As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best practices, trends and more, I had the opportunity to speak with Amy Hanna Keeney of Adams and Reese LLP.
Amy is a regulatory and litigation attorney. She has practiced in the consumer financial space for most of her career. Amy handles litigation for and counsels banks and financial services companies in the consumer financial space and, recently, in light of the increased regulatory scrutiny surrounding consumer data collection, she became a certified information privacy professional (CIPP/US). Interestingly, she graduated from law school about a month before Dodd-Frank was signed into law, so she’s been watching the CFPB since its inception.
During our time, we covered:
Amy shed some light on where she thinks the CFPB is headed in upcoming months. In her opinion, the CFPB will always have a presence in the industry and is a long way from being dismantled. She shares that she often receives questions like this from her clients, asking if they no longer need to worry about the agency, but the answer is no. Consumer protections in third party risk management are a priority and will continue to be.
With the appointment of Acting Director Mick Mulvaney and changes such as the name of the agency from CFPB to the BCFP (Bureau of Consumer Financial Protection), the CFPB has certainly been a large topic of discussion in the news. Amy feels the following will be upcoming CFPB hot topics to be aware of:
Amy is really one of the industry experts on UDAAP. UDAAP, an acronym for unfair, deceptive or abusive acts or practices, is a regulatory hot topic lately. Given her expertise, I wanted to get her perspective on UDAAP based enforcement actions in the new era.
Amy predicts fewer unfair, deceptive and abusive based enforcements on the horizon; however, she foresees fraudulent activity being a huge focus for industry regulators. With this, like with the undefined definitions of unfair, deceptive and abusive, organizations may find it challenging to know exactly what will be constituted as blatant fraud. Due to the lack of clarity, you never absolutely know what a regulator will or will not consider as fraudulent activity.
The best way to understand CFPB and UDAAP requirements and expectations is to look to enforcement actions at organizations similar to yours. These can be used as a guide, giving your organization more insight as to how to best implement the practices in your third party risk management program.
We can teach you how - download our infographic to learn strategically how to use enforcement actions to your advantage.