We’ve all had the experience of putting trust in someone else, whether it’s trusting your hairstylist to give you a haircut that’s not too short, trusting the chef that there’s no peanuts in your dish, or the barista getting your “half-caff,” almond milk latte with extra foam order right.
It’s the same with trusting your service providers to stay on top of compliance issues and keep your concerns top of mind, but the stakes are much higher than getting your coffee order right. The role of a good financial services vendor is not unlike the police department—to protect and serve.
Protection is critical, especially when you factor in the (sometimes harsh) reality that the Consumer Financial Protection Bureau (CFPB) does not distinguish between the activities of vendors and the activities of the financial institutions that those vendors serve.
Importance of Service Provider Management
Many companies rely on service providers to essentially take over part of their functions, using expertise that the company itself may not have. For many, this includes monitoring compliance and risk management. That doesn’t mean you can entirely step away; your involvement shifts, instead, to service provider management or vendor management. This is a multifaceted program designed to oversee all third party activity and manage risks associated with vendor relationships. It is designed to protect the lender, the vendor, and, of course, the consumer.
If it’s been awhile since you’ve seen the exact language, this is the CFPB’s statement on the matter from April 13, 2012:
“CFPB expects supervised banks and non-banks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm…However, the mere fact a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with Federal consumer financial law to avoid consumer harm.”
So, while the old saying may go, “ignorance is bliss,” the CFPB doesn’t find ignorance of the law as a viable excuse:
“A service provider that is unfamiliar with the legal requirements applicable to the products or services being offered, or that does not make efforts to implement those requirements carefully and effectively, or that exhibits weak internal controls, can harm consumers and create potential liabilities for both the service provider and the entity with which it has a business relationship. Depending on the circumstances, legal responsibility may lie with the supervised bank or nonbank as well as with the supervised service provider.”
And, it’s something the organization puts a priority on:
“The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.”
The good news is you and your organization can take advantage of some of the CFPB’s tips to maximize the lender/vendor relationship while minimizing risk—to both parties.
[Learn about three vendor-related resolutions you can make today! Click here to read the full post.]
Vendor Management Steps and Guidelines
From the due diligence of selecting the right provider to establishing accountability, the following guidelines can help you take the exhaustive and necessarily comprehensive process and break it out into succinct, manageable sections that can be delegated to various, experienced team members.
1. Selecting a Vendor
Before you start looking for your vendor, it’s important to have a vendor management compliance system in place. It’s easier to determine if a vendor checks off all the boxes on your list if you actually have that list first. Otherwise, you may find out too late that the vendor you selected doesn’t meet some of your key needs that you hadn’t considered.
Just as location is critical in real estate, here the key is research, research, research! That means going through layers of due diligence regarding several areas of a vendor’s expertise and suitability for the job, such as:
Confirm the service provider understands state and federal consumer financial laws and has a demonstrated history of compliance.
Request and review the service provider’s policies, procedures, internal controls, and training materials. It’s an extra step, but it helps ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities.
And, of course, these steps should be done before the contract is signed.
2. Contract Considerations
When’s the last time the phrase “we have to talk” resulted in a fun conversation? Have the contract spell everything out to help avoid that conversation by including:
Clearly defined expectations and responsibilities, including for compliance and consequences for failure
Appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices
Agreed-upon policies and procedures
An exit strategy
3. Establish the Relationship
The beginning of a good relationship with a vendor starts with getting everyone in your company on the same page so there is a unified front on expectations and deliverables:
Assign roles and clearly communicate responsibilities to people in the organization. This can include everything from establishing the go-to person from your company to creating a team that is dedicated to monitoring the service provider’s actions to confirm adherence to compliance issues.
Ensure your employees are trained to comply with the requirements of your vendor management program.
And, of course, there are several ways to build and maintain a quality relationship with your service provider:
Establish clear lines of communication and make it clear those lines are always open. This helps address any confusion or challenges before they turn into problems. Communication tactics include informal conversations to touch base, as well as structured, scheduled assessments such as:
Site visits (if possible)
Treat your service management companies like a strategic, valued partner. As with anything else, it’s easier to address problems if you have a relationship. And, it helps to have relationships across all levels of the organization.
Make sure the vendor management system does not exist in a vacuum, but interacts with multiple areas of the business, including legal, and is regularly reviewed and updated.
Rely on Expertise
Vendor management is a core part of compliance, which becomes especially critical when you’re entrusting someone else with your organization’s reputation.
At SWBC, we make any compliance-related issues our highest priority. We ensure a fully compliant program, with a dedicated compliance and legal team so we can keep financial institutions informed of the latest regulatory, statutory, and investor changes. We’re a service provider who has almost 30 years of experience with all local and national organizations.
We promptly take the following steps in response to any compliance issues that may affect our lenders. We:
Notify you with compliance bulletins and other communications
Recommend a solution
Develop a plan, including timeline to implement the solution
Implement the new requirement