The Consumer Financial Protection Bureau (“CFPB”) recently issued a bulletin warning supervised banks and nonbanks that they are responsible for overseeing service providers to ensure that they comply with Federal consumer financial laws. A supervised institution may be liable for violations of such laws by a service provider. The CFPB expects supervised institutions to maintain processes for managing this risk, including the following:
(i) Conducting thorough due diligence to verify that service providers understand and are capable of complying with Federal consumer financial law;
(ii) Requesting and reviewing service providers’ policies, procedures, internal controls, and training materials to ensure that they conduct appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
(iii) Including in contracts with service providers clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
(iv) Establishing internal controls and on-going monitoring to determine whether service providers are complying with Federal consumer financial law; and
(v) Taking prompt action to address fully any problems identified through the monitoring process, including terminating relationships where appropriate.