Consumer Financial Protection Bureau Director Richard Cordray waved his finger this week at software vendors that have prevented lenders from meeting new mortgage-disclosure requirements -- but he stopped short of promising tough action.

That combination of harsh words and mild threat only invited speculation about whether a crackdown on mortgage-technology vendors is imminent.

Cordray was clear that he suspects vendors have hindered mortgage lenders' compliance with the regulations that took effect this month.

"Quite frankly, I have been disturbed by reports I have been hearing about the vendors on whom so many of you rely," Cordray told lenders Monday at a Mortgage Bankers Association conference in San Diego.

"Some vendors performed poorly in getting their work done in a timely manner, and they unfairly put many of you on the spot with changes at the last minute or even past the due date," Cordray said. "It may well be that all of the financial regulators, including the consumer bureau, need to devote greater attention to the unsatisfactory performance of these vendors and how they are affecting the financial marketplace."

Cordray did not specifically threaten to take enforcement actions, and some CFPB officials cautioned that his words should not be taken to mean that such actions are planned.

Still, the mortgage industry and technology vendors remain on high alert given the bureau's past actions against other types of vendors.

The CFPB's "Know Before You Owe" disclosures were designed to give consumers three days to review loan documents before closing on a home loan. But the rollout has been fraught with problems including a delay of the initial Aug. 1 deadline and demands for a grace period from enforcement to give lenders more time to prepare.

The industry had nearly two years to make systems and operational changes to integrate disclosures already mandated by the Truth in Lending Act and the Real Estate Settlement Procedures Act. The rule is known in the industry simply as TRID.

The CFPB has supervisory authority over the service providers of bank and nonbank lenders including software vendors, said agency spokesman Sam Gilford. In 2012 the CFPB issued a bulletin specifically stating it would hold service providers responsible for violations of the law.

Cordray said at the time that consumers "are at a real disadvantage because they do not get to choose the service providers they deal with — the financial institution does."

He went further, saying: "Consumers must not be hurt by unfair, deceptive, or abusive practices of service providers. Banks and nonbanks must manage these relationships carefully and can be held accountable if they break the law."

The bureau has other tools at its disposal beyond enforcement. In supervising bank and nonbank lenders, the bureau can target areas of failure such as compliance management systems and require that they be improved.

Don Lampe, a partner in the financial services group at Morrison & Foerster, predicted that the CFPB will look specifically at service providers such as software vendors apart from their supervision of bank and nonbank lenders.

"The agency will be paying more attention directly to service providers (vendors) rather than indirectly through supervision of, and enforcement against, financial institutions," Lampe wrote in an email.

Richard Andreano, a partner at Ballard Spahr, also said the CFPB may look more closely at software vendors.

"Director Cordray's remarks suggest that the CFPB may be questioning whether various vendors are qualified to provide the services they offer and is preparing to use its supervisory and enforcement authority ... to take a closer look," Andreano wrote on the firm's blog Tuesday. He added that under the Dodd-Frank Act, the CFPB can examine "service providers" of the entities it supervises.

One of the CFPB's statutory missions is to ensure that financial markets operate transparently and efficiently. So the agency could take actions against lenders or vendors if consumers are delayed in obtaining a home loan.

The TRID regulations required updates to loan origination systems, document preparation, as well as title and settlement platforms. The implementation was complex and required input from a wide range of vendors. Cordray did not identify specific technologies affecting lender readiness though some industry experts said a few large loan-origination-system vendors were not prepared.

Bob Davis, an executive vice president at the American Bankers Association, told members days before the Oct. 3 deadline that many loan-origination-system vendors had not delivered final upgrades. His letter also cited numerous instances of system malfunctions complicating the implementation process.

At the MBA conference, several experts said a large number of mortgage lenders were not using an electronic version of TRID, meaning some aspect of their work is still being done manually.