Collector - April 2018 - 48
Vetting Your Vendors
The CFPB expects supervised entities to have an effective process for managing the risks of service provider
relationships. What does that entail?
By Angela Czerlanis
he onset of spring brings renewed
energy and growth. In March,
the Campus ACA brand was
reintroduced in the Campus ACA Academy
at Spring Forum & Expo, along with new
designations and updated content for ACA's
Core Compliance courses. The subject
matter experts that participated in the
curriculum revision process communicated
an issue worthy of a look with fresh eyes:
service provider oversight.
The Dodd-Frank Act defines a service
provider as "any person that provides a
material service to a covered person in
connection with a consumer financial
product or service." A service provider may
or may not be affiliated with the person to
which it provides services.
In Bulletin 2016-02, the Consumer
Financial Protection Bureau cautions: "A
service provider that is unfamiliar with
the legal requirements applicable to the
products or services being offered, or that
does not make efforts to implement those
requirements carefully and effectively,
or that exhibits weak internal controls,
can harm consumers and create potential
liabilities for both the service provider
and the entity with which it has a
As such, the CFPB expects supervised
entities to have an effective process
for managing the risks of their service
provider relationships based on the
size, scope, complexity, importance and
potential for consumer harm. Think of
this as another control component of your
Entities that use service providers should:
* Conduct due diligence to verify that
the service provider understands and
is capable of complying with federal
consumer financial law.
* Request and review the service
provider's policies, procedures,
internal controls and training
materials to ensure that the service
provider conducts appropriate
training and oversight of employees
or agents that have consumer contact
or compliance responsibilities.
* Include in the service provider's
contract clear expectations about
compliance, as well as appropriate and
enforceable consequences for violating
any compliance-related responsibilities,
including engaging in unfair, deceptive,
or abusive acts or practices (UDAAPs).
* Establish internal controls and ongoing
monitoring to determine whether the
service provider is complying with
federal consumer financial law.
* Take prompt action to address
any problems identified through
the monitoring process, including
terminating the relationship
The CFPB provides additional guidance
related to service provider oversight that
you can view or download at http://bit.
A segment on service provider
oversight as a control component
of your compliance management
system is included in ACA's seminar,
Understanding and Responding to the
CFPB's Expectations. Look for the next
session of this online course in ACA's
Upcoming Events calendar on www.
acainternational.org. Take it for the first
time or join us again for a new take on
important compliance fundamentals.
Angela Czerlanis is ACA International's
compliance education specialist.
Built for start-ups. Scalable for growth.
Demo.Collect-Cloud.com | Collect.org