Driven by increased scrutiny from state and federal regulators, compliance risk has become a crucial factor in service provider selection and retention. Buckley assists clients in designing, implementing, and maintaining all critical areas of vendor management, seamlessly incorporating our extensive knowledge of consumer protection, consumer lending and servicing, debt collection, records management and retention, and all aspects of cybersecurity and privacy law with practical, business-conscious advice.
Our clients benefit from our broad compliance, enforcement, litigation, and transactional perspective, combined with our multi-dimensional understanding of each stage of the third-party risk management life cycle. Importantly, we also strive to ensure that vendor management programs are fully integrated into our client’s overall compliance management system.
Our team reviews policies and procedures to analyze regulatory compliance with a focus on the incorporation of best practices. We conduct risk assessments to understand and quantify the pitfalls of outsourcing a function, and work with our clients on due diligence and vendor selection. We perform targeted reviews of third parties, prepare diligence reports, and provide management recommendations commensurate with identified and expected risk.
We leverage this experience in contract negotiation, implementation, and termination, as well as in the drafting and negotiation of master services agreements, statements of work, servicing/subservicing agreements, joint marketing plans, third-party data sharing arrangements, and other third-party relationships in alignment with regulatory expectations. Furthermore, our team develops business continuity plans in the event of vendor nonperformance due to unforeseen circumstances.
We also design and conduct ongoing monitoring of service providers to ensure clients can demonstrate best in class vendor oversight processes. Our lawyers are involved in both on-site and remote assessments of vendor performance, employee training, and the development of appropriate and efficient termination and transition processes. We help our clients to identify roles and responsibilities for executive management and boards of directors, as well as develop validation processes through independent and internal audits. Moreover, we design and establish protocols for proper documentation and evidentiary support of compliance throughout all processes.
Jeffrey P. Naimon and Moorari K. Shah Authored a Mortgage Compliance Magazine Article, "Divide & Conquer"
The Consumer Financial Protection Bureau (CFPB or Bureau) continues to expand its gaze, announcing this past April that it has begun implementation of a program to directly supervise service providers of financial institutions, particularly those that cater to the mortgage industry. As regulatory...Articles
Special Alert: OCC Issues Supplement to Third-Party Oversight Guidance, Emphasizes Bank Responsibilities in Managing Risks in Fintech Relationships
On June 7, 2017, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2017-21 as a supplement to Bulletin 2013-29 , the OCC’s 2013 risk management guidance related to third-party relationships. The OCC’s latest release answers 14 frequently asked questions (FAQs) and marks the second...Articles
On June 23, the Maryland Court of Appeals affirmed a lower court judgment holding that a non-bank entity assisting consumers obtain loans from an out-of-state bank and then repurchasing those loans days later qualifies as a “credit service business” under the Maryland Credit Services Business Act (...Articles
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...Articles
"Key Points in the CFPB’s Outline of Proposed Rule for Third Party Debt Collectors" By Marshall T. Bell and Walter E. Zalenski (Consumer Finance Law Quarterly Report)
On July 28, 2016 the Bureau of Consumer Financial Protection (CFPB) announced that it is considering proposing a rule to “overhaul the debt collection market by capping collector contact attempts and by helping to ensure that companies collect the correct debt.” The CFPB released several related...Articles
With evolving regulatory expectations and increased enforcement exposure, financial institutions are under more scrutiny than ever. Nowhere is this more evident than in the management and oversight of service providers. When service providers are part of an institution’s business practice,...Articles
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...Articles
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...Articles
Regulatory Blue Pencil: CFPB Guidance, Enforcement Actions Signal Expanding Focus on Vendor Management
In April 2012, the Consumer Protection Financial Bureau (the ‘‘CFPB’’ or ‘‘Bureau’’) issued Bulletin 2012-03 (the ‘‘Service Provider Bulletin’’), a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial...Articles
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced...Articles
On June 29, the OCC released its Semiannual Risk Perspective for Spring 2020 , which reports on key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. In particular, the OCC focused this report on the financial impacts of the Covid-19...InfoBytes
On June 20, the Federal Reserve Bank of Boston updated FAQs for its Main Street Lending Program (see here , here and here for previous coverage). Among other things, new FAQs address the treatment of applicant debt to third party lenders for purposes of calculating outstanding and undrawn debt,...InfoBytes
On May 27, the Alternative Reference Rates Committee (ARRC)—a group of private-market participants convened by the Federal Reserve Board and the Federal Reserve Bank of New York— released a set of best practices for market participants to transition from LIBOR to the Secured Overnight Financing...InfoBytes
On March 5, the OCC released Bulletin 2020-10 , which provides answers to frequently asked questions (FAQs) concerning its existing guidance on management of third-party relationships, including relationships with fintech firms and data aggregators. This bulletin, issued to supplement Bulletin 2013...InfoBytes
On February 27, Federal Reserve (Fed) Governor Michelle W. Bowman spoke before the Banking Outlook Conference held at the Federal Reserve Bank of Atlanta on ways the Fed can increase transparency and modernize payment services for community banks. Bowman stated that the Fed is “uniquely positioned...InfoBytes
On February 10, Federal Reserve (Fed) Governor Michelle W. Bowman spoke before the Conference for Community Bankers on the interaction between innovation and regulation for community banks. In discussing her “vision for creating pathways to responsible community bank innovation,” Bowman identified...InfoBytes
On January 27, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of a report entitled Cybersecurity and Resiliency Observations, compiled from an assessment of prior examinations. The report provides best practices for regulated entities to increase readiness...InfoBytes
On April 4, the Colorado Court of Appeals reversed the trial court’s ruling assessing civil penalties against a foreclosure law firm for allegedly failing to disclose that its principals had an ownership interest in one of its vendors. The appeals court found that the civil penalty was not...InfoBytes
On April 2, the FDIC issued Financial Institution Letter FIL-19-2019 (Technology Service Provider Contracts), which describes examiner observations about gaps in financial institutions’ contracts with technology service providers (TSPs) that may require financial institutions to take additional...InfoBytes
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services...InfoBytes
Our Vendor Management Team
"Building effective internal communication channels" by Daniel R. Alonso, Andrew P. Pennacchia, Benjamin W. Hutten, Norma Ramirez-Marin (from The Guide to Corporate Compliance)
Recent Blog Posts
June 29, 2020
OCC highlights key risks for federal banking system, says compliance risk elevated due to Covid-19
June 20, 2020
Boston Fed updates Main Street Lending Program FAQs
May 29, 2020
ARRC issues LIBOR transition “best practices”
March 10, 2020
OCC updates FAQs on third-party risk management
March 4, 2020
Fed governor discusses modernizing payment systems for community banks