Financial firms have been advised that they could be liable if third-party contractors fail to comply with regulations or the law. While the concept is not new, it has received more attention lately.
A bulletin issued Friday by the Consumer Financial Protection Bureau clarified lender accountability for service providers.
The focus of the regulator’s interest is service providers’ interactions with consumers.
CFPB-regulated financial institutions could be held responsible for the actions of contracted companies.
“Banks and non-banks must manage these relationships carefully and can be held accountable if they break the law,” CFPB Director Richard Cordray said in a statement.
The CFPB said it is empowered with supervisory and enforcement authority over supervised service providers through Title X — which the regulator plans to exercise to “the full extent.” That includes the authority to conduct on-site examinations of service providers.
Mortgage lenders use outside firms who interact with consumers such as providers of appraisal, title and closing services. They also use service providers for client prospecting.
Mortgage servicers utilize default-service providers and foreclosure processing firms as well as foreign call centers.
Mortgage firms are not absolved from compliance by farming out some of their operations. Supervised entities are responsible to ensure compliance with federal consumer financial law.
“A service provider that is unfamiliar with the legal requirements applicable to the products or services being offered, or that does not make efforts to implement those requirements carefully and effectively, or that exhibits weak internal controls, can harm consumers and create potential liabilities for both the service provider and the entity with which it has a business relationship,” CFPB Bulletin 2012-03 said. “Depending on the circumstances, legal responsibility may lie with the supervised bank or nonbank as well as with the supervised service provider.”
Rich Andreano, a partner at Ballard Spahr LLP who specializes in compliance, noted that accountability for non-bank parties is not a new concept, though “it has received greater focus recently.”
Andreano explained that the CFPB and banking regulators have made it clear that using a servicing provider to perform a function doesn’t relieve the bank or non-bank of responsibility for that function, and lenders need to manage service providers appropriately.
“The bulletin reflects that the CFPB will focus on the selection and management of service providers by entities regulated by the CFPB, and may find the bank or non-bank, and maybe the service provider as well, responsible for the failure to comply with applicable law,” Andreano said in a written statement. “Banks and non-banks will need to pay careful attention to how CFPB moves forward under the bulletin in regulating the use of service providers.”
The bureau said it expects financial institutions to maintain an effective process for managing the risks of service provider relationships.
Among the steps recommended by the CFPB are conducting due diligence on the provider’s compliance capabilities, reviewing the provider’s compliance controls and making compliance expectations clear in the contract.
“Using outside vendors can pose additional risks,” the CFPB stated. “A service provider that is unfamiliar with consumer financial protection laws or has weak internal controls can harm consumers.”