(270) 506-5140 CONTACT US
Best Practices

January 2020 Vendor Management News

Jan 16, 2020 by Venminder Experts


Recently Added Articles as of January 16

There are all sorts of news articles this week. And, lots of them! New priorities, more wrangling over the fintech charter, enforcement actions and more.

Visa acquires Plaid: Visa will purchase Plaid for $5.3 billion. Plaid is a company that focuses on the development of APIs. Visa says that this purchase will expand their network capabilities and open up new market opportunities.

Wells Fargo will pay $102.8 million to settle the USAA mobile deposit patent case: Once again, Wells Fargo loses a case against USAA. Last year, Wells Fargo paid $200 million for infringing two USAA patents. This year, Wells Fargo has been ordered to pay $102.8 million for infringement. Wells Fargo disagrees and plans to appeal.

Former FinCEN employee pleads guilty: In today’s unusual news… A former FinCEN employee pleads guilty to conspiracy to unlawfully disclose Suspicious Activity Reports (SARs). On more than one occasion, the former senior adviser agreed to disclose sensitive information in SARs. As a reminder, the confidentiality of SARs is critical and extremely important. A violation like this is not taken lightly.

Consumer financial protection may expand in California and New York: California and New York are working to expand upon their consumer financial protection processes. In California, they’d like to enact a new “California Consumer Protection Law”. This would give the now Department of Business Oversight the authority to administer new law and would also change their department name to the Department of Financial Protection and Innovation. In New York, they’d like to enact legislation that would make state law more consistent with federal law, make products and services subject that are subject CFPB enforcement authority also subject to state oversight, increase maximum penalties under the Financial Services Law and provide the Department of Financial Services with the authority to collect restitution and damages.

CFPB files suit against student loan deft relief firms: The CFPB filed a lawsuit against several firms who partook in unlawful behavior by gathering individuals’ data illegally, charging unlawful fees and engaging in deceitful conduct. Monster Loans is one of the firms being sued as they violated the Fair Credit Reporting Act (FCRA) by obtaining information from a credit bureau on customers with student loan debt. Monster Loans acted like they were offering mortgage loans to these customers, but the company was actually using the information to give to debt-relief companies to use in their marketing. Remember, if it sounds too good to be true then it probably is.

Organizations haven’t missed the mark to become CCPA compliant: Yes, CCPA did go into effect on January 1, 2020. However, the CCPA enforcement date is July 1, 2020. Therefore, if you’re not compliant with CCPA, you still have time. According to Ballard Spahr, in the next 6 months it’s recommended that you create a detailed map of data flows, update policies to address CCPA obligations and respond to verifiable customer requests to use their CCPA rights. You still have time, but you better start today!

NAFCU continues to express TCPA concerns: NAFCU met with the FCC and made clear that they still have concerns regarding the Telephone Consumer Protection Act (TCPA) and its lack of clarity. NAFCU is especially concerned about the challenges presented by TCPA to implement procedures that don’t violate TCPA regulations. This has been an ongoing modernization effort between NAFCU and the FCC for 3 years. When will they get to a point where both are in full agreement?

OCC fintech charter appeal is happening: Since the OCC is appealing the Southern District Court of NY’s decision regarding the fintech charter plan, they will be heard in the second circuit where they’ll have an opportunity to validate the plan and their reasoning behind it. It’ll be interesting to see how this plays out this year.

Regulators and the Fed disagree on lending: Regulators are working to amend the rules of the 1977 Community Reinvestment Act (CRA). This update will be the first since 1955. The Fed isn’t fully on board with the proposed changes as they feel the updates don’t take into consideration business cycle changes or the different types of lower-income families within communities. The proposed updates may be too broad.

NCUA announces 2020 supervisory priorities: In the National Credit Union Administration’s 2020 supervisory priorities, you’ll find bank secrecy act and anti-money laundering compliance, consumer financial protection, cybersecurity, liquidity risk and credit risk, continuous monitoring of the new standard for current expected credit losses and the transition from the interest rate benchmark - London Interbank Offered Rate (LIBOR). In addition, the NCUA plans to release a new user portal. This is in an effort to modernize processes. Do any of these priorities come as a surprise to you?

Comerica Bank continues to be the preferred vendor of choice for the unbanked: After a competitive evaluation process, the U.S Department of the Treasury’s Bureau of the Fiscal Service announced that Comerica Bank will be reappointed as the fiscal agent for the Direct Express prepaid debit card program. The agreement will be for 5 years. There are some improvements to the Comerica Bank agreement that currently provides a program to 4.5 million people without a bank account. These improvements include a reduction in cardholder fees for certain transactions, improvements to customer service requirements, more reporting requirements and more.

Recently Added Articles as of January 9

This week, most of the news is regarding California Consumer Privacy Act (CCPA), legal analysis and regulatory speculation for the new year. Fortunately, no one work up to a major enforcement action as a holiday gift. Well, at least not thus far. A lot of agencies are joining in the fintech focus too, likely because the OCC is having to sort of figure out what to do next besides challenge the New York ruling.

Compliance with security standards is important: Recent cyberattacks are a stark reminder why compliance with standards like HIPPA is so important. Per HIPAA, organizations are required to perform risk analyses to assess possible risks and vulnerabilities to the security of electronic protected health information (ePHI) and implement action plans. It’s a critical requirement to protecting an organization and sensitive data. Organizations who have not followed requirements have fallen victim to attacks that could have had a significantly less impact on their organization or avoided completely had they followed recommendations.

