BLOG POST
Third-Party Risk Management and the CFPB
The Consumer Financial Protection Bureau (CFPB) “makes sure banks, lenders, and other financial companies treat you fairly.”
The Consumer Financial Protection Bureau (CFPB) lays out its expectations for how supervised banks and nonbanks should manage third-party relationships and third-party risk (i.e. service provider risk) in order to ensure compliance with federal consumer financial law to avoid consumer harm.
Under the CFPB, entering a relationship with a third party does not absolve your organization from complying with federal consumer financial statutes and regulations. To meet this requirement, OneTrust Vendorpedia offers risk assessment automation to identify if engaged third parties have adequate controls in place. With Vendorpedia, your organization can centralize all third parties in a central register to analyze risks and implement mitigation measures.
Steps for CFPB compliance include conducting due diligence; reviewing policies, internal controls, and training measures; defining contractual expectations; implementing internal controls and ongoing monitoring to verify compliance; and addressing any problems that may arise. OneTrust Vendorpedia enables automation throughout the third-party risk management lifecycle, operationalizing these steps to meet the CFPB’s expectations.
Legal responsibility under the CFPB can fall on the shoulders of the supervised bank or nonbank, unless proper actions are taken and documented. With OneTrust Vendorpedia, your organization can automate key recordkeeping requirements in a single platform, making it simple to generate reports and maintain a detailed audit trail.
The CFPB’s supervisory authority gives it the right to examine and obtain reports on third-party risk compliance from supervised banks and nonbanks. Producing these reports is time-consuming and often a challenge, as information is spread throughout different tools and business units. With OneTrust Vendorpedia, your organization can leverage templated reports to respond to the CFPB’s inquiries in a timely manner.
OneTrust finance and banking customers around the world use the Vendorpedia platform
to overcome these types of challenges. Interested in seeing how we help?
Automate third-party risk assessments or use the Vendorpedia Global Risk Exchange to identify controls or the lack thereof
Track and report on key contractual terms to hold third parties accountable to their compliance-related responsibilities
Conduct risk mitigation and track progress while monitoring third-party risk with the Global Risk Exchange