New Compliance Demands Require Expanded Vendor Management
Regulatory scrutiny of mortgage lenders has expanded to include the actions of service providers and vendors that work, requiring institutions to establish and enforce stronger vendor management procedures, according a panel at the Mortgage Bankers Association's annual convention in Washington.
Since the founding of the Consumer Financial Protection Bureau, risk management and compliance has expanded from safety and soundness reviews to encompass consumer protection and operational risks.
"A lot of the consumer compliance problems aren't actually at the bank, they're at the technology vendors," said Jonathan McKernan, a senior associate at the Washington-based law firm Wilmer Hale.
Problems arise when lenders and other institutions under the CFPB's purview fail to ensure that their vendors are following the policies and procedures that are in place. It's crucial for lenders to regularly monitor their vendors well after the contract for services is signed, and McKernan added that the scope of firms that are considered service providers has also expanded.
"I don't think people thought of foreclosure attorneys as falling into the vendor bucket, but they do obviously now," he said.
The more consumer-facing that the CFPB perceives a function to be, the greater the involvement and the greater the concern for oversight, said Ken Markison, the MBA's vice president and regulatory counsel.
"Going forward there will be actions against service providers who serve covered institutions," he said. “That's the signal. It's not foggy, it's pretty clear.”
And when issues do arise, the CFPB expects lenders to be able to respond and hold vendors accountable, Markison added.
"They want there to be enforceable consequences, which I think would include possibly termination, to deal with a service provider in case of a violation."
Vendor management should be a considered part of an organization's enterprise risk governance program, and lenders must clearly set their expectations for vendors based on their appetite for risk, says Dan Mugge, CoreLogic vice president of technology solutions, asset management and processing solutions.
"Get your house in order and then start looking at your vendors," he advised lenders.
Because of the CFPB's focus on consumers, lenders must now put more emphasis on their vendors that can have the greatest negative impact on consumers, even if they aren't the most expensive or critical service provider, he says.
"It's not just about your spend or the criticality of the business requirement," Mugge says.
For vendors, Mugge said they must make sure they can deliver on all of the requirements in their contracts and amend any agreements that include unnecessary tasks or items that can't be fulfilled.
"If it's in your contract or if it's in your policies and procedures, you have to do it," he said. "If you can't live up to it, then it shouldn't be in there."