Last week’s big news of a substantial fine against a large financial institution highlights the importance of understanding proper vendor management policies; penalties for non-compliance could cost your organization up to $1 million per day. Equally, having the means to track, report and manage those policies is key. The wait and see “reactive” posture of the past will not work in today’s environment, especially for those with third-party vendor relationships.
Vendor Management Webinar Highlights
ATS Secured and ABS hosted a webinar today discussing these issues. Ben Olson, former Deputy Assistant Director for the Office of Regulations at the CFPB, spoke on navigating both compliance and vendor management needs. The following are highlights of his presentation.
1. What is the Nature of the Vendor Relationship?
With the new regulations this year, financial institutions must create risk management policies and a supervisory program. These policies and programs must depend upon “the nature of the third-party relationship, scope and magnitude of the activity, and risks identified.” For example, lenders, settlement agents and other stakeholders who provide services in a real estate transaction must clearly establish who is doing what and where the information comes from. Take note that outsourcing does not relieve compliance responsibility.
A vendor or service provider is any person that provides a material service to a supervised entity in connection with the offering or provision by such entity of a consumer financial product or service. The Fed limits the definition to any service provider that has a contractual relationship.
2. Pre Due-Diligence: Vendor Evaluation
Prior to selecting a service provider, supervised entities should evaluate and perform necessary due diligence. These actions should be commensurate with the level of risk and complexity of the third-party relationship.
This is not going away. The vendor management system used should ensure compliance with federal & state laws, rules and regulations, as well as internal policies and procedures. In particular, credit unions must have the infrastructure sufficient to monitor performance of third parties. Issues should be identified and addressed before cited in audit reports.
3. Lender Takes Responsibility for Vendors
Now, more than ever, lenders are liable for actions of third parties and vendors. Regulatory scrutiny is increasing and enhanced regulatory guidance, numerous public enforcement actions and non-public exam findings are all going to be a regular part of a financial institution’s proverbial life. To prepare for this, policies, processes and reporting mechanisms must be put in place and used.
Want to make your mortgage process easier and more accurate? Contact ATS Secured today.