CFPB Issues Policies to Promote Innovation and Facilitate Compliance

Question of the Week: Evaluating third-party vendors.

9/17/2019 

CFPB

The Consumer Financial Protection Bureau (CFPB) issued three new policy statements to promote innovation and facilitate compliance. They include: 

NALs provide increased regulatory certainty through a statement that the CFPB will not bring supervisory or enforcement action against a company for providing a product or service under certain facts and circumstances. 

Under the new TDP Policy, entities seeking to improve consumer disclosures may conduct in–market testing of alternative disclosures for a limited time upon permission by the CFPB. 

The CAS Policy enables testing of financial products or services where there is regulatory uncertainty. After the CFPB evaluates the product or service for compliance with relevant law, an approved applicant that complies in good faith with the terms or the approval will have a “safe harbor” from liability for specified conduct during the testing period. 

Question of the Week 

Q. What should we do when evaluating our using a third-party vendor?

A. NCUA’s Letter to Federal Credit Unions (07-CU-13) lays out a number of factors that credit unions should consider before entering into a third-party servicing relationship. According to NCUA, credit unions should consider the following:

  • Will the third-party relationship complement the credit union’s overall mission and philosophy?
  • How critical is the activity being outsourced?
  • How the third-party relationship will impact (if at all) the credit union’s strategic plans (longterm goals, objectives, and resource allocation).
  • How the risks/benefits of outsourcing the particular function compare with keeping the function in-house.
  • How the third-party relationship will impact (if at all) seven risk areas (credit risk, interest rate risk, liquidity risk, transaction risk, compliance risk, strategic risk and reputation risk).
  • Does credit union staff have the expertise to manage and monitor a third-party relationship?
  • Will the third-party relationship create additional insurance responsibilities for the credit union?
  • How will the relationship impact the credit union’s membership (positive and negative)?
  • Does the credit union have an effective exit strategy? 

The guidance highlights the need for credit unions to perform extensive due diligence and review the risks/benefits of outsourcing member services prior to engaging in a thirdparty vendor relationship. 
 
Additionally, the NCUA published Letter 08-CU-09, which provides the thirdparty relationship questionnaire that examiners will use, as well as Letter 10-CU-26, which discusses the evaluation of payment system service providers. 

Related Links

NCUA Letter 07-CU-13
NCUA Supervisory Letter 07-01
NCUA Letter 10-CU-26
NCUA Letter 08-CU-09 
NCUA Letter 08-CU-19

Legal Briefs 

National Credit Union Administration (NCUA) 

NCUA released Q2 2019 State credit union data. 

Consumer Financial Protection Bureau (CFPB) 

CFPB issued policies to facilitate compliance and promote innovation. The No-Action Letter (NAL) Policy, Trail Disclosure Program (TDP) Policy, and the Compliance Assistance Sandbox (CAS) Policy were originally proposed in 2018. 

CFPB announced working in partnership with multiple state regulators to launch the American Consumer Financial Innovation Network (ACFIN) to enhance coordination among federal and state regulators to facilitate financial innovation. 

CFPB released Supervisory Highlights, Issue # 19 (Summer 2019). The highlights focus on Automobile loan origination, Credit card account management, Debt collection, Furnishing, and Mortgage Origination. 

National Automated Clearing House Association (NACHA) 

NACHA released a statement on unauthorized ACH reversals in light of invalid transactions from MyPayRollHR.com. 

Office of Foreign Assets Control (OFAC) 

OFAC has updated the SDN list as of Sept. 13. The last update prior to this was Sept. 10. 

Questions? Contact the Compliance Hotline: 1.800.546.4465; [email protected].