The CFPB is going to look a lot closer at a lender's vendor oversight program. Some great advice here – don’t try to blind them with how sophisticated you are. Let's go over some simple tips to ensure your oversight program is in good shape to show off your vendor risk management program.
8 Vendor Risk Management Tips
Here are some simple tips to consider and implement into your processes:
- A good vendor risk management program should be clear and concise.
- Use common sense when writing it.
- In most cases, less is more when it comes to developing an effective policy and procedures. Remember, the CFPB is very likely to review this information and then use it during their own audit process of you.
- The more you have to do or the more you say will do according to your policy, program and procedures, will dictate just how much the examiner will have to audit against.
- A word of caution…if you're purchasing an off-the-shelf policy manual, buyer beware – know the policy inside and out. This isn’t an exercise where you simply insert your company name into a generic manual and then hand it over.
- Be prepared. If your policy states that you conduct initial due diligence as part of your pre-contract due diligence, then be ready to have examples of that activity. PROVE IT or LOSE IT.
- Another big-ticket item is making sure that the actual report has gone through the proper sign off channels within your organization.
- There’s a lifecycle to an audit. Simply having 20 audits in draft doesn’t really demonstrate that any highlighted concerns have been addressed or that corporate risk have acknowledged they have been completed.
Proper vendor oversight isn’t just important to help you appease the regulators, it’s to protect your institution. Download our infographic to learn the oversight requirements you need to know.