The Consumer Financial Protection Bureau has released new guidance regarding the relationship between debt relief companies (nonbanks) and underlying service providers. It’s a good time to review the relationship between any debt relief company and outside resources they utilize to deliver services.
The CFPB Guidance
The Consumer Financial Protection Bureau (CFPB) expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm. The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.
A. Service Provider Relationships
The CFPB recognizes that the use of service providers is often an appropriate business decision for supervised banks and nonbanks. Supervised banks and nonbanks may outsource certain functions to service providers due to resource constraints, use service providers to develop and market additional products or services, or rely on expertise from service providers that would not otherwise be available without significant investment.
However, the mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with Federal consumer financial law to avoid consumer harm. A service provider that is unfamiliar with the legal requirements applicable to the products or services being offered, or that does not make efforts to implement those requirements carefully and effectively, or that exhibits weak internal controls, can harm consumers and create potential liabilities for both the service provider and the entity with which it has a business relationship.
Depending on the circumstances, legal responsibility may lie with the supervised bank or nonbank as well as with the supervised service provider.
B. The CFPB’s Supervisory Authority Over Service Providers
Title X authorizes the CFPB to examine and obtain reports from supervised banks and nonbanks for compliance with Federal consumer financial law and for other related purposes and also to exercise its enforcement authority when violations of the law are identified. Title X also grants the CFPB supervisory and enforcement authority over supervised service providers, which includes the authority to examine the operations of service providers on site. The CFPB will exercise the full extent of its supervision authority over supervised service providers, including its authority to examine for compliance with Title X’s prohibition on unfair, deceptive, or abusive acts or practices. The CFPB will also exercise its enforcement authority against supervised service providers as appropriate.
C. The CFPB’s Expectations
The CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships. The CFPB will apply these expectations consistently, regardless of whether it is a supervised bank or nonbank that has the relationship with a service provider.
The Bureau expects that the depth and formality of the entity’s risk management program for service providers may vary depending upon the service being performed – its size, scope, complexity, importance and potential for consumer harm – and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. While due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable, as discussed above.
To limit the potential for statutory or regulatory violations and related consumer harm, supervised banks and nonbanks should take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers.
These steps should include, but are not limited to:
- Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law;
- Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
- Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
- Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and
- Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.
For more information pertaining to the responsibilities of a supervised bank or nonbank that has business arrangements with service providers, please review the CFPB’s Supervision and Examination Manual: Compliance Management Review and Unfair, Deceptive, and Abusive Acts or Practices. – Source
I can always use your help. If you have a tip or information you want to share, you can get it to me confidentially if you click here.