Vendor Risk Management Compliance Considerations

Similar documents
Any business relationship between a bank and another entity, by contract or otherwise

Third-Party Risk Management: Busting Myths and Telling Truths

Putting the Management Back in Vendor Management February 20, 2014

Vendor Risk Management in the New Regulatory Environment. kpmg.com

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

Are You Ready for the New Foreclosure Processing Regulations?

GUIDANCE FOR MANAGING THIRD-PARTY RISK

COMPLIANCE MANAGEMENT SYSTEM

Information Technology

COMPLIANCE MANAGEMENT SYSTEM

CFPB Consumer Laws and Regulations

Executive Fraud Forum October 30, 2013

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions

FinTech Webinar Series: Vendor Management Principles

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Board of Directors and Management Oversight

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

Vendor Risk Management (Banks and Financial Institutions)

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

To: Our Clients and Friends March 25, 2014

Compliance Management Systems A Blueprint for Success

Supporting Effective Compliance Programs

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)

Payment Processor Relationships Revised Guidance

2013 Interagency Fair Lending Hot Topics

Risks and Precautions with Title Lending

Importance of the Consumer Financial Protection Bureau

White Paper on Financial Institution Vendor Management

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection

Company Name Vendor Management Policy and Procedure. Table of Contents

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

Third-Party Payment Processing and Financial Crimes March 14, 2012

Community Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again

Managing specialty finance compliance requirements with a compliance management system

Regulatory Practice Letter February 2014 RPL 14-05

Vendor Compliance Management Series: Performing an Effective Risk Assessment

THIRD PARTY PAYMENT PROVIDERS

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

CONFERENCE OF STATE BANK SUPERVISORS AMERICAN ASSOCIATION OF RESIDENTIAL MORTGAGE REGULATORS NATIONAL ASSOCIATION OF CONSUMER CREDIT ADMINISTRATORS

Fair Lending, UDAAP and CRA: Protecting Your Bank from Allegations of Fair and Responsible Lending Violations

The Other Side of CFPB Compliance

CONFERENCE OF STATE BANK SUPERVISORS AMERICAN ASSOCIATION OF RESIDENTIAL MORTGAGE REGULATORS NATIONAL ASSOCIATION OF CONSUMER CREDIT ADMINISTRATORS

9/13/ /20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

Supervisory Highlights. Summer 2013

What You Need to Know About the CFPB and Why You Should Care

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Best Practices

Supervisory Highlights

YEAR END ISSUANCES BY FEDERAL REGULATORS ADDRESS A MULTITUDE OF PRIVACY ISSUES Jane Hils Shea January 23, 2008

Reverse Due Diligence A New Trend In Financial M&A

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

REGULATORY COMPLIANCE SERVICES

Navigating Consumer Financial Protection Bureau ( CFPB ) Investigations and Enforcement Actions

Consumer Financial Services. Industry-leading counsel in regulatory compliance, product development, and litigation. Attorney Advertising

Community Banking. Cross-collateralization: Handle with care. A D V I S O R Summer Managing outsourcing risks. How to carry a millionaire

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP)

Vendor Management: Your Questions Answered

Third Party Payment Processors Job Aid

BANK SECRECY ACT REQUIREMENTS FOR RESIDENTIAL MORTGAGE LOAN ORIGINATIORS: AN OVERVIEW

NCUA LETTER TO CREDIT UNIONS

OCC BULLETIN OCC

C2 Financial Corporation Anti Money Laundering Program and Suspicious Activity Reporting (AML Program)

FINANCIAL SERVICES FLASH REPORT

CFSA Compliance School, Part II: Implementing an Effective Compliance Management System

Consumer Affairs Laws Section 1380 and Regulations

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think

Eclipx Group Limited Risk Management Policy

Evolving Legal and Regulatory Landscape for Lead Generation

CFPB Update: Regulatory and Enforcement Developments

OCC Staff Responses to Questions from February 13-14, 2001, Telephone Seminar on Privacy Regulation Compliance

