(270) 506-5140 CONTACT US
Best Practices

July Vendor Management News

Jul 18, 2019 by Venminder Experts

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out.

Recently Added Articles as of July 18

Lots of big headlines this week, but mainly pertaining to Facebook as they’ve received a substantial fine and their cryptocurrency is under fire. Also, in the news for the first time, the CFPB allows us a peek at how they define abusive by defending its use in a new enforcement action.

Federal Reserve chairman unsure about Facebook’s cryptocurrency: The Federal Reserve’s chairman has a lot of hesitancy regarding Facebook’s cryptocurrency and how prepared the company truly is to launch Libra. He shared there is a lot more that goes into it such as proving you’ve addressed money laundering, data protection, consumer privacy issues, etc. and it doesn’t seem like he thinks that Facebook is quite there yet.

Facebook receives $5 billion FTC fine: Facebook received a $5 billion FTC fine to settle the Cambridge Analytics breach – yes that’s billion with a “b”. However, their negative presence in the media over the last year hasn’t hurt their growth. According to Facebook, in Q1 their total revenue was up 26 percent making it $15.1 billion. They’re steadily growing in user and advertisement revenue. Some find it shocking that consumers keep using the platform given the misuse of data, but they do, therefore advertisers are still utilizing Facebook too.

Keep Big Tech Out of Finance Act: More news that is related to a big-name technology company. Can you guess who? Yep, Facebook. At the same time the Facebook Libra hearings are in motion a new draft discussion bill is announced – “Keep Big Tech Out of Finance Act.” The goal of this bill is to prevent big technology companies with revenues of $25 billion plus from becoming financial institutions. Are they trying to protect the little guys or afraid of a monopoly?

Understanding Facebook’s cryptocurrency: Need to brush up on Facebook’s Libra cryptocurrency? What it is, when it will be launched, how it may impact you? Check out this article released by CU Management. Sounds like many are hoping that credit unions will see the urgency to strengthen their own digital transformation and innovation.

$25 million CFPB settlement helps define abusive: According to the CFPB, a debt-relief company acted “abusively” in the way they communicated with consumers and their telemarketing practices. With this, we learn one way to define abusive is if there is “unreasonable advantage of consumers’ lack of understanding.” The CFPB providing reasoning behind “abusive” in an enforcement action is a nice step in the right direction.

Bills passed will amend FCRA: The House Financial Services Committee recently passed four bills that will amend the Fair Credit Reporting Act (FCRA). These amendments include shortening the time information can remain on a credit report, increasing the amount of information that must be provided to a consumer on their credit report and more.

Recently Added Articles as of July 11

Whoa! The news sure did pick up after the holiday week. Top headlines include a major GDPR fine against Marriot, CFPB director blazing her own trail, banks against regulatory rollbacks specific to the overdraft rule, a reminder on the importance of oversight and NAFCU arguing for information sharing as it pertains to anti-money laundering.

Credit union data exposed by employee: A credit union’s employee recently exposed 2.9 million members’ data. The employee had ill intentions. The incident reminds organizations why it’s important to ramp up cybersecurity monitoring. A threat can evolve from anywhere – not just third parties – even internally.

States moving forward with fintech sandboxes: Fintech sandboxes are still under review at the federal level. However, many states are moving forward with them. Utah is the most recent state to announce a program that allows organizations to test financial products with consumers without any possibility of violating state licensing or consumer protection laws.

Boards trying to understand their role in oversight: Many banking boards are looking to further clarify their responsibility in oversight and guidance when a product or service is outsourced, particularly to a fintech. There are a few key takeaways here. They’re always responsible for ensuring the bank’s strategic direction is matched, confirming a proper risk management program is in place to control and mitigate risks, verifying contract negotiation occurred and is documented and reviewing ongoing reports pertaining to monitoring. Remember, you can’t outsource the oversight!

CCPA compliance strategies: January 1, 2020 is rapidly approaching. Why is this important? The California Consumer Privacy Act (CCPA) will be enforced. Laurie Fischer, who is managing director at HBR Consulting, spoke on some of the biggest challenges she foresees as well as success strategies. What’s some of her biggest advice? Start mapping your organization’s data by identifying the scope of consumer data, identifying how it’s collected, where it’s shared, etc. Check out the Q&A for more insight.

FDIC publishes 2018 supervisory highlights: FDIC released their first consumer compliance supervisory highlights. This may mean that they will have increased focus on consumer compliance moving forward. Some of the items they address in the highlights include overdraft programs, prohibited kickbacks, Regulation E mistakes and lines of credit procedures. Looks like mortgage servicing is getting some attention.

CFPB director Kraninger’s creating her own path: They’re calling it an “independent path.” CFPB director, Kathy Kraninger, continues to move along her own path. Some of the most recent developments include a large settlement with a student lending provider as they previously engaged in unfair acts and practices that violated the Consumer Financial Protection Act (CFPA). There’s some discussion around payday lending compliance changes. Oh, and no one can forget the recent symposium. The abusive controversy is featured in this analysis, too.

