Summary: Compliance Bulletin,
Policy Guidance, 2016-02; Service Providers

CFPB Compliance Bulletin and Policy Guidance 2016-02
NASCUS Legislative and Regulatory Affairs
October 2016

Service Providers

The Bureau reissued its guidance on service providers (formerly CFPB Bulletin 2012-03) to clarify that the depth and formality of the risk management program for service providers may vary depending on the service being performed and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations.  The Bulletin can be accessed here.  

According to the Bulletin, the CFPB expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law.  The Bureau encourages institutions to take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers.  These steps should include (but are not limited to):

  • Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law;
  • Requesting/reviewing the service provider’s policies, procedures, internal controls and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contract or compliance responsibilities
  • Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
  • Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and
  • Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.

The Bulletin directs advises institutions that are seeking more information pertaining to the responsibilities of a supervised bank or nonbank that has business arrangements with service providers to review the CFPB’s “Supervision and Examination Manual: Compliance Management Review and Unfair, Deceptive, and Abusive Acts or Practices.”