The CFPB is Upping Its Vendor Management Game

Like every other banking regulator, the CFPB requires the banks and nonbanks it oversees to have vendor management programs to manage risk. Now it looks like the agency is preparing to go one step further and directly examine “key service providers,” particularly in the mortgage origination and servicing area.

This insight comes courtesy of the Spring Issue of the CFPB’s Supervisory Highlights. The article lays the groundwork for this move, emphasizing that consumers can be put at risk by “large service providers, which provide technological support to facilitate compliance with Federal consumer financial law, including software packages, electronic system platforms, and other types of technological tools.”

  • Because these tools are so ubiquitous, the CFPB says, large markets could be impacted if compliance risk isn’t “considered and integrated throughout the development lifecycle, change, and configuration of these compliance systems.” Directly examining these third-party vendors allow the agency to “monitor and potentially reduce” risks to consumers “at their source.”

    The agency is already at work understanding how some third-party vendors structure their compliance management systems and operations with vendors in the mortgage origination and servicing markets already being targeted. The agency will use the result of these reviews, permitted under the Dodd-Frank Act, to determine “future service provider supervisory activities.”

    What does this mean for financial institutions? It looks like the CFPB will be checking their work—and that can’t bode well for institutions that come up with different answers than the CFPB.

    It’s more important than ever to be sure that there aren’t any flaws in your institution’s vendor management system. If you don’t find and correct any problems with your vendors, the CFPB may find the problem first and spread the word to other regulators, including yours.

    Don’t be caught off guard.