This question was posed to Ben Olson, former Deputy Assistant Director for the Office of Regulations at the Consumer Financial Protection Bureau (CFPB), on ATS Secured’s webinar, “TRID Explained by Former CFPB Regulator”:
Is Vendor Management Interaction (Contract Information, Licenses, Insurance Documents, Billing etc.) Subject To NPPI Rules For Lenders?
If you’re interested in this topic, you may also wish to register for our upcoming webinar on June 7, “Navigating TRID and Vendor Management.”
Ben Olson’s answer:
“NPPI rules are going to apply to your vendors handling of your information in the same way they would apply to you. The extent your vendors are collecting or using NPPI about your customers needs to be subject to all the same controls and protections as if you were doing it yourself.”
Olson’s response is corroborated by the industry as well, and it’s not just about title and lending. Consider the American Land Title Association’s take on vendor management best practices:
“The ripple effect doesn’t stop with title professionals’ relationships with lenders. There are responsibilities when selecting fourth-party service providers (couriers, paper shredding companies, abstractors, signing services, janitors and others). Title and settlement companies must evaluate these vendors and confirm they are following rules protecting non-public personal information (NPI) to ensure their lenders aren’t at risk.”
The short answer?
Yes. A lender is absolutely their vendors’ keeper.
ATS Secured offers powerful vendor management software that can greatly reduce your third-party risk. And, you can even pay vendors directly from the platform and communicate with them securely—replacing encrypted email. Learn more.