10 years ago, everyone was all about “outsourcing functions”. This was considered to be less costly, more efficient and less of a hassle. After all, you are paying them to do the work so you do not have to worry about it. That model worked well for some, until recently. The CFPB made big examples of companies who chose to outsource products and services without carefully monitoring them. In just two enforcement announcements, almost 400 million dollars in fines and refunds to consumers were charged to Capital One and Discover Financial Services.
Pay very close attention to enforcements from the CFPB regarding all institutions they monitor, even if it has nothing to do with a mortgage! I strongly believe, as do many in the legal arena, that they are defining examples of what can get your company into trouble. CFPB is focused on the consumer; that’s it, period and end of story! If you have any business practices that harm them, potentially harm them or deny them equal access to credit, it will not turn out well for your company.
Risk assessment begins with defining each line of business. One of your business practices or product offerings may be outsourced. If so, you need to monitor them as stringently, if not more, than your own employees. I want you to notice that the company paying the fine is the lender, and not the vendor. In the minds of the regulators, you hired them and you need to monitor them. If they step outside the boundaries, then the penalty falls on you.
Now, this is what you do not want to hear. Yes, this includes your TPO arrangements. You are the lender, so you are responsible. The examiners know that you cannot be responsible for everything a TPO does, but they do expect you demonstrate a comprehensive compliance management system to do all that you can. I have written about this topic before, so if you cannot find it on the discussion blog, just let me know and I will send you a copy.
Lessons on Third Party Management:
- Monitor interactions they have with your clients. This includes verbal, email, online, or mail.
- Mystery shop your vendors or brokers, to find out how they are working with their customers. It is a great way to ferret out the companies you do not want to work with, or set corrective actions.
- Check their policies, procedures, monitoring and training as closely as you do your own company.
- Find out what other products the TPO may be selling and determine how that may impact your risk assessment.
- If your company is selling product outside of your core business (mortgages), then how is this sold? If it is through a third-party then pay careful attention. The examiners are looking specifically for deceptive products and practices that yield income to your company, employee or the vendor, but offer little to no tangible benefit to the consumer.
- Have regular meetings reviewing your vendors. If you discover issues, document what actions were taken. This demonstrates your monitoring policies.
- Visit your vendors and document this.
- Have a written compliance management system for vendors.
I know that none of this is fun, and most of you feel completely overwhelmed right now. The key is to take little chunks, get that done, and move onto the next one. You will be surprised what can be accomplished in a short period of time if you discipline yourself to a fixed time period each day, no matter what your day looks like!
When a task is this big, confront it like a term paper. Make your outline, research to put some bones into it, and once that is done revise, expand and enhance. This “road map” helps you check items off as they are done (yes, I know it is never done)!