Recent bulletins issued by the Consumer Financial Protection Bureau (CFPB) raise the bar on effective Third-Party Management. Financial institutions often rely on outsourced vendors for mission-critical products and services. The risks of inadequate oversight can be significant and are often hidden from institutions, sometimes surfacing only when it’s too late.

For a variety of reasons, however, many banks and non-banks are challenged to ensure compliance with these bulletins. In our perspective, financial institutions that are embarking on this journey need to respond to these six criteria:

1. Review arrangements, agreements, or contracts exist with vendors and third parties related to mortgage products or servicing.

Are changes planned for third party practices as a result of the new rules?

Will third party service providers deliver compliant application technology releases and/or fully tested process updates in time for the effective dates?

2. Determine changes have been made or need to be made to the above arrangements, agreements, or contracts to ensure that service providers comply with new regulations and all legal obligations.

3. Audit complaints reviewed regarding vendor activity for compliance and process concerns.

How frequently is this complaint data received?

4. Evaluate training procedures received and reviewed for third parties related to regulatory requirements.

5. Determine training provided for any third party service providers.

6. Assess contracts with any third parties related to mortgage activities.

Has their implementation plan been discussed and evaluated?

Does the financial institution have a back-up plan should the vendor not fully implement the necessary changes prior to the effective dates?