June 2020 Vendor Management News

Read through these latest third-party risk updates and articles our experts recommend during the month of June to make sure you're staying on top of the latest industry news. 

Recently Added Articles as of June 25

Changes are afoot! The FDIC website debuts a brand-new look. Regulators try to ease stress by continuing to publish guidance for examiners and financial institutions alike. The pandemic continues to keep everyone on their toes with consumers padding their piggy banks and big-name corporations filing for bankruptcy... all the while organizations are carefully wading through cybersecurity and data privacy legalities. Read on to find out what else is happening in the world this week. 

FDIC reveals new look: After nearly a decade of the same old look, it seems the FDIC was finally ready for a change, which included a comprehensive overhaul of the agency's website. The facelift offers bankers, consumers and analysts fresh-and-easy access to the agency's most popular content, including a new Banker Resource Center. Frequent users can also use their existing bookmarks to redirect them to their most-visited resource links.

More regulatory guidance for bank examiners: In today’s climate there’s no such thing as “too much” information. While many are still in the dark about much of what’s to come, regulators are doing what they can to help financial institutions and examiners wade through uncertainty. The federal financial institution regulatory agencies, along with the state bank and credit union regulators, issued examiner guidance to outline the principles for assessing the safety and soundness of institutions during the coronavirus pandemic. A few extra considerations examiners are asked to review include: an institution's asset size, complexity, and risk profile as well as the industry and business focus of its customers.

Amid crisis, U.S. banks are “swimming” in cash: This week CNBC reported that U.S. banks have recently witnessed a massive influx of consumer deposits — nearly $2 trillion — since the pandemic hit in January. With economic woes, layoffs and industries suffering across that country, many are wondering how that can be. It seems various factors have contributed, including hundreds of billions of dollars in government stimulus aid, the Feds working to help the financial markets, along with a scarcity mentality that have caused many Americans to stockpile money for “worst-case” scenarios. Hopefully this is a sign of better times to come.

Courts flooded with Chapter 11 cases: Bankruptcy seems to be the word of the week in the nation’s courts. Some large corporations, including: NorthEast Gas Generation LLC, tobacco supplier Pyxus International, smart-pill maker Proteus Digital Health, 24-Hour Fitness, talent management and digital training company Skillsoft Corp and Chisholm Oil and Gas Operating LLC all filed for either Chapter 11 protection or bankruptcy over the past few weeks. Several have been forced to sell intellectual property, borrow money or seek financing. Quite the ironic situation during a week that consumers padded their bank accounts with $2 trillion.

Keeping pace with fintech: Technology is a constantly evolving species. I mean, just think about it…CDs were all the rage and now most computers don’t even come with a disc drive. As soon as one thing develops it seems another is already in the works to take its place; and this is equally true of financial tech. So, what’s in the fintech pipeline now, you ask? For one digital convenience, including advances in online payments and financial services which were once only offered “in-person.” Robotic processing and AI technology is also being deployed in financial organizations’ data-driven decision models while both data analytics and omnichannel payment options are rapidly increasing consumer protection and payment ease. We can’t wait to see what’s next!

Remote work stresses cybersecurity laws: Now that “WFH” is the new norm legal departments around the country are forced to reevaluate cybersecurity measures…and what that means for privacy and data protection laws. The issue facing many organizations is balancing the need to protect their data while also watching their P’s and Q’s when it comes to privacy laws, such as such as the General Data Protection Regulation or the California Consumer Privacy Act, which often vary state-to-state. As a result, many organizes are having the weigh the privacy protection of their employees with the protection of their data, which comes with legal repercussions all its own should there be a leak. Unfortunately, these situations seem to present quite the trick question with no easy solution in sight.

ESRI releases Coronavirus template: ESRI, a GIS mapping software, has recently released a Coronavirus Response template, including a site that your organization can configure with your own branding and data to share resources, maps and information regarding the current coronavirus (COVID-19) outbreak within your local community or region. The aim is to help organizations provide a clear scope of recommended elements, compare country metrics and build maps to track active and cumulative confirmed case data, deaths and reported recoveries.

Recently Added Articles as of June 18

While most of the country is still in a holding pattern, it seems everyone is using the slowdown to tidy up shop. The FDIC announced exam updates to sections of its risk management manual and the FTC gave its complaint database a high-tech facelift. Meanwhile, the Fed announced that all bank exam activities will resume, even if they will continue offsite for the foreseeable future. Read on for more!

CUInsight shares when credit unions should reach out to regulators: Hint, hint! It's often. Regulatory requirements are complex; leverage regulators and build strong relationships to help navigate the regulatory waters. There are five main times organizations should be doing so: times of inactivity, times of urgency, rule creation process, examination time and during the investigation process. 

The Fed plans to resume bank exams: On Monday, the Federal Reserve announced it plans to resume “business as usual” when it comes to examination activities for all banks. Of course, regular exam activities were reduced in March due to the pandemic; however, lots of contingency work has been in the interim to get the process up to speed and aligned with safety protocols. For now, exams will continue offsite until conditions further improve.

FDIC announces exam-related updates: Section 21.1 of the FDIC’s Risk Management Manual of Exam Policies recently got an update. Revisions were made to sections including Capital Adequacy, Loan Portfolio Review and Loan Operations Review modules. There were also updates made to the Community Bank Leverage Ratio, Allowance for Credit Losses, along with a few other minor technical edits.

FTC updates its complaint database: The Federal Trade Commission continues to work to make more state-level information available to the public, especially given the number of complaints received this year by the FTC are off the charts. Which, considering all the chaos due to the pandemic, is not surprising. Online shopping problems seem to top the list of complaints across the country, but the FTC has released a list of other compliant types they’ve received, along with their associated numbers. Both national and state-level complaint data will be publicly available via the FTC’s new, interactive dashboards.

Recently Added Articles as of June 11

The pandemic has inarguably changed the way we work, and it’s certainly showing. From specialized virtual training from NAFCU to risk warnings around supply chain growth and employee privacy concerns with the usage of security tech, the world is still adjusting. Meanwhile, the CFPB celebrates some wins…and also suffers an embarrassing loss. Take a peek at the news this week!  

NAFCU offers compliance education for professionals: If the 2020 pandemic has been anything, it’s certainly been a learning experience. And in response to uncertainties and worries around new regulations and handling, NAFCU is taking the opportunity to offer educational resources for compliance professionals. The upcoming BSA and Summer Regulatory Compliance Schools have now gone virtual but will still provide educational programs and training to help hone knowledge and skills. The BSA event will help compliance professionals to "demonstrate their commitment to protecting their institution from money laundering threats;" while the Virtual Regulatory Compliance School will focus on the "ability to build comprehensive understanding of regulations impacting daily operations while still performing job and home responsibilities."

Supply chain finance grow while risk warnings prevail: While it certainly seems like things are on the uptick, and supply chain finance continued to grow in the first quarter of 2020 (despite the pandemic), banks have taken it as an “all-clear” and are looking to expand their market share. In response, credit agencies are warning that certain financing techniques could mask episodes of economic stress. While a few banks have reduced their risk exposure on the PrimeRevenue platform during the crisis, others are deploying more credit either under existing programs or by joining new schemes. Yet, poor disclosures can obscure an organization's underlying health and result in mispricing of risk or misallocation of capital. Banks can also decide to withdraw funding or not renew a program, which could happen in response to a deterioration in a customer's credit quality, loss of market confidence or broader credit market disruption, according to S&P Global Ratings. Both are potent realities that come with a price, so it’s best to remember that patience is a virtue.

CFPB has a bad day in court: It was not the bureau's best showing when a judge denied their motion for entry of a consent judgement when, unfortunately, the proper party had consented to the judgement in the first place. The confusion began when the CFPB filed a complaint around 15 student loan trusts (The ‘Trusts’) and their deceptive practices around private student loan collection and servicing on the same day the bureau entered into an administrative consent order with one of the aforementioned Trust’s subservicers. However, it seems when filing a complaint around the subservicer, some finer details were overlooked. After some confusion and a lengthy period of discovery and briefing during the court hearing, the court found that correct approval had not been provided and the CFPB “admitted as much.” Case closed. An important reminder to cross your t’s and dot your i’s.

CFPB teams up with Massachusetts AG against credit repair scheme: While investigating complaints that a Massachusetts credit repair company were deceptive and abusive in their telemarketing practices, violating the Consumer Protection Law as well as the Telemarketing Sales Rule, the Massachusetts Attorney General’s Office and the CFPB teamed up to file a lawsuit against the company. It seems the company collected fees from consumers before performing as-advertised services, such as removing negative information from consumers’ credit reports and improving consumers’ credit scores. While this is certainly bad news for those left out to dry, if it sounds too good to be true… it probably is.

Privacy concerns continue as many return to the office: As more people are heading back into the office and more businesses are waking up, more employers are looking to apps and services to help safeguard their workplace from bad actors and the like. However, now safety and employee-relation concerns are rising around these security platforms. For example, certain facial recognition scanning could bring issues around biometrics, and would require certain states (like Illinois) to notify its employees about the collection of personal data. But every state has different laws, which could cause quite a bit of headaches for companies with employees in different states across the country. Sheesh, it seems you patch one hole, and ten others’ spring a leak.

Recently Added Articles as of June 4

CFPB issues some slaps on the wrist for compliance missteps, while the NAFCU helps bring some regulatory clarity amidst these confusing times. And on that note, COVID-19 continues to make organizations across the country rethink how they work, with more and more industry functions being pushed online... including home inspections. Check out the stories in the news this week! 

DOJ revises Corporate Compliance:  The DOJ, while thought to be behind the "Compliance" power curve, is playing “catch up,” and finally starting to take it more seriously, or at least understanding that it is an evolving practice. They make a point to address third-party risk management as an area of focus throughout the duration of a contract and not just something to consider during onboarding. Glad to see they’re finally coming around.

Bureau settles UDDAP case: The CFPB announced its settlement with Main Street Personal Finance Inc. and its associated subsidiaries. Despite being based in Cleveland, Tennessee, the company and subsidiaries offer payday and auto-title loans in eight different states. The Bureau found that the organization charged consumers through deceptive measures in violation of the Consumer Financial Protection Act (CFPA) and the Truth in Lending Act (TILA). They also violated the CFPA and TILA in failing to refund loan overpayments and violated the CFPA by engaging in unfair debt collection practices. The consent order not only prohibits the group from engaging in this unlawful conduct again, but also requires it to compensate consumers and pay a civil money penalty.

Despite Congressional relief, COVID-19 still threatens credit scores:  Although the coronavirus relief bill, enacted by Congress in March had hoped to shield credit scores from missed loan payments, it seems consumer scores have still taken a hit… or will in the near future. Use of disaster codes were meant to help with credit reporting, but it seems it’s still not quite clear how many sought relief and that ultimately, once forbearance and relief runs out, having a disaster code noted on an account can hurt future ability to access credit. Mortgage lending has been the main source of pandemic-related grievances, it seems credit reporting has down the most complaints via the CFPB portal this year, and that likely isn’t going to change anytime soon.  

NAFCU makes moves to alleviate regulatory burdens: Kaley Schafer of NAFCU provided some clarification to the CFPB Taskforce on Consumer Financial Law with the hopes to alleviate regulatory burdens and to improve consumer access for credit unions. As a part of this initiative, Schafer asked that the bureau refrain from making new rules (unless relief-related) while both organizations and consumers are still struggling with the fallout from the pandemic. In her address, Schafer covered guidance for Fintechs, short-term, small loans, alternative data as well as guidance around consumer data and consumer protections.

NAFCU updates FFIEC and FinCen guidance in a user-friendly, digital format:  In the spirit of clarification, the NAFCU also recently released a new edition of its BSA Blast in a digital edition complete with direct links to each section. The member-only, quarterly e-newsletter offers both coverage and analysis of credit union compliance issues. In this latest edition, the BSA Blast covered recent updates to the BSA/AML Examination Manual released by the Federal Financial Institutions Examination Council (FFIEC), which includes the NCUA, in an interagency statement and FinCEN’s 2018 assessment of a civil money penalty against U.S. Bank for its failure to have an effective AML program, among other things.

COVID-19 highlights the possibility of continued remote work: If the pandemic has proven anything, it’s definitely shown that with the world’s current tech options, higher numbers than ever thought possible are able to work in a fully remote capability. For Citigroup, once the pandemic was in full swing, they quickly realized their initial backup plan — sending workers to alternative sites in New Jersey and elsewhere — wasn’t going to work. The organization quickly switched gears and it became clear that with the right amount of hardware and technology, nearly 95% of Citigroup’s trading floor could work remotely… an idea that would have been thought impossible just months prior. While Citigroup has plans to move back into its brick-and-mortar offices, the pandemic has made them rethink their future disaster relief needs and the possibility they may need less disaster recovery sites. It seems there may be a silver lining or two among these lessons learned.

COVID-19 may change the future of home inspections: While the pandemic has wrought havoc on the economy, devastating many businesses and causing upheaval among many industries, the mortgage industry has had to make considerable changes… including its approach to home inspection. When stay-at-home orders reached their peak, many third-party inspectors were unable to complete their routine home inspection requirements, causing delays in the completion of appraisal reports. To alleviate the issues, some lenders created their own DropBox and Google Drive accounts, allowing homeowners to upload photos to the platforms. But this route has raised some concerns, including storage, security and fraud issues, which has led some organizations to create apps with tracking technology. However, the jury’s still out on whether tech can really be a stand-in for the real thing…only time will tell!

CFPB issues mortgage servicing consent: Last week the CFPB issued a consent order against the Specialized Loan Servicing, LLC (SLS) after an investigation around certain SLS mortgaging servicing practices concluded. As a result of the investigation, the CFPB is ordering SLS to pay $775,000 to consumers as redress and to waive an additional $500,000 in borrower deficiencies. SLS will also have to pay a $250,000 civil money penalty — quite an expensive slap on the hand for compliance failure.

Make sure you are reviewing your vendor's pandemic plans properly. Download the infographic.