The Consumer Financial Protection Bureau ("CFPB" or
"Bureau") published a bulletin clarifying that it
"expects supervised banks and nonbanks to oversee their
business relationships with service providers in a manner that
ensures compliance with Federal consumer financial law" on
April 13, 2012.
This bulletin signals that the Bureau is focusing its supervision
and enforcement efforts on both direct providers of consumer
financial products and services and their service providers,
including companies involved in advertising and marketing, lead
generation and affiliate marketing, fulfillment, other back-office
services, and customer service.
The bulletin makes clear that the CFPB views the use of service
providers as "often an appropriate business decision,"
but that entering into a business relationship with a service
provider "does not absolve" the supervised entity of
responsibility for complying with Federal consumer financial law to
avoid consumer harm. In addition, the bulletin states the
Bureau's expectation that supervised financial institutions
have an effective process for managing the risks of service
provider relationships.
According to the Bureau, "[a] service provider that is
unfamiliar with the legal requirements applicable to the products
or services being offered, or that does not make efforts to
implement those requirements carefully and effectively, or that
exhibits weak internal controls, can harm consumers and create
potential liabilities for both the service provider and the entity
with which it has a business relationship."
The CFPB recommends that supervised financial institutions take
steps to ensure that business arrangements with service providers
do not present unwarranted risks to consumers. According to the
CFPB, these steps include:
- Conducting thorough due diligence to verify that the service provider understands and is capable of complying with the law;
- Requesting and reviewing the service provider's policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
- Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities;
- Establishing internal controls and on-going monitoring to determine whether the service provider is complying with the law; and
- Taking prompt action to fully address any problems identified through the monitoring process.
Title X of the Dodd-Frank Wall Street Reform and Consumer
Protection Act authorizes the CFPB to examine and obtain reports
from supervised banks and nonbanks for compliance with Federal
consumer financial law and for other related purposes and also to
exercise its enforcement authority when violations of the law are
identified. Title X also grants the CFPB supervisory and
enforcement authority over supervised service providers, which
includes the authority to examine the operations of service
providers on site.
The bulletin is available at: http://files.consumerfinance.gov/f/201204_cfpb_bulletin_service-providers.pdf.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.