(270) 506-5140 CONTACT US
Login
Best Practices

August Vendor Management News

Aug 29, 2019 by Venminder Experts

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out.

Recently Added Articles as of August 29

There's less news as compared to normal this week but worth the read. We have updates regarding robocall procedures, GDPR and cybersecurity compliance, a warning from the IRS and some insight regarding potential cardholder benefit changes that may happen in the future to eliminate some confusion that has been occurring.

Consumers may receive less robocalls: Ready for some good news? Twelve telephone companies and 51 attorneys general are working diligently to stop illegal robocalls. They’re implementing a call-blocking technology and new caller identification framework. This is at no cost to consumers. Let’s hope it works, as robocalls should make many – if not all consumers – very happy.

Card issuers may simplify rewards as cardholders are often confused by them: Card issuers are providing more and more rewards to consumers. Many of us are used to the free miles and points that are offered. However, new to the equation are offers like airline passes for travel companions, free late hotel checkouts, etc. It turns out cardholders find these offers complex and sometimes they can’t even use them. In fact, in a recent survey, only a third of consumers report completely understanding all their cardholder benefits. Due to findings like this, will card issuers need to simplify rewards? Also, does this potentially violate UDAAP?

IRS warns taxpayers of email scam: In vendor management, we need to be aware of the latest attempts to breach data. The IRS sent out a warning to taxpayers and tax professionals about an IRS scam campaign that’s spreading nationally. It looks like someone is impersonating the IRS. The IRS wants to remind you that they’ll never send an unsolicited email or email taxpayers with the status of refunds. Be on the lookout and report any suspicious activity to phishing@irs.gov!

GDPR and cybersecurity challenges at law firms: Law firms aren’t exempt from GDPR and cybersecurity compliance. Just like the rest of the industry, firms may experience significant fines if they don’t comply. However, that said, there are some specific things law firms should be aware of and thinking about. First, if they don’t meet GDPR requirements, they’re setting themselves up for reputational risk. Second, given the amount of data firms are processing, data protection should be a high concern. Third, don’t forget that firms often deal with highly complex and sensitive data so the flow of data must be managed well. Looking for a tip? Try a data flow mapping project. This will help with GDPR compliance and cyber defenses.

Recently Added Articles as of August 22

This week in industry news we have enlightening statements by FinCEN’s Director Blanco, interesting news on Wells Fargo continuing to charge fees on closed accounts, a discovery that Capital One had a “heads up” on the hack and more.

A banker stops ID theft: After suspicious activity was reported internally regarding a customer, a bank employee in Georgia helps catch a thief. The thief defrauded both banks and individuals by using stolen identities. To do this, they had cell phones, numerous identifications, credit cards and even cash on them at the time of arrest. Kudos to the bank employee. It pays to be alert!

State Attorneys General looking at big tech companies: In July, the Department of Justice announced an investigation into possible antitrust activities at tech companies. Now, separately, a joint state attorneys general antitrust investigation into big technology companies is underway. The goal is to find out if there are platforms in the market that are obstructing competition.

Innovation trend continues with the New York Department of Financial Services: NYDFS announces their newest division, Research and Innovation. Given the increased focus on innovation, the newest division will aim to stay current with technological changes in the financial industry.

Wells Fargo closed accounts but continued to charge overdraft fees: After a slew of scandals, Wells Fargo is in the press again. This time, a company’s owner shares a recent experience with the bank that has led to an accumulation of $1,500 in fees. The kicker, however, is that Wells Fargo notified him that all 13 of his accounts were being closed. Why were they being closed? He has no idea. He also couldn’t get any answers as to why he was being charged fees on closed accounts. According to Wells Fargo bank employees, the Wells Fargo computer system oversees handling closed accounts and even though a customer may believe their account is closed it can stay open if it has a balance, even a balance of zero. So, if an automatic transaction is withdrawn, then the bank charges an overdraft fee. Many customer complaints regarding this have been received by the CFPB, complaint websites and even in the community section of the Wells Fargo website. They’ve now disabled that feature. If the accounts have been closed, why would they allow transactions to be withdrawn? What are your thoughts?

Employees were warned before a huge data hack: According to sources, prior to the breach, employees in Capital One’s cybersecurity unit noticed and reported staffing issues and a failure to properly install software to spot and defend against attacks. Did the right people get notified? Or was this ignored and/or missed altogether? As a lesson to all, remember it’s important to listen to your first line of defense. They’re your eyes and ears.

UDAAP analysis of the extra A for abusive: Alan Kaplinsky interviews Todd Zywicki in this recent podcast. The topic of discussion is Zywicki’s views on what is deemed abusive, the differences between abusive, unfair and deceptive, the types of products/services you need to be more careful with as they can involve abusiveness, the CFPB’s need for clarity and more. With abusive getting so much attention in the media we have to be around the corner from a clear definition. Don’t you think?

