February 2020 Vendor Management News

Make sure you're not the last to know about key vendor management news and articles! We've compiled a list of the important information you need to know in the month of February.

Recently Added Articles as of February 27

This week, the FDIC released a guide notifying fintechs and third parties directly that it’s time to own up and deliver. And, there are updates regarding a large Wells Fargo settlement, data privacy and a fintech acquisition.

Proposed data protection act: In the works is a proposed data protection act at the federal level that would enforce privacy laws and standards as authorized by Congress. However, the bill does have its shortcomings like potential implementation challenges. While it’s certainly far from passage, a unified U.S. data protection law would solve overlaps and gaps in the many state level laws.   

NAFCU and the FTC discuss GLBA and data privacy: NAFCU is seeking consistency. Earlier this week, NAFCU shared why they feel GLBA is the best framework for financial institutions to use when collecting, processing, selling or disclosing consumer data. They find it to be a very effective method.

Protect Your Customers from Tax Season Scams: It's that time of the year again. Tax season is in full swing which also means phishing scams are on the rise, too. Share these phishing scam warning signs with your customers to make them aware and help protect them. 

FDIC releases a guide directed to fintechs and third parties: The FDIC released a guide on conducting business with banks. Are you a fintech or third party looking to learn more about what a bank expects? This informative guide gives you additional insight.

Wells Fargo agrees to $3 billion settlement: Wells Fargo makes the news again. According to regulators, the bank has agreed to settle a fake accounts scandal for $3 billion. The settlement is with the Justice Department and Securities and Exchange Commission (SEC).

A fintech acquires a bank: Just announced, LendingClub Corp will acquire Radius Bank for $185 million. This is the first fintech acquisition of a bank, and it’s highly due to the failed opportunities to secure access to banking through charters.

Recently Added Articles as of February 20

Check out this week’s news to learn more about a new fraud scheme, what NAFCU has to say about NCUA and CFPB proposed rules and why a proposed TCPA settlement won’t be moving forward.

A new approach to fraud: The secret service recently discovered a new fraud scheme that financial institutions, businesses and consumers should be aware of. It’s a fake rewards program. Fraudsters are using stolen credit card information and embedding it into barcodes on phony rewards cards. Cashiers are then believing this is an alternative form of payment. Specifically, NAFCU is urging organizations to understand this new scheme and work diligently to protect themselves and their consumers from fraud.

NCUA and CFPB rules are a topic of discussion in a recent meeting: This week, NAFCU’s regulatory committee got together to discuss proposed rules from the NCUA and CFPB. The NCUA proposed two rules in January. The CFPB, of course, has been working on clarifying the “abusive” standard in UDAAP. The committee will reconvene on March 24.

A TCPA settlement is shut down: A Pennsylvania judge won’t approve a proposed $4 million settlement in a Telephone Consumer Protection Act case. According to the opinion, Flagship Credit Acceptance LLC can compensate alleged victims at a much greater amount than $35 each. There are about 67,000 class members in this case against the auto loan provider.

Recently Added Articles as of February 13

This week’s news is unique to say the least. You’ll read about Director Kraninger standing up for the CFPB, a former CEO having to shell out some serious money, modifications already to the new California privacy laws and more.

CFPB shares more around the meaning of abusiveness: In late January, the CFPB issued a policy statement to help clarify the meaning of “abusiveness” in UDAAP. Although abusiveness is not defined in the policy statement, it does make the CFPB’s approach to the use of the abusiveness standard clearer. So, what does this mean for you? Continue to research prior enforcement actions and learn from those. Also, document your due diligence and show that you’ve worked to determine how new products and/or services could possibly harm customers, notate benefits and mitigation steps, etc.

4 are indicted for 2017 Equifax breach: More news regarding the huge 2017 Equifax data breach! Four members of the Chinese People’s Liberation Army (PLA) are indicted. These hackers exploited a vulnerability in Equifax’s online dispute portal software. The hackers gained access to names, birth dates and social security numbers on about half of all U.S. citizens. It’s scary to think about how quickly a system can he hacked so take this as a reminder to secure your networks – and make sure your vendors are as well.

Former Bank CEO pays $17.5 million civil penalty: The OCC announced that a former bank CEO will pay a $17.5 million civil penalty due to his involvement in the bank’s unlawful sales practices. Oh, the penalties don’t stop there. The former CRO and CAO will pay a combined $3.5 million, too.

California’s AG modifies CCPA regulations: CCPA has only been in effect for a month and a half but it’s already being modified. These revisions will modify initial regulations that were proposed in the latter half of last year. Some of the modified regulations include more guidance on the term “personal information”, establishing more requirements regarding information collected on minors, establishing “reasonable security procedures” regarding the maintenance of required records and more. There are 7 modifications that you should be aware of. Check it out.

The CFPB is evaluating current rules: The CFPB announced their plans to review the qualified mortgage rule and shift away from the 43 percent debt-to-income ratio requirement. They’ll also make progress in their review of portions of the Payday Lending rule, the Truth in Lending Act, the Remittance Rule and Fair Debt Collection Practices Act. The CFPB is staying busy.

The CFPB’s director is standing up for the bureau: Recently, CFPB Director Kraninger appeared before the House Financial Services Committee and discussed the CFPB’s policy statement regarding abusiveness. Learn more about her appearance and, interestingly, her response when it seemed that many felt the CFPB was weak when they handled a bank enforcement action. Do you know which enforcement action they’re referring to?

Recently Added Articles as of February 6

We don’t just have last Sunday’s Super Bowl kicking off February. This week, in third-party risk news, we kick it off with a proposed UDAAP settlement that’s been in the works since 2017, a misleading business scheme, a potential increase in GDPR fines and learn that an informative webinar is being provided that’ll help you understand more about the CFPB’s enforcement plans for the year.

Proposed settlement in unfair, deceptive, and abusive acts and practices lawsuit: The CFPB announced a proposed settlement with Think Finance, LLC. Back in November 2017, the CFPB filed suit against the entity and its subsidiaries for engaging in unfair, deceptive, and abusive acts and practices. If settled, Think Finance will receive a civil penalty and will no longer be able to collect loans if it violates state lending laws.

FTC is granted permission to proceed with a preliminary halt of a deceptive scheme: The defendants in question had hundreds of websites that offered government services such as a renewing a driver’s license. However, the kicker is, when you provided your information you were simply sent a PDF with publicly available information regarding the service. The customers thought they were receiving an actual service. According to the FTC, the websites were very misleading. Wow, it sure does sound like the FTC is right to halt these deceptive practices.

GDPR is stepping up the fines: There’s been some warning that general data protection regulators have plans to penalize GDPR non-compliant companies with heftier than ever fines and more frequently. Up until now, fines have been considered low and infrequent. Are you regulated by GDPR? If you haven’t yet, it’s time to ensure you’re compliant.

Ballard Spahr webinar on CFPB enforcement actions: The CFPB will increase investigations and enforcement actions this year. Learn about trends, priorities, the expected new enforcement director and more by registering here for the February 12^th event.

Gain a better understanding of how the industry is handling third-party risk. Download the whitepaper.