How SIM & CLM can save millions of dollars:
A Look at the Financial Industry
As we continue the series on managing third-party risk—SIM-CLM, it is clear that every organization has a different take on what is most critical to understanding its value. For financial organizations, addressing third-party risk has partly translated into managing a complex workflow of regulations compliance and risk prescribed by regulatory agencies that have been dominating the landscape.
Here are the names of just a few that we’ve come across—
- Comprehensive Capital Analysis and Review (CCAR)
- Consumer Financial Protection Bureau (CFPB)
- Financial Industry Regulatory Authority (FINRA)
- Office of the Comptroller of Currency (OCC)
- USA PATRIOT Act
In conversations with some of our clients in the financial industry, many of these have been mentioned, but few have dominated the discussion as much as the Consumer Financial Protection Bureau (CFPB).
To summarize, the CFPB is responsible for consumer protection in the financial sector. Established as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, failure to comply with CFPB rules can result in fines that can reach millions of dollars. According to the official CFPD site, 2016 has been a busy summer for fines; here is just a sample of what we’re talking about—
- Aug 25 – First National Bank of Omaha is ordered to provide $27.75 million in relief to roughly 257,000 consumers harmed by illegal practices with credit card add-on products. The bank used deceptive marketing to lure consumers into debt cancellation add-on products and charged consumers for credit monitoring services they did not receive. First National Bank of Omaha will also pay a $4.5 million civil penalty to the CFPB.
- Aug 22 – Action taken against Wells Fargo Bank for illegal private student loan servicing practices that increased costs and unfairly penalized certain student loan borrowers.
- Jul 14 — Santander Bank, N.A., ordered to pay a $10 million fine for illegal overdraft service practices. Santander’s telemarketing vendor deceptively marketed the overdraft service and signed up some of the bank’s customers for the service without their consent.
Based on similar cases and focus on regulation in the past few years, the CFPB has begun holding financial institutions responsible, not only for their own actions, but also for the actions of the companies with which they contract.
For the financial services industry, third-party risk is demonstrated in the outsourcing of services and marketing additional products such as telemarketing or call center services. According to the CFPB, using outside vendors can pose additional risks to financial services organizations, especially if their providers are unfamiliar with consumer financial protection laws, or have weak internal controls that in the end can harm consumers.
While maintaining regulatory compliance is clearly an ongoing concern for the finance industry at large, identifying the challenges are generally easier than successfully managing them. However, by bringing SIM-CLM together, Determine is helping financial organizations get one step closer to closing the gap in understanding third-party commitments, and the risk of exposure they pose based on the ability to easily tie contractual commitments to supplier profiles.
Using Determine’s third-party risk management capabilities, we help financial services become compliant with CFPB and other financial regulatory requirements. Through a combination of robust onboarding, certification and contract management workflows, we help financial organizations enable their third-party service providers and prevent the risk of getting fined by organizations such as the CFPB.
Some of the ways we are actively doing this include enabling the ability to—
- Conduct thorough due diligence to verify that service providers understand and are capable of complying with the law through certification management;
- Request and review the service provider policies, procedures, internal controls and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
- Use contract management to create custom clauses that establish clear expectations about specific regulatory compliance requirements, as well as describing the appropriate and enforceable consequences for violating any compliance-related responsibilities;
- Use supplier risk and performance best practices for establishing internal controls, and ongoing monitoring to ascertain whether the service provider is complying with the law; and
- Leverage action management within supplier management efforts to customize workflows, and take prompt action to fully address problems identified through the monitoring process.
Third-party management for financial services providers is essential for ensuring compliance and managing against risk. To learn more about the power of SIM+CLM, and how Determine is helping organizations manage these and wider supplier management and contract management challenges, give us a call or request a demo.