New Call-to-action
New Call-to-action

Venminder Blog


Subscribe to the Venminder Blog


CFPB Has Expanded Its Vendor Management Reach

Apr 11, 2017 by Steve Greenfield

CFPB exams for the non-bank lender have matured in recent years. The scope of the examination process has expanded to include a much more thorough review of vendor oversight.

From experience, I can attest that I’ve witnessed and been involved in the changing scope of the examination process. Certainly, every year, the level of scrutiny seems to be increasing. So, it appears that the CFPB has expanded their scope and, like many internal vendor management programs which are also in a state of various maturity levels, so is the fashion by which the CFPB approaches the topic of oversight.

Non-Bank Mortgage Lenders Just Starting Out With Vendor Management 

In a recent poll of over 180 non-bank mortgage lenders, approximately 48% of lenders stated their vendor management program was classed as a mature level while a staggering 46% stated they were “Just starting out”.

If these vendors are flying under the radar, it could be a case of playing Russian roulette of your responsibilities to implement vendor oversight practices. As a wise insurance claim analyst once told the driver who hadn’t had a claim in 20 years, “You were due." Don’t let this be the case with failing to implement a robust vendor management program.

The Maturing CFPB Examination Process

In the space of the last three years, the depth and detail of the questions during an examination have developed into something that resembles the following:

  • Year 1. The examiner requests a copy of your vendor management policy and procedures.

  • Year 2. The examiner requests copy of the vendor management policy and procedures along with a list of your critical vendors.

  • Year 3. (My most recent experience.) The examiner requests the above information plus copies of actual audit documentation and the board approved reports that you have conducted during the year.

The CFPB is itself connecting the dots to identify risk and non-compliance.

Today, the CFPB essentially looks to the policy and procedures and ties that into measuring the lenders actual compliance with the policy. In addition, it's common nowadays to also:

  • Submit copies of all of the vendor audit findings
  • Submit board approval
  • Submit corrective action notices
  • Show/explain outlook reminders and excel reports if you use those
  • Demo your vendor management software if your program is matured past using reminders and excel

By understanding the sophistication of the potential CFPB examiner will help you be better prepared not only during examination season but how you manage your internal program.

Regulatory Oversight Reaches Far and Wide

It isn’t just the CFPB looking at the non-bank lender's vendor management records. For every state that a lender is licensed opens the additional oversight from that state examiner.

Again, one of the great things about my role here at Venminder is that I get to speak to a lot of Vendor Managers and I hear some of the same stories repeatedly that I also experienced sitting on that side of the table. In fact, one vendor management department recently explained that they had 15 state visits in the course of 3 weeks out of the 22 states they were licensed in.

Depending on your organization's size, your reputation in the market, even down to the number of complaints your company receives on the CFPB consumer complaint portal, may vary and determine when you come up on the examination radar. However, you still must prepare for potential GSE exams along with state examiners.

Being prepared will go a long way in demonstrating that you take vendor management seriously and are concerned with the protection of the borrowers NPPI. The CFPB or any examiner needs to have the sense that you are taking a PROACTIVE rather than a REACTIVE approach to vendor management.

For help on doing proper oversight on a contract mortgage underwriter, download our infographic

Download Now

Steve Greenfield

Written by Steve Greenfield

Steve Greenfield, CMB, is Director of Third Party Risk at Venminder. He's an experienced vendor risk executive with more than 20 years of management experience in the financial services industry. Steve has expertise in the full spectrum of mortgage lending with an emphasis on risk oversight and consumer lending regulatory compliance as well as advising lenders on vendor software integrations to boost operational efficiencies and vendor consolidation opportunities. Steve joined Venminder from loanDepot, LLC where he held the position of Director of Vendor Oversight at their retail division, Mortgage Master. In this position, Steve led the implementation of a Vendor Risk Oversight Program that followed CFPB, OCC Third Party Oversight Requirements and managed the firm's Vendor Oversight Audit function.

Follow Steve Greenfield