Ensuring compliance of entities that provide “material support” to ARM industry operators
The chief role of the CFPB as stated in Bulletin 2012-03 simply entitled Service Providers is to, “protect the interests of consumers and avoid consumer harm.” The memo goes on to say that, “The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.” While the CFPB’s final rule will directly affect the larger market participants, those ARM companies with operating revenues below this threshold are not immune from the enforcement authority of the agency, nor are service providers who directly or indirectly serve the companies under the supervisory and enforcement authority of the bureau.
While the bulletin specifically speaks to supervised banks and non-banks definitionally, the bureau maintains enforcement authority of Federal Consumer Financial Law as defined in section 1002(14) of the Dodd Frank Act for all companies and service providers subject to the statute. It is also important to note, that a service provider is defined in section 1002(26) of the Dodd Frank Act as “any person that provides a material service to a covered person of a consumer financial product or service” and may or may not be affiliated with the person to which it provides services. The bureau specifically defines a service providers by the perceived value they deliver a person or company and NOT by a contractual relationship or by receiving specific monetary compensation. By this definition, the tentacles of the CFPB now extend down from supervised banks, to non supervised financial service providers and finally the entire ARM Industry vendor community servicing all aspects of the industry.
Finally, the CFPB ties legal responsibility for the actions of service providers back to the bank or non-bank entity that engaged the service provider in certain circumstances. The bulletin states, “ The CFPB expects supervised banks and non-banks to have an effective process for managing the risks of service provider relationships. The CFPB will apply these expectations consistently, regardless of whether it is a supervised bank or non-bank that has the relationship with a service provider.” Translation??? You may not be a tier 1 card issuer, but you better be auditing your service providers just like the supervised banks are auditing your business for compliance.
In the bulletin, The CFPB provides a good outline of the foundation of your service provider compliance audit process, outlining five key areas companies should focus on when determining the compliance level of their service providers. Companies should be:
- Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law;
- Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
- Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
- Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and
- Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.
In these five recommendations, the bureau is making specific, actionable recommendations for ARM companies to create a detailed compliance audit program for all service providers to an organization, requiring them to develop internal policies, procedures and schedules to monitor the ongoing compliance of a service provider and to take immediate action to remediate or assist in remediating any areas of non-compliance that may be uncovered as a result of the ongoing monitoring process or recertification audit schedule.
Remember, the burden of ensuring that your service providers both understand Federal consumer financial law AND are capable of complying with these laws rests with you. Therefore, if you have not already developed a detailed service provider compliance audit strategy, do so immediately.
1) The CFPB’s Supervision and Examination Manual: Compliance Management Review and Unfair, Deceptive and Abusive Acts or Practices
Lighthouse Consulting has been providing solutions to operational compliance challenges for ARM companies for over a decade. Contact Phillip Duff, CEO of Lighthouse Consulting today and let us help you navigate the compliance landscape.
Phillip Duff, CEO | www.LighthouseConsultingInc.com | Phil@LighthouseConsultingInc.com | (904) 687-1687