(270) 506-5140 CONTACT US
Best Practices

August Vendor Management News

Aug 15, 2019 by Venminder Experts

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out.

Recently Added Articles as of August 15

As we head into the middle of the month, we’ve got news to share surrounding cryptocurrency regulations, a data breach settlement, FinCEN efforts, industry investigations and more.

FinCEN increases their efforts to protect the U.S. Financial System: Ever been curious about where FinCEN focuses its efforts? FinCEN’s director recently shared the top six finance threats by bad actors that financial institutions are facing and exactly how FinCEN is addressing these. However, he not only shares the ways they’re working to protect the U.S. financial system but also how financial institutions can help prevent these threats, too.

Payroll advance industry is under investigation: The NYDFS digs into payday lenders in an effort to investigate potential unlawful online lending and consumer harm. Per the NYDFS, there are payroll advance companies who receive interest rates or fees which may violate state banking laws, licensing laws, consumer protection laws and more. If it’s a payroll advance, it’s technically wages you’ve earned, so what are your thoughts on fees and interest rate charges?

Credit reporting agency agrees to $700 million settlement: A recent article shares that a “large, national credit reporting agency” will pay around $700 million in a data breach settlement. This is to resolve the claims that they engaged in unfair and deceptive practices in a 2017 data breach. I think we all know who the agency they’re referring to is, but we’ll keep it under wraps here just for fun…

Update on cryptocurrency and state regulations: While many states are modifying how they regulate cryptocurrency like bitcoin, they still aren’t having as much luck convincing companies and consumers to pursue cryptocurrency. Why? Regulations vary so much from state to state which presents challenges.

Rhode Island and cryptocurrency regulations: Rhode Island is the most recent state to regulate cryptocurrency. They’ve added money transmitter guidance that will go into effect January 1st. If you accept currency transmission fees or maintain control of virtual currencies for others, you will need to follow these guidelines.

Pondering UDAAP for a moment: UDAAP is a hot topic yet again. The CFPB has said they will provide more clarification around the term “abusive” however by when is to be determined. In the meantime, it’s suggested that you look to recent enforcement actions to verify you’re on the right track.

New Hampshire will require compliance with their insurance data security law: Effective January 1, 2020, New Hampshire will require insurance companies comply with the New Hampshire Insurance Data Security Law. This means they must implement an Information Security Program, otherwise known as an ISP, in order to protect non-public information. ISP requirements include things like threat management, cybersecurity awareness training, third party due diligence and creating an incident response plan. Wondering if you’re an entity that must comply or not? Check out this article for a list of exempt licensees.

Recently Added Articles as of August 8

Cybersecurity and data breaches are still majority of the buzz this week as we learn more about the Capital One and Amazon data breach fallout - as well as how the rest of the industry is handling cybersecurity threats.

Mortgage servicer efforts fail to improve customer experience: With the industry focusing on cost-cutting, regulation and default management over borrowers, customer satisfaction levels are at an all-time low. Mortgage servicer customer satisfaction levels are said to be one of the lowest customer satisfaction levels among any of the industry. Recent efforts are clearly proving to be a flop with respondents to a survey indicated a satisfaction level of 777 on a 1,000-point scale.

Amazon and Capital One are feeling the heat from Republican lawmakers over data breach: After a rogue ex-employee of Amazon Web Services illegally accessed data from Capital One, both companies are now under fire from the GOP members of Congress. Due to the number of potential customer data that was accessed by the hacker, this is said to be one of the biggest data breaches yet – which has only increased the level of scrutiny from Republicans. Stay tuned for more information in this cybersecurity saga.  

FDIC Chairman gives ominous warning - banks could face enforcement actions over data breaches: After Capital One revealed a massive cyber breach that exposed sensitive information on more than 100 million customers, Jelena McWilliams warns other banks about the potential outcomes of data breaches. Cybersecurity is a major threat to American banks and the FDIC is vocal about possible enforcement actions, banks better be more prepared to handle (and if possible, avoid) data breaches.  

Financial regulators pay a visit to Amazon’s facility in Virginia: Federal banking regulators made a visit to an Amazon facility in Virginia in April, in what the Wall Street Journal says is a move that is indicative of new scrutiny for cloud providers that are repositories of sensitive banking information. Around the time of the spring visit, prosecutors claim a hacker in Seattle stole the personal data of more than 100 million Capital One card customers from Amazon’s cloud storage. Financial regulators have only limited power over nonbanks, notes the Journal. A U.S. Treasury report last year found that bank regulations hadn’t “sufficiently modernized to accommodate cloud and other innovative technologies."

