The Compliance aspects of vendor management continues to be one of the hot topics of Regulatory Examinations. As a result, some time devoted to this topic seems to be in order.
In your financial institution, there exists a number of third party vendor relationships – credit card services, rewards programs, overdraft payment programs, check printing, flood determination services, forced placed insurance services, etc. Once all these relationships are determined, the next step is to determine those with the most
significant compliance applicability. Examples might include, credit cards, appraisers, debt collection, secondary market investors, rewards vendors, non-deposit investment product vendors, commercial loan participation vendors, indirect vehicle lenders, etc.
Then comes the compliance evaluation. For example, many vendors carry potential Fair Lending Risk. Such vendors would include examples such as – secondary market investors, real estate appraisers, indirect vehicle lenders, debt collection agencies, and mortgage brokers. Obviously, the need would exist to ensure fair lending training exists for these vendors with Fair Lending Risk.
Other compliance risks might include for certain vendors – data security and privacy for non-public information (your specific customers), customer complaints and the methodology of forwarding customer complaint information to your institution, regulatory actions, responsibility for HMDA reporting (based on who makes the credit decision), responsibility for Hazard and Flood insurance coverage (loan participation vendors), Fair Debt Collection Practices Act compliance and training, and UDAAP (are you reviewing what is sent out from vendors to your customers), as examples.
Subcontractor usage by the vendors needs to be considered as well. Are vendor subcontractors contacting your customer base? Using a vendor does not remove Compliance Responsibility from your institution no matter what the
vendor contract says.
Your institution should initially, prior to vendor selection and on an ongoing basis, ensure compliance disclosure testing. For example, for secondary market investors, is the LE and CD properly and accurately completed and are other disclosures handled correctly from a compliance perspective? For real estate appraisers, appraisals should be reviewed to determine if prohibited basis factors were considered and assessing the value of the subject property. For indirect vehicle lenders there should be a system in place to ensure prohibited basis factors are not considered by dealers in the pricing of loans.
Multiple compliance concerns apply to most vendors across the board. Typical examples include privacy of nonpublic information and transmitting of customer complaints back to your institution. Use whatever methodology developed internally or purchased externally for you to consider the Compliance aspects of Vendor Management.
However, do not forget to consider Compliance in your initial and ongoing vendor analysis and management. Doing so will be one more step toward ensuring your next Regulatory Compliance Examination turns out well for your institution.