Over the last few years, GSE’s, the CFPB and the OCC have issued new vendor management requirements placing increased scrutiny on how banks and nonbanks are managing third-party risk.
It is clear that the regulators and government agencies expect more oversight.
In the servicing business, it has always been critical to have a strong vendor management and oversight program for any outsourced functions or third-party services purchased on the behalf of others. However, depending on the function or company size, the focus may have been more on performance management and less on due diligence and vendor risk.
According to a bulletin published last year by the CFPB, the bureau wants to ensure that consumers are protected from irresponsible service providers and that servicers are contracting with ethical third parties. The CFPB expects banks and nonbanks to have an effective process in place to manage the risk of outsourcing. Specifically, a supervised entity, at minimum, must thoroughly review the service provider’s policy and procedures, internal controls and training materials.