Regulators and government agencies continue to ask for greater oversight from servicers. In the last three years, GSE’s, the CFPB and the OCC have all issued vendor management requirements placing a larger amount of scrutiny on how banks and nonbanks are managing third-party risk.
It's essential that servicing companies create and follow a strong vendor management and oversight program for any outsourced functions or third-party services purchased on the behalf of others. increased scrutiny on banks and nonbanks and how they manage their third-party risk.
As companies put measures in place for proper vendor management and oversight, a helpful formula to keep in mind is:
COMPLIANCE = POLICIES + PROCEDURES + ACTUAL PRACTICES
The CFPB expects banks and nonbanks to have an effective process in place to manage outsourcing risk.. A supervised entity must thoroughly review the service provider’s policy and procedures, internal controls and training materials.
A servicer needs to provide integrated tools and technology as well as options for a more thorough oversight into its activities. This may require pushing data through new interfaces as well as engaging outside third-party experts to conduct periodic review and analysis.
To ensure any service provider a servicer engages with is not causing harm to consumers and is managing any operational and performance risks. a servicer must also formulate a strong internal vendor management program This structure may include a variety of helpful components. Some examples are creating change management teams and process implementation teams, internal and external audits, and vendor management executive oversight. This list is not exhaustive, and each servicer should build their specific processes depending on the size and complexity of their organization.
Servicers cannot rely on a single data point or person/function to manage all third party vendors, It's crucial that servicers execute multiple controls and check points for successful vendor management. These components do cost money and will only continue to increase the cost of servicing over time. However, during a time when a servicer must manage unprecedented change and requirements, the investment of dollars and manpower is worth the cost in order to mitigate the steep risk of non-compliance.