 Things Regulators Expect

REGULATORY COMPLIANCE SERVICES

Regulatory Practice Letter September 2012 RPL 12-17

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

Regulatory Practice Letter January 2013 RPL 13-01

What s the Path? Information Life-cycle part of Vendor Management

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT

The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change

Putting the Management Back in Vendor Management February 20, 2014

Cloud Computing: Legal Risks and Best Practices

Reference Guide: Loan Estimate (LE) TILA- RESPA Integrated Disclosure (TRID) Rule Requirements

Financial Services Guidance Note Outsourcing

Vendor Management. Outsourcing Technology Services

Company Name Vendor Management Policy and Procedure. Table of Contents

Goldman Sachs Residential Mortgage Servicing Vendor Management Policy Addendum U.S.-Based Program

Minimizing Legal and Compliance Risk for Credit Furnishers

Current Issues in Mortgage Origination and Servicing

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Managing third-party relationships: It s complicated

Checklist for a Watertight Cloud Computing Contract

Today s Discussion Topics

FinTech Webinar Series: Vendor Management Principles

2015 TILA-RESPA Compliance: Is Your Business Ready?

Loan Estimate (LE) TILA-RESPA Integrated Disclosure (TRID) Rule Requirements

Third Party Relationships

RISK AND COMPLIANCE COMMITTEE CHARTER

How to Assess Legal Risk Management Practices

Cloud Agreements: Ensuring a Sunny Forecast July 28, 2011

Prudential Practice Guide

COMPLIANCE MANAGEMENT SYSTEM

2014 Financial Services Industry Compliance Benchmark Study

Welcome to TheFourthC

T31: Before, During and After Outsourcing David Fong, BlackRock

Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

Understanding the CFPB s TILA-RESPA Integrated Disclosures. Marvin Stone SVP, Business Integration CFPB Program Manager Stewart Title Guaranty Corp.

The New Third-Party Oversight Framework: Trust but Verify kpmg.com

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

IMPLEMENTATION FRAMEWORK

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

LRES Corporation. Best Business Practices for an Appraisal Management Company

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)

Draft Guidelines on Outsourcing of activities by Insurance Companies

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection

FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings

IT Governance Charter

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

TRUSTED INTELLIGENCE 1

Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.

CFPB and Medical Collections

OCC 98-3 OCC BULLETIN

Title Insurance and Settlement Company Best Practices. American Land Title Association

How To Be Ethical With Lead Generation

A Best Practice Guide

Regulatory Practice Letter May 2013 RPL 13-10

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

A Real Estate Perspective BUSINESS CONTINUITY

Regulatory Practice Letter January 2014 RPL 14-03

Data Privacy & Security: Essential Questions Every Business Must Ask

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Transcription:

Vendor Management: Your Questions Answered June 16, 2015 Elizabeth E. McGinn Partner Moorari K. Shah Counsel 1

Disclaimer The information contained herein is for informational purposes only; does not constitute legal advice; and, does not necessarily reflect the opinions of BuckleySandler LLP or any of its attorneys or clients. This presentation is not intended to create, and does not create, an attorney-client relationship between you and BuckleySandler LLP, or any of the presenters, and you should not act or rely on any information in this presentation without consulting legal counsel. The information contained in this presentation may or may not reflect the most current legal developments; accordingly, information in this presentation is not promised or guaranteed to be correct or complete, and should not be considered an indication of future results. BuckleySandler LLP expressly disclaims all liability in respect to actions taken or not taken based on any or all of the contents of this presentation. 2

Q1: Role of the Board What is expected of the board of directors with respect to vendor management? Setting the tone from the top is a key focus of regulators Full accountability requires treating the outsourced activity as if the service were being performed in-house Alignment with overall business strategy and objectives 3

Q2: Building a Vendor Management Function How should a company start to build the framework if the vendor management function has not previously existed? Common question for nonbanks Compliance Management Systems Size and structure vary across financial institutions Many institutions underestimate the necessary resources 4

Q3: Use of Cross-Function Teams When should organizations consider using cross-functional teams to support vendor management? Evaluation of activities affecting multiple business lines Include internal audit, information security, human resources, legal and compliance Team advises and assists relationship manager Augment team with outside consultants for expertise 5

Q4: Risk Ratings Is there a standard risk rating scale for vendors? General agreement that high-risk vendors include: Customer-facing vendors Those that store sensitive customer information Those that provide mission-critical applications, such as coreprocessing systems Business continuity and disaster recovery services Develop cascading model that is tailored to company s size and complexity of financial products Develop mitigation plan based on risk rating 6

Q5: Ongoing Monitoring Focus Areas What are current areas of regulatory focus related to ongoing monitoring? Compliance training Early identification of issues Information security 7

Q6: Subcontractors What actions should a financial institution take with respect to oversight of subcontractors? Monitor vendor s reliance on subcontractors Contractual right to audit subcontractors Require vendor to perform due diligence and ongoing monitoring of subcontractors and report results 8

Q7: Handling Consumer Complaints What steps should an institution take in its ongoing monitoring of consumer complaints? How should you respond to consumer complaints about a vendor that arrive through the CFPB portal? Assign responsibility for monitoring and responding Vendor point person Move quickly Initial response due in 15 days 60 days to investigate before made public Involve legal and compliance teams Decide whether to choose one of the permitted responses Ongoing monitoring and remediation principles still apply Portal response is not a safe harbor 9

Q8: Sufficient Staff What constitutes sufficient staff to onboard and manage third party vendors? Dedicated staff Periodic reviews of ongoing monitoring files: Test for thoroughness of documentation and records and whether they satisfy internal policies and procedures Verify that staff is testing for compliance with applicable laws 10

Q9: Transitioning Vendors What should financial institutions consider when terminating a relationship with a service provider? Establishing a replacement vendor Resources required Timing Project plan Managing legal and regulatory compliance during transition Data return, transfer, and destruction Joint intellectual property 11

Q10: Re-Negotiating with Vendors How do you re-negotiate vendor contracts to incorporate new regulatory requirements when the vendor has no interest in re-negotiating? Dialogue first Dealing with vendors who refuse or seek significant concessions Contemplate back-up plan with another vendor that will accept the necessary language 12

Q11: UDAAP Update What are the latest updates related to UDAAP and service providers? Opt-In cases Mobile cramming Payment program providers Mortgage industry 13

Q12: TILA-RESPA Integrated Disclosure Rule What are companies doing to prepare for TRID rule changes? Software vendors Mortgage brokers Training and timing Applications Loan estimates Closing disclosure Closing services Fee estimates and tolerances 14

Q13: Possible Future Actions What s coming next? More direct actions against service providers Opt-in is a hot topic Cyber-security/privacy FTC and FCC focus Add-on products Potential expansion of cramming 15

Questions Elizabeth McGinn Partner 202.349.7968 (DC office) 212.600.2370 (NY office) emcginn@buckleysandler.com Moorari Shah Counsel 310.424.3939 (LA office) mshah@buckleysandler.com www.buckleysandler.com www.infobytesblog.com 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information