Regulatory reform isn’t quick and certainly can be fraught with controversy: In order to relieve some of the banks' regulatory burden, regulators have met to discuss unfinished business this past week. So far, eight pending proposals have been issued but still need to be finalized. With a lengthy to-do list left to accomplish, we will have to see what other proposals are introduced. 

All you ever wanted to know about UDAAP but were afraid to ask: Due to its broad definition and complicated case law history, UDAAP can be confusing and difficult for compliance leaders to navigate. There was a recent symposium to discuss components and specific parameters of UDAAP. If you still find UDAAP confusing but don't want to admit it, check out these seven useful resources on the topic. 

The Federal Reserve will launch FedNow Service, a real-time payments system for the nation: So, what does this really mean? It will enable all financial institutions to offer real-time payments to customers. When can you expect it? It’ll be a few years as the launch may be in 2023 or 2024 as of right now. Can you get involved? Yes, since there are so many unanswered questions about the design, how it will operate, etc. the Fed is requesting feedback which can be shared through one of these outlets here.

Swiss-based private bank receives a $10.7 million fine: After receiving a 10.7 million dollar fine, a Swiss-based private bank is regretting not listening to one of their compliance officers who proposed that U.S. clients should fill out a Form W-9. Back in the day, the bank had around 100 U.S. clients with about approximately $200 million in assets. It looks like the scheme all started in 2003 when the bank worked with a Swiss asset manager who helped hide accounts/assets of U.S. clients. Presently, since they failed to ensure compliance, the bank is faced with a large Department of Justice tax evasion settlement. A costly lesson on ignoring the advice of your compliance officer.

Cybersecurity is still on the rise, how do credit unions address the problem?: NAFCU is trying to gain insight into how credit unions are handling cybersecurity by conducting a survey. Responses are due Friday, and hopefully will also help identify gaps in security and capabilities. Once the data is collected, it should give the industry a better idea of the trends affecting credit unions as a whole. 

FDIC plans to release artificial intelligence guidance: The FDIC announced that they’re ready to work with regulators to issue joint guidance on artificial intelligence (AI). And, if the other regulators aren’t prepared to do so, the FDIC is fine with moving along without them. The FDIC feels this a significant area that needs some guidance so that banks can better understand the benefits and how they may use machine learning and AI technology. The agency continues to be forward thinking and share ways technology can be used to each organization’s advantage.

Recently Added Articles as of August 1

Technically, it's a new month but the below articles obviously still cover these last few days of July. Capital One is the biggest story of the week, but we’re sure there's lots more to come.

CFPB’s debt collection call frequency limits: Let’s start August off a little differently with a podcast hosted by Ballard Spahr. In this podcast the call frequency limits that are address in the CFPB’s proposed debt collection rules are discussed. In addition, they share their recommendations to prepare for these changes.

Credit repair companies file motion to dismiss deceptive marketing allegations: A group of companies being sued by the CFPB have a filed a motion to dismiss the lawsuit against them that states they violated the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act (CFPA). Some of their reasoning includes that the defendants feel the CFPB is relying on “alleged” misrepresentations by third parties. They also said that they should not be held indirectly liable for third party actions as it can’t be proved that they, the third parties, represented them, the companies, as their agents. Oh, and they say it should be dismissed because the CFPB is “unconstitutionally structured.” Hmm, interested to see how this one pans out.

100 million impacted by Capital One breach: A former Amazon systems engineer who worked for Capital One is responsible for the recent Capital One breach and has been arrested. The breach that impacted 100 million is anticipated to cost the company between $100 million to $150 million.

Credit card interest-reduction telemarketing scheme is no more: The FTC and state of Ohio requested a federal court in Texas put a stop to two schemes that brought in millions of dollars from consumers. The companies involved, who have halted operations, are Madera Merchant Services and B&P Enterprises and Educare Centre Services and Prolink.

Bank of America and First Data no longer partners: After the closing of Fiserv’s acquisition of First Data, Bank of America and First Data announced they’re calling it quits. Although they will no longer pursue new merchant services strategies together, there are contracts that extend out to 2023.

Are you prepared to handle a vendor data breach? Download the infographic.

New call-to-action

Venminder Experts

Written by Venminder Experts

Venminder has a team of third party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog