The CFPB issued a guidance bulletin emphasizing that it expects supervised banks and nonbanks to oversee business relationships with service providers (defined in Section 1002(26) of the Dodd Frank Act as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service”) to ensure compliance with federal consumer protection laws. The CFPB noted that the mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with federal consumer financial protection laws to avoid consumer harm.
The CFPB advised that it expects supervised banks and nonbanks to “have an effective process for managing the risks of service provider relationships.” The steps that should be taken to ensure that the business arrangement between supervised banks and nonbanks and service providers do not present unwarranted risks to consumers include:
- Conducting thorough due diligence to verify that the service provider understands and is capable of complying with federal consumer financial protection laws;
- Requesting and reviewing the service provider’s policies and procedures to ensure the service provider conducts appropriate training and oversight of its employees;
- Setting forth clear expectations about compliance in contracts with the service provider and the consequences for non-compliance;
- Establishing internal controls and on-going monitoring of compliance with federal consumer financial protection law; and
- Addressing problems promptly.
Click here for the bulletin.