(270) 506-5140 CONTACT US
Best Practices

November Vendor Management News

Nov 21, 2019 by Venminder Experts

Catch the latest headlines for the month of November related to third party risk management. It's important to stay up-to-date. 

Recently Added Articles as of November 21

This week, we have a heavy focus on NAFCU and the CFPB, but there’s also some talk of innovation sprinkled in as well.

IPA announces upcoming webinar: On November 26th, IPA Legal will host a webinar to discuss the CFPB’s new innovation policies. The No-Action Letter (NAL) Policy, Trial Disclosure Program (TDP) Policy and Compliance Assistance Sandbox (CAS) Policy were announced in September. Innovation may be the answer.

The Equifax data breach deal doesn’t suffice according to one watchdog: A class action watchdog disapproves of Equifax’s data breach deal. They feel counsel embellished its fee request and suppressed customers’ ability to make monetary claims. It looks like no easy pass for Equifax.  

CFPB pushes back and files opposition to All American Check Cashing’s Writ of Certiorari: The CFPB filed a brief opposing All American Check Cashing’s Petition for Writ of Certiorari Before Judgment. All American Check Cashing feels waiting for the court’s decision determining if the CFPB’s leadership is unconstitutional is unnecessary. The CFPB has pushed back and All American Check Cashing responded. Curious? Read about it to watch the debate unfold.

NAFCU and NCUA collaborate to discuss examinations: NAFCU and NCUA met to discuss modernizing examinations and other exam issues. As a reminder, NAFCU has recommended 18-month exam cycles. NAFCU also requested an updated on NCUA’s efforts to modernize examinations. And, NAFCU released a helpful resource, Exam Fairness Guide, which helps with understanding exam basics.

NAFCU and the Treasury Department discuss issues: NAFCU and the Treasury Department met to discuss top of mind issues. The panel went into extensive detail regarding the housing finance reform, faster payments, cybersecurity and NAFCU’s request for national data and cyber security standards, regulatory coordination between financial institutions and fintechs and needed rulemaking around the Americans with Disabilities Act regarding website accessibility requirements.

Violations of Dodd-Frank results in a record breaking CFPB penalty: A $59 million judgement was delivered as it has been found that two mortgage-relief companies violated the Consumer Financial Protection Act of the Dodd-Frank Act by mispresenting their services to customers. This settlement breaks down as follows: $21.7 million in restitution to customers and civil penalties of $37.3 million. There’s a lesson here. Promise to tell the truth and only the truth to your customers!

Recently Added Articles as of November 14

After a few weeks of a news slowdown, it’s picked back up and we have a smattering of just about everything.

Violations of BSA get more costly: Details were recently shared regarding the annual inflation adjustment to the Bank Secrecy Act’s (BSA) civil monetary penalty amounts. According to NAFCU Regulatory Paralegal Shari Pogach, "While this is an annual adjustment, it should still be a reminder that the federal regulator examiners are taking now a deeper look at BSA compliance.” As penalties rise, it’s a stark reminder the non-compliance can be costly!

Former Fed Chairman’s thoughts on digital currency in banking: Alan Greenspan, former U.S. Federal Reserve Chairman, shares his thoughts on digital currency in banking. He feels there is no reason for banking institutions to implement digital currency. His reasoning is that national currencies offer the best sovereign credit backing. However, some other Federal Reserve employees feel digital currency must happen. What are your thoughts? Is it inevitable?

NAFCU’s thoughts on the CFPB’s proposed use of tech sprints: NAFCU’s senior counsel for research and policy shared his feedback regarding the CFPB’s proposed use of tech sprints. Tech sprints are supposed to address regulatory compliance obstacles and promote innovation. NAFCU also went ahead and shared a couple of areas where they feel technology could be used to reduce supervisory burdens. These include compliance checks and risk management decisions.

Goldman Sachs and the criteria for credit limits: The new Apple card may need to quickly reassess its algorithm. NYDFS is already asking questions about potential gender discrimination. Goldman Sachs denies the accusations but will revisit their Apple Card credit limit provisions and how they’re determined.

Microsoft is pro CCPA: Microsoft announced they will implement CCPA throughout the United States. According to the blog, Microsoft says, “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents. Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual.” Microsoft will continue to practice privacy protection in their daily routine. While some companies are nervous, it looks like Microsoft is happily embracing the change.

Many are ready for changes to the CAMELS rating system: Recently, the Federal Reserve and FDIC announced a request for comment which meant input was welcomed regarding the CAMELS rating system and how it’s used to score the overall health of banks. While this was exciting to many, it’s important to remember that submitting feedback does involve some risk. You may share confidential details about the process that aren’t necessarily supposed to be shared. Remember, banks shouldn’t know the CAMELS rating results of other banks. I think we can all agree we want changes to CAMELS ratings but raising your hand could draw scrutiny.

Cordray-era CFPB lawsuit update: Recently, one of three deceptive debt collection practices lawsuits brought against foreclosure relief providers over five years ago received a final judgement.

The California Consumer Privacy Act (CCPA) may mean lawsuits: CCPA is set to become effective on January 1, 2020. With that, it’s predicted that data breach class action suits will follow closely behind. If you’re a company doing business in California, and experience a data breach, you may unfortunately be part of one. However, your best approach to help avoid this is to establish good cybersecurity posture and put arbitration agreements in place. Are you ready for the changes?

UDAAP implications in the emerging payments space: Attorneys general understand there is value in payment apps, but they still have their concerns. This is because some of these apps could fall under “money transmitter” in the anti-money laundering rules of FinCEN. Also, you’re violating Unfair, Deceptive, and Abusive Acts or Practices (UPAAP) if you process transactions without a license. So, basically, when creating the app, keep in mind the regulation and law you must comply to.

The CFPB and small business data collection: It’s been a while since the Consumer Financial Protection Bureau (CFPB) has issued new rulemaking on small business lending requirements. This seems to be making many anxious. Recently, a panelist of experts discussed their thoughts on this and predicted the CFPB’s approach. Interested in learning the panelists thoughts and the CFPB director’s points in the symposium?

Fallout from Capital One data breach: Michael Johnson was the chief information security officer (CISO) at the time of the huge data breach that happened earlier this year. Capital One has decided to move him to role of an advisor and hire a replacement CISO. As an advisor, he will continue to assist with the bank’s ongoing response to the breach.

CCPA steps for banks and credit unions: Are you a bank or credit union? If you still don’t feel prepared for CCPA, you’re not alone and this article may help. It highlights 3 steps you should take as CCPA gets closer. What are they? First, fully grasp your data collection activities. Second, review your security and fraud prevention processes. Third, keep in mind that compliance impacts brand trust, so you want to remain compliant.

HomeStreet Bank and FDIC announce $1,350,000 settlement: HomeStreet bank agreed to pay a $1,350,000 civil money penalty for violating the Real Estate Settlement Procedures Act (RESPA). The FDIC found HomeStreet Bank violated section 8(a).

Fiserv and First Data are fully merged: Now that Fiserv and First Data are fully merged, Fiserv looks to stay competitive while cutting costs. With the acquisition, they anticipate they can reduce costs by $1.1 billion annually. I’d say that’s a pretty good average.

Recently Added Articles as of November 7

We head into the holiday season with news surrounding NAFCU, data security, data breaches and more.

The NAFCU Journal’s November-December edition now available: NAFCU announced the release of the November-December edition of The NAFCU Journal. Interested in learning more about credit card offerings, exam expectations and preparing for disasters? Then this may be a great resource for you.

A national data security standard is requested: NAFCU wants a national data security standard and they made sure to let Congress know. According to NAFCU’s Brad Thaler, without a national data security standard in place it “creates risk, as bad actors often target those companies who do not have high security standards.” With data security standards in progress at the state level, NAFCU feels uniformity at the national level is even more needed. Speaking of the state level, do you know if your state has proposed data security law and regulation circulating?

Three banks are shut down within one week: Is this a sign that stiffer regulations are upon us? Regulators closed 3 banks in one week. Industry experts advise bankers to take caution and pay attention since this could mean a stricter regulatory stance on capital adequacy and risk. Please, no return to Bank Fail Fridays!

AT&T settles FTC allegations: AT&T agreed to pay the FTC $60 million to settle deceptive and misleading conduct allegations. AT&T offered “unlimited data plans” but neglected to tell customers that if they use a certain amount of data within their given billing cycle then their data speeds would be reduced. Remember, disclosure is key.

NCR takes a proactive approach to a recent Mint and QuickBooks Online hack: Mint and QuickBooks were recently hacked, causing bank account passwords to be compromised and fund to be siphoned. To protect their data, NCR blocked the platforms from accessing its online banking platform. Since their online banking platform is used by many financial institutions, they felt this was the best precautionary approach. It looks like NCR is taking the data breach very seriously; but let’s be honest, in today’s tech friendly world you really must. Sometimes, the best offense is to be on the defense.

Are you prepared to handle a data breach if it happens? Download the infographic.

New call-to-action

Venminder Experts

Written by Venminder Experts

Venminder has a team of third party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog