Banking regulators have increased their attention of third-party service providers and debt collectors as they seek to prevent consumers from unfair, deceptive and abusive conduct. Already, they have levied hefty fines on financial institutions for violations by such third parties.
Recent scrutiny of collections litigation, for instance, finds banks can outsource certain functions, but not compliance accountability. Both the bank and the vendors need to ensure payments are processed in a timely manner, bank and vendor systems are synchronized to reflect true account activity and collection attorneys are compliant with continuously changing state and federal laws.
Banks must demonstrate that service providers are appropriately trained, address and resolve customer complaints promptly, establish and adhere to privacy policies and disclosures and confirm appropriateness of compensation programs.
As for these vendors, many now come under federal supervision for the first time. Who's covered? The Dodd-Frank Act defines a third-party vendor as "any person who provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service."
The challenge is vendor management is not a core competency of banks, nor should it be. The industry and consumers will be better served if banks stick to banking, and not waste valuable resources on developing vendor management standards to meet UDAAP rules.
In order to achieve consistency, the industry needs organizations that have missions similar to the Committee of Sponsoring Organizations of the Treadway Commission or the International Organization for Standardization to create a standardized industry framework for certifying and managing financial industry vendors.
Industry-accepted standards would reduce friction and costs in satisfying regulatory compliance for banks and their vendors. With such standards, banks could require vendors to be certified compliant with key regulations and consumer finance laws by an independent third-party before engaging in contractual work.
What would such a standard look like?
An industry standard would require a qualitative approach that goes beyond traditional metrics such as Service Level Agreements and production targets. The industry standard would provide guidelines with a uniform vocabulary that can be used to develop comprehensive vendor management programs as well as industry benchmarks. It might be wise for the standards to emulate the Consumer Financial Protection Bureau's tactics, including formal and informal customer complaint analysis, social media monitoring and secret shopping.
If the benefits of reducing costs and contractual SLA friction for both vendors and banks are not convincing enough of an argument for standardization and certification, the CFPB bulletin in June should answer any remaining questions about the need. The CFPB clearly outlines the favorable consideration it will give for a proactive commitment to the prevention and early detection of potential violations of consumer financial laws as well as concrete evidence of a party's commitment to responsibly address issues through self-policing and self-reporting.
Examiners are seeking affirmative proof that vendors are not engaging in practices that could harm the consumer as regulatory oversight of lenders' third-party relationships has grown increasingly broad, customer-centric, and complex. The stakes are high for noncompliance and vendors recognize that regulators are eyeing them. As the Wild West of vendor management comes to its culmination, an industry vendor management standard to certify banks' vendors is the next logical step to achieve objectives of all involved stakeholders.
Christopher Sicuranza is a managing director and Jonathan Shiery is an associate director in Navigant's Financial Services practice where they advise mortgage finance, banking and government clients in risk management, regulatory compliance and operational effectiveness.