Financial Services Update June 11, 2013

STATE OF NEW JERSEY DEPARTMENT OF BANKING AND INSURANCE STATEMENT ON SUBPRIME MORTGAGE LENDING

Understanding the Fundamentals of Credit Union Third-Party Vendor Due Diligence

FDIC Updates Guidance on Payment Processor Relationships

2014 Financial Services Industry Compliance Benchmark Study

VIRGINIA ASSOCIATION OF COMMUNITY BANKS

Managing TPPPs and TPSs in the Current Regulatory Environment

Regulatory Practice Letter January 2013 RPL 13-01

Third-Party Senders Risks and Best Practices

Vendor Management Compliance Top 10 Things Regulators Expect

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

P&G Banking A D V I S O R Fall 2014

Navigating Vendor Management Issues in Today s Regulatory Environment

Servicing Issues Update

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

REGULATORY COMPLIANCE SERVICES for Financial Institutions

CFPB Examination Procedures

CFPB Examination Procedures

CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues

Privacy of Consumer Financial Information

Fair Lending Report of the Consumer Financial Protection Bureau

Transcription:

Vendor Risk Management Compliance Considerations Outlook Live Webinar May 2, 2012 Ariane Smith, Senior Compliance Manager Cathryn Judd, Compliance Examiner Mark Jennings, Compliance Examiner Visit us at www.consumercomplianceoutlook.org informational purposes, and are not formal opinions of, nor binding on,

Vendor Relationships Why banks use third party vendors? Reduce costs Enhance performance Obtain access to specific expertise Increase product offerings Who requires oversight? All third parties. Board and senior management ultimately responsible for all aspects of its operations, whether performed by bank employees or third parties. Good rule of thumb Oversee vendors as you would any other division of the bank!!! 2

Vendor Relationships (Continued) What are common types of vendor relationships? Outsourced bank/compliance functions Third parties to conduct compliance audits, fair lending reviews and compliance monitoring activity Third parties to offer products Mortgage brokers, auto dealers, affinity card and credit card providers Loan servicing providers Flood insurance monitoring, debt collection, loss mitigation/foreclosure activities Disclosure preparation Disclosure preparation software, third party documentation preparers Technology providers Software vendors, website developers 3

What are the Risks? Reputation Risk Dissatisfied customers Violations of laws or regulations public enforcement actions Operational Risk Loss from failed processes or systems Transaction Risk Problems with service/product delivery Credit Risk Third party is unable to meet contract terms Compliance Risk Violations of laws, rules or regulations Non-compliance with policies or procedures Examples: Deceptive marketing Discriminatory lending Privacy 4

Third Parties and UDAP Risk Compliance Risk and UDAP Risk Heightened with Use of Third Parties, as they: May be positioned directly or indirectly between the bank and customer May be deeply involved in delivery of products and services to consumer May have unfettered access to bank s customers May not be adequately monitored by the bank UDAP is not always apparent and may involve commonly accepted bank practices 5

Flood Insurance Monitoring Relationship: Vendor used to monitor flood insurance Identified Issues: 1) Vendor does not have information necessary for them to do their job multiple instances of insufficient coverage 2) Complete reliance on vendor vendor activity is not monitored and no reviews of vendor activity are performed. Issues not selfidentified Results: Significant flood violations - civil money penalties 6

Loan Modifications Relationship: Third party used to process loan modification requests (e.g., Home Affordable Modification Program). Reliance on experts to process requests Identified Issues: 1) Vendor not processing requests as expected (i.e., delays, processing errors, etc.) 2) Vendor perceived to be expert, so no monitoring of vendor activity was performed Results: Significant examination findings; potential UDAP raised; extensive corrective action, including file search, re-solicitation of borrowers, and compliance program changes 7

Credit Card Relationships Relationship: Third parties used to help administer and market credit cards Identified Issues: Deceptive marketing Third party used to market the product failed to properly disclose all fees (i.e., consumers not given enough info to make informed decisions when opening account) Results: Enforcement actions can be issued, violations of UDAP, and CMPs issued. 8