FinCEN’s director speaks at the Annual Las Vegas Anti-Money Laundering Conference: Director Kenneth A. Blanco shares her perspective on new technologies and how they impact AML/CFT and financial crime detection, important guidance for casinos – regarding the Convertible Virtual Currency, culture of compliance and FinCEN’s steps regarding regulatory reform, innovation and BSA. You can read the full speech here.

Recently Added Articles as of August 15

As we head into the middle of the month, we’ve got news to share surrounding cryptocurrency regulations, a data breach settlement, FinCEN efforts, industry investigations and more.

FinCEN increases their efforts to protect the U.S. Financial System: Ever been curious about where FinCEN focuses its efforts? FinCEN’s director recently shared the top six finance threats by bad actors that financial institutions are facing and exactly how FinCEN is addressing these. However, he not only shares the ways they’re working to protect the U.S. financial system but also how financial institutions can help prevent these threats, too.

Payroll advance industry is under investigation: The NYDFS digs into payday lenders in an effort to investigate potential unlawful online lending and consumer harm. Per the NYDFS, there are payroll advance companies who receive interest rates or fees which may violate state banking laws, licensing laws, consumer protection laws and more. If it’s a payroll advance, it’s technically wages you’ve earned, so what are your thoughts on fees and interest rate charges?

Credit reporting agency agrees to $700 million settlement: A recent article shares that a “large, national credit reporting agency” will pay around $700 million in a data breach settlement. This is to resolve the claims that they engaged in unfair and deceptive practices in a 2017 data breach. I think we all know who the agency they’re referring to is, but we’ll keep it under wraps here just for fun…

Update on cryptocurrency and state regulations: While many states are modifying how they regulate cryptocurrency like bitcoin, they still aren’t having as much luck convincing companies and consumers to pursue cryptocurrency. Why? Regulations vary so much from state to state which presents challenges.

Rhode Island and cryptocurrency regulations: Rhode Island is the most recent state to regulate cryptocurrency. They’ve added money transmitter guidance that will go into effect January 1st. If you accept currency transmission fees or maintain control of virtual currencies for others, you will need to follow these guidelines.

Pondering UDAAP for a moment: UDAAP is a hot topic yet again. The CFPB has said they will provide more clarification around the term “abusive” however by when is to be determined. In the meantime, it’s suggested that you look to recent enforcement actions to verify you’re on the right track.

New Hampshire will require compliance with their insurance data security law: Effective January 1, 2020, New Hampshire will require insurance companies comply with the New Hampshire Insurance Data Security Law. This means they must implement an Information Security Program, otherwise known as an ISP, in order to protect non-public information. ISP requirements include things like threat management, cybersecurity awareness training, third party due diligence and creating an incident response plan. Wondering if you’re an entity that must comply or not? Check out this article for a list of exempt licensees.

Recently Added Articles as of August 8

Cybersecurity and data breaches are still majority of the buzz this week as we learn more about the Capital One and Amazon data breach fallout - as well as how the rest of the industry is handling cybersecurity threats.

Mortgage servicer efforts fail to improve customer experience: With the industry focusing on cost-cutting, regulation and default management over borrowers, customer satisfaction levels are at an all-time low. Mortgage servicer customer satisfaction levels are said to be one of the lowest customer satisfaction levels among any of the industry. Recent efforts are clearly proving to be a flop with respondents to a survey indicated a satisfaction level of 777 on a 1,000-point scale.

Amazon and Capital One are feeling the heat from Republican lawmakers over data breach: After a rogue ex-employee of Amazon Web Services illegally accessed data from Capital One, both companies are now under fire from the GOP members of Congress. Due to the number of potential customer data that was accessed by the hacker, this is said to be one of the biggest data breaches yet – which has only increased the level of scrutiny from Republicans. Stay tuned for more information in this cybersecurity saga.  

FDIC Chairman gives ominous warning - banks could face enforcement actions over data breaches: After Capital One revealed a massive cyber breach that exposed sensitive information on more than 100 million customers, Jelena McWilliams warns other banks about the potential outcomes of data breaches. Cybersecurity is a major threat to American banks and the FDIC is vocal about possible enforcement actions, banks better be more prepared to handle (and if possible, avoid) data breaches.  

