Regulatory bodies are placing increased emphasis on adequate management of third party vendors and UDAAP risk. The main emphasis of the review is determining whether consumer harm may occur by unfair practices of the bank or a third party that the bank has engaged to perform services for its customers. Regulatory bodies have made it clear that banks will be held responsible for the actions or inaction of third parties engaged by the bank for products or services that may harm consumers.
We will assess the quality of the bank’s compliance risk management systems, internal controls, and policies and procedures for avoiding unfairness and deception (e.g. management oversight of third parties, complaint management processes, training, written policies & procedures). The review will identify products, services, or activities that materially increase the risk of being unfair or deceptive (e.g. new products or services, new third parties, fee structure changes, marketing tactics) and gather facts that help determine whether a financial institution’s products, services, programs, or operations are likely to be unfair or deceptive (e.g. analyze complaints, complete interviews and questionnaires). As part of the review we will conduct a risk assessment to determine the level of transaction testing to be completed (e.g. review of credit card agreements, fee structures, truth in saving disclosures, add on insurance products, marketing, website information).
We will help determine what third party vendors are considered “significant” relationships for vendor management and determine whether activities conducted through third parties are compliant with applicable consumer protection laws, fair lending regulations, and internal policies. The Bank’s risk assessment and due diligence processes for vendors, contract structuring and review, as well as Board / management oversight will be assessed.
The scope of this review will cover the following acts, regulations and guidance:
We will assess the quality of the bank’s compliance risk management systems, internal controls, and policies and procedures for avoiding unfairness and deception (e.g. management oversight of third parties, complaint management processes, training, written policies & procedures). The review will identify products, services, or activities that materially increase the risk of being unfair or deceptive (e.g. new products or services, new third parties, fee structure changes, marketing tactics) and gather facts that help determine whether a financial institution’s products, services, programs, or operations are likely to be unfair or deceptive (e.g. analyze complaints, complete interviews and questionnaires). As part of the review we will conduct a risk assessment to determine the level of transaction testing to be completed (e.g. review of credit card agreements, fee structures, truth in saving disclosures, add on insurance products, marketing, website information).
We will help determine what third party vendors are considered “significant” relationships for vendor management and determine whether activities conducted through third parties are compliant with applicable consumer protection laws, fair lending regulations, and internal policies. The Bank’s risk assessment and due diligence processes for vendors, contract structuring and review, as well as Board / management oversight will be assessed.
The scope of this review will cover the following acts, regulations and guidance:
- Section 5 of the Federal Trade Commission (FTC) Act 15 USC 45
- Section 1031 of the Dodd-Frank Act (principles are similar to those in section 5 of the FTC Act)
- Fair Debt Collection Practices Act (FDCPA)
- FDIC FIL 44-2008: Guidance For Managing Third-Party Risk
- OCC BULLETIN 2013-29 - Third-Party Relationships