Vendor Management (From A Compliance Perspective)

Category: General
Author: NXTsoft

Third party relationships include secondary market investors, real estate appraised related vendors, software vendors, credit card services, rewards programs, loan servicing, check printing, website services, statement printing, debit card programs, remote data capture, flood determination services, and providers of force placed insurance services.

Examples of third-party relationships with potential fair lending risk include: real estate appraisal related firms, secondary market investors, and external marketing firms. 

Financial Institutions need to ensure the Vendor Management Program incorporates a review of compliance risk for all significant third party vendors.  Guidance such as Financial Institution Letter 44-2008 provides guidance to ensure appropriate due diligence and oversight including contract review and structuring prior to entering into contractual relationships, annual risk assessments and ongoing due diligence reviews, complaint searches, and periodic reporting of monitoring efforts to the Board.

Vendor areas to assess, as applicable, include: 

  • Does the vendor have access to non-public customer information and if so, is a Privacy Disclosure present 
  • Whether an internet search has been performed on the vendor for customer complaints 
  • Whether the vendor has any significant complaints or litigation (past or pending), or regulatory actions against the company or its owners or principal or reflected in the financials or an internet search 
  • Whether the contract deals with customer complaints 
  • Whether a methodology is present to send customer complaints to the financial institution 
  • If applicable, whether the contract specifies fair lending compliance with and if so, whether the vendor has supplied evidence of fair lending training/knowledge
  • Whether the vendor markets products to bank customers non-affiliated third parties and if so, whether potential UDAAP issues exist
  • Whether fees are disclosed prior to purchase b consumer or an offered product
  • Whether marketing materials from vendor are reviewed by the financial institution prior to vendors sending to customer

Specific review areas for certain vendors by type, include, as examples:

Real Estate Appraiser

  • Should assess the appraiser’s commitment to fair lending compliance as a part of its due diligence and should include compliance with fair lending laws as a part of the contract 
  • As a monitoring system, financial institutions should review appraisals periodically to determine if prohibited basis factors were considered when assessing value of the subject 

UDAAP Risks with Prepaid Cards and Credit Cards 

  • Fees - All fees must be disclosed 

  • Features - Inform consumers regarding all corresponding card features 

  • Marketing - Any marketing or advertising must be both clear and accurate 

UDAAP Risk with Add-On Products  

  • Rewards Features 
  • Disclosures accurately inform consumers of corresponding limitations 

Financial institutions should formalize and document compliance issues related to vendor management. This remains a hot topic in the regulatory examinations area. 

 

September 17, 2021
Back
Share this post on social media