Data Facts Lending Solutions Blog

5 Steps To Best Manage 3rd Party Vendor Compliance

by Jennifer Hamby

Jun 29, 2015 8:00:00 AM


TRID, TRID, TRID….it seems this has been the main focus, and topic of discussion this entire year.  And with delays and more delays, we are now wondering will this ever come to fruition? 

One thing we know is the CFPB is clear about their stance on consumer protection and that includes third-party vendor relationships. When a transaction between a financial institution and its customer involves a third-party, the financial institution is still responsible for compliance with laws and regulations 

In April 2012, the CFPB released guidance about its expectations around vendor risk management, followed not long after by three high-profile enforcement actions related, in significant part, to the oversight of third-parties. The Dodd-Frank Act gave the CFPB the authority to impose cease and desist orders, customer restitution and civil monetary penalties.

To be able to demonstrate compliant results with respect to actual TRID disclosures, the vendor management piece is very important as is the monitoring and audit function. Investors, too, will be keeping an eye your basic compliance with this mortgage rule the same way that you’re expected to comply with all the other mortgage rules.

Banks have been familiar with vendor management for quite some. Your compliance plan for new vendors is a path well-traveled from the standpoint of the CFPB and bank regulatory agency guidance. The vetting process, the diligence, the monitoring, and the corrective action components are well known. But, if you will have substantial revisions to existing vendor functions and these are core consumer-facing functions, and then even with an existing vendor, the change-over and the enhanced features will need to be properly vendor-managed. The CFPB and the banking regulators will pay close attention to this because they understand the role of vendors in the way mortgage lenders conduct business. 

To limit the potential for statutory or regulatory violations and related consumer harm, supervised banks and non-banks should take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers.  

These 5 steps would include, but are not limited to: 

  • Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law;
  • Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
  • Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
  • Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and
  • Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.  

Once you have your vendors limited to only the ones that are most critical to your organization’s success, and that adhere to the same best practices as you expect, you can begin utilizing a comprehensive vendor management platform such as BankerVMS, or BDV-Background Data Verifications, both offered by Data Facts, Inc. 

For additional information, please join one of our 2 webinars on

Topics: Compliance, Third Party Vendor Management, TRID

Get My eBook!

Subscribe to Email Updates

Follow Us:

Recent Posts

Posts by Topic

see all
Go to Top