NAFCU advocates for better anti-money laundering information sharing: NAFCU’s regulatory affairs counsel provides suggestions that should help with strengthening sharing information between government agencies, law enforcement and financial institutions through the FinCEN 314(a) program. She shares that while the program is beneficial, she feels credit unions don’t receive enough information from law enforcement to identify a potential threat. They need identifiers such as social security numbers, addresses and birth dates. Yes! This would be so helpful!

Investment firm merger of note: Sandler O’Neill Partners and Piper Jaffray Cos will merge in a $485 million deal. They’ll be known as Piper Sandler Cos.

NYDFS looks at Facebook advertising: NYDFS is investigating Facebook as the company may have used protected characteristics in advertisement conduct aimed at certain individuals. There is very clearly regulatory concern in the digital advertising space. Given the uncertainty of this area of law, and that investigations are beginning to emerge, it’ll be interesting to see the outcome.

Overdraft rule changes are being passed on: As the CFPB reviews the overdraft protection rule, many feel it does not need amended or rescinded. Many argue it should be left as is. It is working well and is doing what it was intended to do – increase informed consumer choice regarding overdraft services. Your thoughts? Do you think smaller institutions need some relief?

CFPB settles lawsuit with largest debt-settlement services provider: The CFPB and Freedom Debt Relief, LLC reach $25 million settlement. The debt-settlement services provider violated the Telemarketing Sales Rule and Consumer Financial Protection Act of 2010.

Marriot receives UK data fine: GDPR is in full force. Marriot receives $124 million fine for failure to protect consumer data. Marriot plans to appeal the fine.

British Airways fined for data breach: The UK fines British Airways $230 million due to a 2018 data breach. The Information Commissioners Office reports “poor security” in areas such as login, booking and payment.

Recently Added Articles as of July 4

To kick off the month, it’s clear the effort to define abusive leads the way in the industry. However, there’s also a major data breach. Cue the fireworks. The second half of 2019 is sure to have a lot of excitement in third party risk.

Bank agreed to $88 Million SEC Settlement: State Street Bank & Trust Company agreed to an $88 million settlement. The bank overcharged mutual funds and other registered investment company clients regarding expenses related to the bank’s custody of client assets.

FDIC announced plan to centralize supervision and resolutions of large and complex institutions: The FDIC announced the newest division - Division of Complex Institution Supervision and Resolution (CISR). CISR will be created in an effort to centralize supervision and monitoring of large institutions. This will be particularly banks with assets greater than $100 billion and if the FDIC is not the prudential regulator.

CFPB symposium panelists discuss CFPB abusive authority: While it may not be the definition that we were all expecting, the CFPB symposium featured perspective and insight from two panels’ worth of industry experts. The first had a focus on academics in consumer protection laws and policy issues pertaining to the abusive standard. The second featured a legal perspective and digging further into how the “abusive” standard has been used overtime in practice. We may not have a definition but at least it’s something, right?

New rulemaking impacting the Home Mortgage Disclosure Act (HMDA): The CFPB recently announced rulemaking activities affecting the HMDA. These include discretionary data-point requirements and proposed collection threshold requirements. Industry stakeholders now have more time to review and provide their thoughts on the changes. Will this impact you? Be sure to check out the extension deadlines.

New York seeks to surpass California in privacy protection: If passed, the New York Privacy Act (NYPA), Senate Bill S5642, will impose the most stringent requirements in the country related to a company’s collection, use, maintenance and disclosure of consumer information - even stricter than California’s Consumer Privacy Act (CCPA). In many ways the NYPA is like the CCPA; however, there are some key differentiators. NYPA will define a “data fiduciary” as any legal entity that “collects, sells or licenses personal information of consumers.” The NYPA will also create a data correction mechanism that requires correction of inaccurate personal data. Lastly, the NYPA will be privately actionable meaning a consumer could sue for actual damages and injunctive relief if injured by reason of a violation. Wow! Sounds like the rules will be firm and with big penalties if broken.

Data breach affects 2 billion user records: Need a reminder why cybersecurity/data protection is so important in third party risk management? It can happen anywhere, anytime! A smart home equipment manufacturer experienced a data breach that impacted 2 billion user logs leaving them vulnerable to hackers. The database included personally identifiable information of customers. The data vulnerability was exposed as part of a web-mapping project.

The FDIC updated 5 sections of its Compliance Exam Manual: Need hints for your next exam? We may have you covered. In June, the FDIC updated five sections of its Consumer Compliance Examination Manual. The sections include updates to examinations and third party risk, appeals, SOURCE violation codes, the Home Mortgage Disclosure Act and the Protecting Tenants at Foreclosure Act.

Venminder Experts

Written by Venminder Experts

Venminder has a team of third party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog