CFPB Warns that Banks and Nonbanks Could Be on the Hook for Vendor’s Misconduct
On Friday, the Consumer Financial Protection Bureau ("CFPB") issued a bulletin warning that it will seek to hold supervised banks and nonbanks liable for their vendors' misconduct. Banks and nonbanks often hire service providers to process credit cards, handle data, operate call centers, or address customer service issues. The CFPB also emphasized that it has supervisory and enforcement authority over a "supervised service provider," defined under Dodd-Frank as "any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service," and could go after those entities directly.
The CFPB advises companies to take the following steps to ensure service providers' compliance:
- Conduct thorough due diligence to verify that the service provider understands and is capable of complying with federal consumer financial law;
- Request and review the service provider's policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
- Include contract provisions establishing clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;
- Establish internal controls and ongoing monitoring to determine whether the service provider is complying with federal consumer financial law; and
- Take prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.