Disclosure Generation Software Relationship: Third party software providers used to generate disclosures Identified Issues: 1) Management relies on software provider to implement required disclosures changes 2) Limited to no tracking to verify changes are implemented and disclosures are in compliance Results: Violations limited; however, compliance management programs criticized 9

Third Party Payment Processors Relationship: Bank customers who use accounts to process payments for merchant clients Identified Issues: 1) TPPP initiated payments for merchants engaged in high-risk or illegal activity Results: Institutions cited for failure to comply with Bank Secrecy Act (i.e., lax treatment of accounts belonging to third-party payment processors) - Consent orders issued requiring additional training, formalized processes to review TPPP transactions. Could also result in UDAP risk if merchants are engaged in deceptive practices. 10

Revenue Enhancement Relationship: Vendors are now offering revenue enhancement services Can apply to a variety of products and services Recommend bankers conduct due diligence, understand vendor activities, ensure technical compliance with all applicable laws and regulations, and know the impact to consumer UDAP 11

Common Themes Over Reliance on Third Party - Sometimes complete reliance. Using third parties does not eliminate compliance responsibilities. How do you know you are in compliance? Failure to Understand/Retain Knowledgeable Staff Reliance on third party may result in institutions not retaining sufficient knowledge to understand and monitor risks. Is someone at institution sufficiently knowledgeable to understand and oversee vendor s activities? Failure to Monitor Vendor Need to monitor your vendor to ensure compliance. How is your vendor performing? Do you know what they are doing? Are you getting complaints? 12

Common Themes (Continued) Garbage In Garbage Out Vendor s performance only as good as information provided and/or the expectations set. Are you giving your vendor the information necessary to do their job? Is the contract with the vendor clear on your expectations? Vendor s Activities Result in Violations - How are you verifying that your vendors activities comply with the law? 13

Best Practices Conduct thorough due diligence before selecting a vendor References Financial information Background of third party principals Prepare a detailed risk assessment Ensure the contract with the third party includes expectations concerning compliance with consumer protection laws and regulations Expectations should include specific terms based on risk assessment Include the ability to request proof of compliance, e.g., vendor s audits, monitoring, etc. 14

Best Practices (Continued) Implement a comprehensive monitoring program Monitoring frequency and depth should be based on risk assessment Implement training for those conducting monitoring to ensure they understand the risks and receive regulatory updates Track consumer complaints Ensure board of directors receive third party due diligence, monitoring reports, and training to enable them to provide proper oversight of risks inherent in third party relationships 15

Conclusion When outsourcing a function, ultimately responsibility for compliance cannot be delegated remains with institution While vendor arrangements can provide valuable benefits, active role in risk management is required Ensure appropriate program is in place that includes Due Diligence Risk Assessment Contract Structuring and Review Oversight 16

Federal Reserve Resources Vendor Risk Management, Outlook Newsletter Article, 2011 http://www.philadelphiafed.org/bank-resources/publications/consumer-complianceoutlook/2011/first-quarter/vendor-risk-management.cfm Third party service provider risk and the Unfair and Deceptive Acts and Practices rule, Retail Payments Risk Forum (Federal Reserve Bank of Atlanta), February 2011 http://portalsandrails.frbatlanta.org/third-party-service-provider/ Outsourcing Financial Services Activities: Industry Practices to Mitigate Risks, Federal Reserve Bank of New York, October 1999 http://www.ny.frb.org/banking/circulars/outsource.pdf Interagency Review of Foreclosure Policies and Procedures, The Federal Reserve Board, April 2011 http://www.federalreserve.gov/boarddocs/rptcongress/interagency/interagency.htm 17

Other Agency Resources CFPB Bulletin 2012-2 on Service Providers http://files.consumerfinance.gov/f/201204_cfpb_bulletin_service-providers.pdf FIL 44-2008 Third-Party Risks: Guidance for Managing Third-Party Risk http://www.fdic.gov/news/news/financial/2008/fil08044.html OCC Bulletin 2001-47 Third Party Relationships: Risk Management Principals http://www.occ.gov/news-issuances/bulletins/2001/bulletin-2001-47.html FTC Website http://www.ftc.gov 18

Questions 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information