Driven by increased scrutiny from state and federal regulators, compliance risk has become a crucial factor in service provider selection and retention. Buckley assists clients in designing, implementing, and maintaining all critical areas of vendor management, seamlessly incorporating our extensive knowledge of consumer protection, consumer lending and servicing, debt collection, records management and retention, and all aspects of cybersecurity and privacy law with practical, business-conscious advice.
Our clients benefit from our broad compliance, enforcement, litigation, and transactional perspective, combined with our multi-dimensional understanding of each stage of the third-party risk management life cycle. Importantly, we also strive to ensure that vendor management programs are fully integrated into our client’s overall compliance management system.
Our team reviews policies and procedures to analyze regulatory compliance with a focus on the incorporation of best practices. We conduct risk assessments to understand and quantify the pitfalls of outsourcing a function, and work with our clients on due diligence and vendor selection. We perform targeted reviews of third parties, prepare diligence reports, and provide management recommendations commensurate with identified and expected risk.
We leverage this experience in contract negotiation, implementation, and termination, as well as in the drafting and negotiation of master services agreements, statements of work, servicing/subservicing agreements, joint marketing plans, third-party data sharing arrangements, and other third-party relationships in alignment with regulatory expectations. Furthermore, our team develops business continuity plans in the event of vendor nonperformance due to unforeseen circumstances.
We also design and conduct ongoing monitoring of service providers to ensure clients can demonstrate best in class vendor oversight processes. Our lawyers are involved in both on-site and remote assessments of vendor performance, employee training, and the development of appropriate and efficient termination and transition processes. We help our clients to identify roles and responsibilities for executive management and boards of directors, as well as develop validation processes through independent and internal audits. Moreover, we design and establish protocols for proper documentation and evidentiary support of compliance throughout all processes.
Jeffrey P. Naimon and Moorari K. Shah Authored a Mortgage Compliance Magazine Article, "Divide & Conquer"
The Consumer Financial Protection Bureau (CFPB or Bureau) continues to expand its gaze, announcing this past April that it has begun implementation of a program to directly supervise service providers of financial institutions, particularly those that cater to the mortgage industry. As regulatory...Articles
Special Alert: OCC Issues Supplement to Third-Party Oversight Guidance, Emphasizes Bank Responsibilities in Managing Risks in Fintech Relationships
On June 7, 2017, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2017-21 as a supplement to Bulletin 2013-29 , the OCC’s 2013 risk management guidance related to third-party relationships. The OCC’s latest release answers 14 frequently asked questions (FAQs) and marks the second...Articles
On June 23, the Maryland Court of Appeals affirmed a lower court judgment holding that a non-bank entity assisting consumers obtain loans from an out-of-state bank and then repurchasing those loans days later qualifies as a “credit service business” under the Maryland Credit Services Business Act (...Articles
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...Articles
"Key Points in the CFPB’s Outline of Proposed Rule for Third Party Debt Collectors" By Marshall T. Bell, John C. Redding, and Walter E. Zalenski (Consumer Finance Law Quarterly Report)
On July 28, 2016 the Bureau of Consumer Financial Protection (CFPB) announced that it is considering proposing a rule to “overhaul the debt collection market by capping collector contact attempts and by helping to ensure that companies collect the correct debt.” The CFPB released several related...Articles
With evolving regulatory expectations and increased enforcement exposure, financial institutions are under more scrutiny than ever. Nowhere is this more evident than in the management and oversight of service providers. When service providers are part of an institution’s business practice,...Articles
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...Articles
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced...Articles
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...Articles
Regulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management
In April 2012, the Consumer Protection Financial Bureau (the ‘‘CFPB’’ or ‘‘Bureau’’) issued Bulletin 2012-03 (the ‘‘Service Provider Bulletin’’), a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial...Articles
On March 5, the OCC released Bulletin 2020-10 , which provides answers to frequently asked questions (FAQs) concerning its existing guidance on management of third-party relationships, including relationships with fintech firms and data aggregators. This bulletin, issued to supplement Bulletin 2013...InfoBytes
On February 27, Federal Reserve (Fed) Governor Michelle W. Bowman spoke before the Banking Outlook Conference held at the Federal Reserve Bank of Atlanta on ways the Fed can increase transparency and modernize payment services for community banks. Bowman stated that the Fed is “uniquely positioned...InfoBytes
On February 10, Federal Reserve (Fed) Governor Michelle W. Bowman spoke before the Conference for Community Bankers on the interaction between innovation and regulation for community banks. In discussing her “vision for creating pathways to responsible community bank innovation,” Bowman identified...InfoBytes
On January 27, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of a report entitled Cybersecurity and Resiliency Observations, compiled from an assessment of prior examinations. The report provides best practices for regulated entities to increase readiness...InfoBytes
John C. Redding extensively quoted in Powersports Finance article, “Debt collection proposal may spark tighter vendor oversight”
John C. Redding was extensively quoted on July 10, 2019 in a Powersports Finance article, “Debt collection proposal may spark tighter vendor oversight,” which discussed Consumer Finance Protection Bureau’s (CFPB) proposed revisions to the FDCPA that includes limits on the number of calls debt...In The News
On April 4, the Colorado Court of Appeals reversed the trial court’s ruling assessing civil penalties against a foreclosure law firm for allegedly failing to disclose that its principals had an ownership interest in one of its vendors. The appeals court found that the civil penalty was not...InfoBytes
On April 2, the FDIC issued Financial Institution Letter FIL-19-2019 (Technology Service Provider Contracts), which describes examiner observations about gaps in financial institutions’ contracts with technology service providers (TSPs) that may require financial institutions to take additional...InfoBytes
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services...InfoBytes
On October 26, the FTC announced its final approval of an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices. Specifically, the company allegedly failed to closely...InfoBytes
On September 28, FHFA released Advisory Bulletin AB 2018-08 , which provides guidance to Fannie Mae and Freddie Mac, the Federal Home Loan Banks, and the Office of Finance (regulated entities) on the evaluation and management of risks associated with third-party provider relationships. (FHFA...InfoBytes