Big things happening at the Venture Center in Arkansas with ICBA: Beginning this week and not concluding until March, over 100 banking executives, regulators, industry thought experts and more will join the accelerator program as mentors and coaching participants. The accelerator program brings forth a ton of industry information in 12 short weeks in an intense learning environment. The mentors will provide their expert feedback on products and services that are under development. It’s sure to be a busy and informative time.

A look back at SEC enforcement actions in 2019: Peruse last year’s top 4 SEC enforcement actions. These include enforcement actions on Barclays, Westport Fuel Systems, Quad/Graphics Inc. and Juniper Networks. Do you recall these? If not, now is the time to brush up and learn what not to do.

Audit committees and their role: Did you know, according to the SEC, an audit committee should set the tone for an organization’s financial reporting and set expectations for communication with audit and management? However, that’s not their only responsibility. They also play a part in the success of implementing GAAP standards, etc. This joint statement is a good reminder to all on what the role of the audit committee is.

U.S. is preparing for a cyberattack: U.S. officials are concerned and preparing for a potential Iranian cyberattack on government agencies and organizations. During this time, the director of the U.S. Cybersecurity and Infrastructure Security Agency urges people to pay attention to how they work and to be cautious.

Government officials plan to discuss tech policies at the International Consumer Electronics Show (CES): The DOJ and FTC are investigating the big four tech companies over possible antitrust and anti-competition practices. These companies are Apple, Google, Facebook and Amazon. So, during this time, there are plans to discuss tech policies. It seems like several agencies are getting more vocal about their interest in fintech.

CCPA is projected to cost organizations around $55 billion: As a reminder, the passage of CCPA means that organizations will need to inform consumers of the data that they’re collecting on them and also give consumers the option to opt out. Compliance with CCPA is complex for most organizations; therefore, many can anticipate spending a good amount to become fully compliant.

7 compliance issues to be aware of in 2020: Looking to understand the top compliance items to be on watch for in the new year? In this article, you’ll learn 7 to keep on your radar. Some of the issues listed include really understanding how the reviews of technology service providers will play out, climate change disclosures, critical audit matters disclosures in external audit firm reports and more.

OCC 2019 Annual Report: The OCC released their 2019 annual report which shares more insight on last year’s strategic priorities, financial management and regulatory and policy initiatives. Interestingly, the annual report only makes passing mention of the fintech charter initiative.

Next steps for regulators as tech changes happen: Lately, it’s become clear that policymaking has been moving at a much slower pace than the growth of technology which is causing policymaking to fall behind. Regulators must determine their next steps to catch up. Therefore, the future for regulation will likely have an innovation focus, but there’s a lot to do to get there.

Recently Added Articles as of January 2

It may be a short week with the New Year but it’s a busy week for fintechs. And, we see bleak prospects for regulatory reform in 2020.

Fintechs made headway in 2019: Fintechs didn’t secure the OCC bank charter in 2019, but that hasn’t stop them from making some big developments. Several fintechs launched bank products that are impacting deposits and changing up the way things have always been done. With the market seeking innovation, banks and fintechs alike are taking steps to improve their digital initiatives. It’ll be interesting to see the changes that happen in 2020. Is the new motto to stop banking and start finteching?

Federal Reserve announces a fintech innovation program: Announced by the Federal Reserve Board, there’ll now be the opportunity to join a series of fintech innovation office hours. This gives financial institutions and financial technology companies a dedicated time to share their issues involving fintech. And, they also launched a section of the website that is dedicated to fintech innovation. Looks like the Fed followed the lead of the CFPB and OCC. Who is next?

Financial services legislation reform in 2020: Given that next year is an election year, there’s a small chance of passing pending bills. Historically, passing billings during a presidential election year has been quite difficult. According to Raymond James’ policy expert Ed Mills, “the window is probably closed.” What are your thoughts?

The Fed may be changing it up in the New Year: Over the last decade, the federal bank regulators were heavily focused on writing rules. Now, in the next decade, it appears they may be coming to the end of their rulemaking chapter. Is the Fed changing its tune on bank supervision and regulation?

The OCC appeals the New York decision to strike down the fintech charter: It’s the gift that keeps on giving. In October 2019, NY Department of Financial Services filed suit in an effort to block the OCC’s special purpose national bank charters to fintech companies. Now, the OCC has filed an appeal.

The FDIC is weighing the impact of regulatory actions and seeking public input: Recently, the FDIC issued an RFI requesting comment on approaches the agency currently uses or may be considering using to analyze the impact of regulatory actions. This is an effort to improve the quality of their regulations and policies, minimize regulatory burdens and ensure their regulations and policies achieve legislative goals in an efficient and effective manner. The RFI will close on January 28, 2020.

FDIC and Federal Reserve System’s request for comments on CAMELS ratings is extended: In October 2019, the Federal Reserve System and FDIC announced an RFI seeking comments and feedback on the use of CAMELS ratings. The comment period’s end date is extended from December 30, 2019 to February 28, 2020.

Hackers are getting more clever at scamming: According to the FBI, in 2018 they found losses from hacks totaled $12.5 billion to the business community. They’ve warned that it’ll likely only get worse. Hackers and scammers are getting smarter and more creative. Here’s a great example. Recently, KVC Health Systems fell victim to a hacker’s tricks. The hacker was re-routing employee direct deposits to new accounts that belonged to them – the hacker. How’d they get away with this? They sent phony emails to the human resources department that looked like direct deposit change requests. Remember, trust but verify and teach your employees to be extra cautious.

Master vendor management in the new year. Download this eBook to see how.

New call-to-action

Venminder Experts

Written by Venminder Experts

Venminder has a team of third party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog