Driven by increased scrutiny from state and federal regulators, compliance risk has become a crucial factor in service provider selection and retention. Buckley assists clients in designing, implementing, and maintaining all critical areas of vendor management, seamlessly incorporating our extensive knowledge of consumer protection, consumer lending and servicing, debt collection, records management and retention, and all aspects of cybersecurity and privacy law with practical, business-conscious advice.
Our clients benefit from our broad compliance, enforcement, litigation, and transactional perspective, combined with our multi-dimensional understanding of each stage of the third-party risk management life cycle. Importantly, we also strive to ensure that vendor management programs are fully integrated into our client’s overall compliance management system.
Our team reviews policies and procedures to analyze regulatory compliance with a focus on the incorporation of best practices. We conduct risk assessments to understand and quantify the pitfalls of outsourcing a function, and work with our clients on due diligence and vendor selection. We perform targeted reviews of third parties, prepare diligence reports, and provide management recommendations commensurate with identified and expected risk.
We leverage this experience in contract negotiation, implementation, and termination, as well as in the drafting and negotiation of master services agreements, statements of work, servicing/subservicing agreements, joint marketing plans, third-party data sharing arrangements, and other third-party relationships in alignment with regulatory expectations. Furthermore, our team develops business continuity plans in the event of vendor nonperformance due to unforeseen circumstances.
We also design and conduct ongoing monitoring of service providers to ensure clients can demonstrate best in class vendor oversight processes. Our lawyers are involved in both on-site and remote assessments of vendor performance, employee training, and the development of appropriate and efficient termination and transition processes. We help our clients to identify roles and responsibilities for executive management and boards of directors, as well as develop validation processes through independent and internal audits. Moreover, we design and establish protocols for proper documentation and evidentiary support of compliance throughout all processes.
Jeffrey P. Naimon and Moorari K. Shah Authored a Mortgage Compliance Magazine Article, "Divide & Conquer"
The Consumer Financial Protection Bureau (CFPB or Bureau) continues to expand its gaze, announcing this past April that it has begun implementation of a program to directly supervise service providers of financial institutions, particularly those that cater to the mortgage industry. As regulatory...Articles
Special Alert: OCC Issues Supplement to Third-Party Oversight Guidance, Emphasizes Bank Responsibilities in Managing Risks in Fintech Relationships
On June 7, 2017, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2017-21 as a supplement to Bulletin 2013-29 , the OCC’s 2013 risk management guidance related to third-party relationships. The OCC’s latest release answers 14 frequently asked questions (FAQs) and marks the second...Articles
On June 23, the Maryland Court of Appeals affirmed a lower court judgment holding that a non-bank entity assisting consumers obtain loans from an out-of-state bank and then repurchasing those loans days later qualifies as a “credit service business” under the Maryland Credit Services Business Act (...Articles
October 3, 2015, marked the official effective date of the long-anticipated, and widely dreaded, TILA-RESPA Integrated Disclosure (TRID) rule. Mortgage professionals have learned from a half-decade deluge of regulation that their TRID fate, along with almost every other aspect of the industry’s...Articles
"Key Points in the CFPB’s Outline of Proposed Rule for Third Party Debt Collectors" By Marshall T. Bell, John C. Redding, and Walter E. Zalenski (Consumer Finance Law Quarterly Report)
On July 28, 2016 the Bureau of Consumer Financial Protection (CFPB) announced that it is considering proposing a rule to “overhaul the debt collection market by capping collector contact attempts and by helping to ensure that companies collect the correct debt.” The CFPB released several related...Articles
With evolving regulatory expectations and increased enforcement exposure, financial institutions are under more scrutiny than ever. Nowhere is this more evident than in the management and oversight of service providers. When service providers are part of an institution’s business practice,...Articles
The vendor landscape for companies in the mortgage industry has shifted significantly in recent years. State and federal regulators have levied hefty and often unprecedented fines against a number of supervised institutions because of inadequate vendor-management policies and ineffective vendor...Articles
In April 2012, the Consumer Protection Financial Bureau issued Bulletin 2012-03, a guidance document setting forth the CFPB’s high-level expectations related to the engagement of third party service providers by supervised financial institutions. Since then, the Bureau has often referenced...Articles
Two regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management. First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the...Articles
On April 4, the Colorado Court of Appeals reversed the trial court’s ruling assessing civil penalties against a foreclosure law firm for allegedly failing to disclose that its principals had an ownership interest in one of its vendors. The appeals court found that the civil penalty was not...InfoBytes
On April 2, the FDIC issued Financial Institution Letter FIL-19-2019 (Technology Service Provider Contracts), which describes examiner observations about gaps in financial institutions’ contracts with technology service providers (TSPs) that may require financial institutions to take additional...InfoBytes
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services...InfoBytes
On October 26, the FTC announced its final approval of an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices. Specifically, the company allegedly failed to closely...InfoBytes
On September 28, FHFA released Advisory Bulletin AB 2018-08 , which provides guidance to Fannie Mae and Freddie Mac, the Federal Home Loan Banks, and the Office of Finance (regulated entities) on the evaluation and management of risks associated with third-party provider relationships. (FHFA...InfoBytes
On May 24, the OCC released its Semiannual Risk Perspective for Spring 2018 , identifying and reiterating key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. Priorities focus on credit, operational, compliance, and interest risk, and...InfoBytes
On January 18, the OCC announced the release of its Semiannual Risk Perspective for Fall 2017 , identifying key risk areas for national banks and federal savings associations. Top supervisory priorities will focus on credit, operational, and compliance risk. As previously discussed in the spring...InfoBytes
On December 29, the Department of Veterans Affairs (VA) issued Circular 26-17-43 to clarify its policy that lenders may use third-party vendors to verify borrower income, employment, and asset information subject to the following caveats: (i) lenders must retain full responsibility for verifying...InfoBytes
On October 20, the OCC released modifications to its risk management principles for new, modified, or expanded financial products and services (collectively, new activities). Bulletin 2017-43 rescinds OCC Bulletin 2004-20 and section 760 of the Office of Thrift Supervision Examination Handbook ...InfoBytes
CFPB Issues Principles Concerning Security and Transparency for Financial Data Sharing and Third-Party Aggregation
On October 18, the CFPB published guidelines entitled “ Consumer Protection Principles ” (Principles), which are “intended to reiterate the importance of protecting consumers” when companies, including “fintech” firms, banks, and other financial institutions, get authorization from consumers to...InfoBytes
Our Vendor Management Team
Recent Blog Posts
April 12, 2019
Colorado Court of Appeals reverses law firm penalty for affiliated vendor relationships
April 3, 2019
FDIC issues guidance on gaps in technology service provider contracts
February 6, 2019
Final deadline approaching for NYDFS cybersecurity regulation
October 31, 2018
FTC approves final expanded settlement with global ride-sharing company over data breaches
October 4, 2018
FHFA issues guidance for third-party provider relationships