Third-Party Risk Management and The Consumer Financial Protection Bureau (CFPB)


OneTrust enables CFPB-supervised banks and nonbanks to demonstrate third-party risk management (TPRM) compliance using out-of-the-box functionality designed specifically for the CFPB.

2020 Shared Assessments Third Party Risk Management Toolkit

Managing Third-Party Relationships Under the CFPB

The Consumer Financial Protection Bureau (CFPB) lays out its expectations for how supervised banks and nonbanks should manage third-party relationships and third-party risk (i.e. service provider risk) in order to ensure compliance with federal consumer financial law to avoid consumer harm.

Hold Third Parties Accountable

Under the CFPB, entering a relationship with a third party does not absolve your organization from complying with federal consumer financial statutes and regulations. To meet this requirement, OneTrust Vendorpedia offers risk assessment automation to identify if engaged third parties have adequate controls in place. With Vendorpedia, your organization can centralize all third parties in a central register to analyze risks and implement mitigation measures.

Limit Third-Party Risks to Consumers

Steps for CFPB compliance include conducting due diligence; reviewing policies, internal controls, and training measures; defining contractual expectations; implementing internal controls and ongoing monitoring to verify compliance; and addressing any problems that may arise. OneTrust Vendorpedia enables automation throughout the third-party risk management lifecycle, operationalizing these steps to meet the CFPB’s expectations.

Maintain Records of Third-Party Risk Compliance

Legal responsibility under the CFPB can fall on the shoulders of the supervised bank or nonbank, unless proper actions are taken and documented. With OneTrust Vendorpedia, your organization can automate key recordkeeping requirements in a single platform, making it simple to generate reports and maintain a detailed audit trail.

Become CFPB-Ready with Third-Party Risk Reporting

The CFPB’s supervisory authority gives it the right to examine and obtain reports on third-party risk compliance from supervised banks and nonbanks. Producing these reports is time-consuming and often a challenge, as information is spread throughout different tools and business units. With OneTrust Vendorpedia, your organization can leverage templated reports to respond to the CFPB’s inquiries in a timely manner.

Is your organization subject to the CFPB's oversight?

OneTrust finance and banking customers around the world use the Vendorpedia platform
to overcome these types of challenges. Interested in seeing how we help?

Request Demo

Managing Third-Party Risk to Meet
CFPB Guidance with OneTrust Vendorpedia

Due Diligence

Automate third-party risk assessments or use the Vendorpedia Global Risk Exchange to identify controls or the lack thereof

Contract Management

Track and report on key contractual terms to hold third parties accountable to their compliance-related responsibilities

Monitoring & Mitigation

Conduct risk mitigation and track progress while monitoring third-party risk with the Global Risk Exchange