Mortgage professionals may have overlooked the Consumer Financial Protection Bureau's recent $120 million consent orders to
In the Sprint and Verizon cases, the wireless carriers outsource payment processing for "premium services" to third-party aggregators. However, those third-party aggregators failed to implement sufficient compliance systems and monitor separate merchants placing charges on customers' cell phones.
The result was that merchants were able to place charges on customers' bills without proper authorization — and since the aggregators did little to prevent this from occurring, customers often incurred charges for services they did not want, did not know they were paying for and/or did not receive.
Although this was actually occurring because of the wrongful acts of merchants, and aggregators actually failed to stop these practices, Verizon and Sprint were in turn held responsible for their failure to oversee the aggregators and/or impose sufficient controls to protect consumers.
In other words Sprint and Verizon were ultimately held responsible for creating a flawed system that enabled others — two times removed merchants — to wrongfully place charges on customers' cellphone bills.
For lenders, the message here is clear. You are ultimately responsible for protecting your customers — no matter what. Anything you delegate to others or that you directly or indirectly expose your customers can wind up becoming your problem if the harm stems from an inadequate system or process that perpetuated or enabled the injury to occur.
The fact that those injuries are incident to the failings of third-party vendors and/or the intentional wrongdoing of two-times removed actors is irrelevant if the lender should have foreseen the potential risk and could have implemented different systems reasonably precluding the chain of causal events.
Ari Karen is an attorney at Offit Kurman.