Financial regulators pay a visit to Amazon’s facility in Virginia: Federal banking regulators made a visit to an Amazon facility in Virginia in April, in what the Wall Street Journal says is a move that is indicative of new scrutiny for cloud providers that are repositories of sensitive banking information. Around the time of the spring visit, prosecutors claim a hacker in Seattle stole the personal data of more than 100 million Capital One card customers from Amazon’s cloud storage. Financial regulators have only limited power over nonbanks, notes the Journal. A U.S. Treasury report last year found that bank regulations hadn’t “sufficiently modernized to accommodate cloud and other innovative technologies."

Regulatory reform isn’t quick and certainly can be fraught with controversy: In order to relieve some of the banks' regulatory burden, regulators have met to discuss unfinished business this past week. So far, eight pending proposals have been issued but still need to be finalized. With a lengthy to-do list left to accomplish, we will have to see what other proposals are introduced. 

All you ever wanted to know about UDAAP but were afraid to ask: Due to its broad definition and complicated case law history, UDAAP can be confusing and difficult for compliance leaders to navigate. There was a recent symposium to discuss components and specific parameters of UDAAP. If you still find UDAAP confusing but don't want to admit it, check out these seven useful resources on the topic. 

The Federal Reserve will launch FedNow Service, a real-time payments system for the nation: So, what does this really mean? It will enable all financial institutions to offer real-time payments to customers. When can you expect it? It’ll be a few years as the launch may be in 2023 or 2024 as of right now. Can you get involved? Yes, since there are so many unanswered questions about the design, how it will operate, etc. the Fed is requesting feedback which can be shared through one of these outlets here.

Swiss-based private bank receives a $10.7 million fine: After receiving a 10.7 million dollar fine, a Swiss-based private bank is regretting not listening to one of their compliance officers who proposed that U.S. clients should fill out a Form W-9. Back in the day, the bank had around 100 U.S. clients with about approximately $200 million in assets. It looks like the scheme all started in 2003 when the bank worked with a Swiss asset manager who helped hide accounts/assets of U.S. clients. Presently, since they failed to ensure compliance, the bank is faced with a large Department of Justice tax evasion settlement. A costly lesson on ignoring the advice of your compliance officer.

Cybersecurity is still on the rise, how do credit unions address the problem?: NAFCU is trying to gain insight into how credit unions are handling cybersecurity by conducting a survey. Responses are due Friday, and hopefully will also help identify gaps in security and capabilities. Once the data is collected, it should give the industry a better idea of the trends affecting credit unions as a whole. 

FDIC plans to release artificial intelligence guidance: The FDIC announced that they’re ready to work with regulators to issue joint guidance on artificial intelligence (AI). And, if the other regulators aren’t prepared to do so, the FDIC is fine with moving along without them. The FDIC feels this a significant area that needs some guidance so that banks can better understand the benefits and how they may use machine learning and AI technology. The agency continues to be forward thinking and share ways technology can be used to each organization’s advantage.

Recently Added Articles as of August 1

Technically, it's a new month but the below articles obviously still cover these last few days of July. Capital One is the biggest story of the week, but we’re sure there's lots more to come.

CFPB’s debt collection call frequency limits: Let’s start August off a little differently with a podcast hosted by Ballard Spahr. In this podcast the call frequency limits that are address in the CFPB’s proposed debt collection rules are discussed. In addition, they share their recommendations to prepare for these changes.

Credit repair companies file motion to dismiss deceptive marketing allegations: A group of companies being sued by the CFPB have a filed a motion to dismiss the lawsuit against them that states they violated the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act (CFPA). Some of their reasoning includes that the defendants feel the CFPB is relying on “alleged” misrepresentations by third parties. They also said that they should not be held indirectly liable for third party actions as it can’t be proved that they, the third parties, represented them, the companies, as their agents. Oh, and they say it should be dismissed because the CFPB is “unconstitutionally structured.” Hmm, interested to see how this one pans out.

100 million impacted by Capital One breach: A former Amazon systems engineer who worked for Capital One is responsible for the recent Capital One breach and has been arrested. The breach that impacted 100 million is anticipated to cost the company between $100 million to $150 million.

Credit card interest-reduction telemarketing scheme is no more: The FTC and state of Ohio requested a federal court in Texas put a stop to two schemes that brought in millions of dollars from consumers. The companies involved, who have halted operations, are Madera Merchant Services and B&P Enterprises and Educare Centre Services and Prolink.

Bank of America and First Data no longer partners: After the closing of Fiserv’s acquisition of First Data, Bank of America and First Data announced they’re calling it quits. Although they will no longer pursue new merchant services strategies together, there are contracts that extend out to 2023.

Are you prepared to handle a vendor data breach? Download the infographic.

New call-to-action

Venminder Experts

Written by Venminder Experts

Venminder has a team of third party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts
Subscribe--Bg.jpg

Subscribe to the Venminder Blog