CFPB Revises Compliance Bulletin on Service Providers
10/26/2016 6:56 AM
The CFPB reissued its Compliance Bulletin on Service Providers, clarifying that supervised entities have flexibility allowing for appropriate risk management.
In a Federal Register Notice published on Oct. 26, 2016, the Consumer Financial Protection Bureau reissued its compliance bulletin on service providers, stating the amendment was needed to clarify that supervised entities have flexibility, allowing for appropriate risk management of service providers.
The bulletin, previously 2012-03, now 2016-02, was originally issued in 2012 to clarify that entities supervised by the CFPB must exercise due diligence in managing service provider relationships to ensure service providers comply with federal consumer financial protection laws. The new bulletin includes the same list of expectations for managing service provider relationships, for example, verifying that service providers understand and are capable of complying with federal laws, requesting and reviewing service providers' policies, procedures and training materials, including in contracts clear expectations about compliance, etc. The revised bulletin inserts the following language:
The Bureau expects that the depth and formality of the entity's risk management program for service providers may vary depending upon the service being performed—its size, scope, complexity, importance and potential for consumer harm—and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. While due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable…”
The Federal Register notice states that the amendment was needed to “clarify that the depth and formality of the risk management program for service providers may vary depending upon the service being performed—its size, scope, complexity, importance and potential for consumer harm—and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. This amendment is needed to clarify that supervised entities have flexibility and to allow appropriate risk management.”
The amendment signals that supervised entities have some flexibility and discretion when determining the level of oversight that is needed, based on the circumstances of the relationship and the particular activities of the service provider, as well as the potential for harm to consumers. The reissue of the bulletin also serves as a reminder that service provider relationships must be closely managed. The Federal Register notice indicates that the newly revised Bulletin 2016-02 will be released on the CFPBs website on Oct. 31, 2016. Members can review the text of the new bulletin by reviewing the Federal Register Notice.
Follow ACA on Twitter @ACAIntl and @acacollector or Facebook for news and event updates. ACA's LinkedIn Group includes news updates, member discussions, event promotions, jobs and more. Visit the group page and request to join today.