How can my bank comply with CFPB Bulletin 2012-3?

One of the simplest ways to ensure compliance and avoid legal action or fines is to establish a supplier relationship management (SRM) program at your bank or financial institution. SRM goes beyond the initial supplier sourcing phase, helping cultivate value from third-party vendors even after a contract is signed. Having a program in place can help your bank establish a structured process for which all service providers must adhere to in order to maintain their relationship with your organization and stay in compliance with Federal consumer laws.

SRM is not a new concept, but now many companies are finding that developing these programs is an essential key to their risk management practices as well as their bottom line. Through SRM, suppliers are more likely to open lines of communication, look for better and more cost-effective ways to support their clients, and adhere to the risk management policies your bank requires. Even more so, many financial institutions have outsourced this responsibility to strategic sourcing experts, who can find third-party vendors with existing compliance procedures, and then help maintain the relationship through SRM, so compliance is always in the forefront.

What you need to know about the CFPB Bulletin 2012-3

CFPB has the right to obtain and review documentation from supervised banks and nonbanks to ensure compliance with all Federal consumer laws. They have the authority to enforce regulations or repercussions in cases of non-compliance for both your company and your supply chains. CFPB requires financial institutions to effectively manage the risk for all service provider relationships.

Risk Management Processes Should Include:

- Verifying service providers understand and can comply with all Federal consumer financial laws
- Reviewing all third-party vendors’ policies, internal controls, and even training materials to confirm they are providing the appropriate supervision over employees who have contact with consumers or compliance requirements
- Developing contracts with third-party vendors that clearly outline expectations around compliance as well as repercussion for violating these requirements
- Creating processes and on-going monitoring practices to enforce compliance
- Acting promptly to any service provider issues and terminating as necessary