On June 6, the FDIC, FRB & OCC issued final interagency guidance intended to assist their respective supervised banking organizations in identifying and managing risks associated with third-party relationships and in complying with applicable laws and regulations. The final guidance replaces and supersedes each agency’s existing third-party guidance “and promotes consistency in the agencies’ supervisory approaches toward third-party risk management,” and incorporates changes based on comments on the proposed guidance from July 2021 (see our previous blog post on the proposed guidance here). The prior sets of guidance from each of the agencies the final guidance rescinds and replaces includes the FDIC’s FIL-44-2008, FRB’s SR Letter 13-19 and CA Letter 13-21, and OCC’s Bulletins 2013-29, 2020-10. The final guidance is effective immediately.Continue Reading FDIC, FRB & OCC Issue Final Guidance on Risk Management for Third-Party Relationships

On March 9, the FTC unanimously voted to block the proposed merger between the nation’s largest provider of home mortgage loan origination systems (LOS) and other key lender software tools, and its top competitor that offers the same services. In its complaint, the FTC alleged that one company owns the country’s dominant LOS platform, while the other company owns and operates the second-largest platform. In a press release announcing the administrative complaint, the FTC stated that the deal “would drive up costs, reduce innovation, and reduce lenders’ choices for tools necessary to generate and service mortgages.”Continue Reading FTC Seeks to Block Deal Between Top Mortgage Loan Technology Providers

On August 10, the CFPB issued an interpretive rule stating that digital marketing providers that are involved in the identification or selection of prospective customers or the selection or placement of content to affect consumer engagement including purchase or adoption behavior, are subject to the CFPB’s jurisdiction. The rule ostensibly clarifies the scope of companies that are “service providers” under the CFPA to include digital marketing providers, and thereby subjecting them to the CFPB’s authority to prohibit UDAAPs.
Continue Reading CFPB’s New Interpretive Rule Sets Sights on Digital Marketing Vendors

Recently, CFPB Director Rohit Chopra spoke at a joint meeting of the CFPB’s Community Bank Advisory Council and Credit Union Advisory Council in which he expressed concerns that core service providers that many small banks and credit unions rely on “have too much power in the system.”  Despite providing core banking functions such as deposit taking, payment facilitation, and loan origination, the Director notes that local banks and credit unions report dissatisfaction with providers in their innovation speeds, product roll-outs and third-party compatibility, and tech sophistication.
Continue Reading CFPB Director Critical of Small Bank Core Service Providers

On January 18, the CFPB filed a proposed final judgment against an Illinois-based third-party payment processor and its founder (collectively, “defendants”), which ceased operations almost three years ago, settling claims that the defendants facilitated payments for telemarketing fraudsters targeting seniors.
Continue Reading CFPB Bans Payment Processor for Engaging in Fraudulent Practices

The CFPB updated its Supervision and Examination Manual by adding a new section titled Compliance Management Review – Information Technology.  The new examination procedures are meant to assist CFPB examiners when assessing an entity’s information technology (IT) controls as part of a Compliance Management System (CMS) review.  Among other things, the new exam procedures outline the following five modules:  (i) Board and Management Oversight; (ii) Compliance Program; (iii) Service Provider Oversight; (iv) Violations of Law and Consumer Harm; and (v) Examiner Conclusions and Wrap-Up.  Each module focuses on the components of a compliance program and the IT function, including policies and procedures, training, monitoring and/or audit, and consumer complaint response.
Continue Reading CFPB Updates Supervision and Examination Manual, Adds IT Examination

On September 20, the CFPB filed a lawsuit in federal district court against a California-based software company and its owner for allegedly violating the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act of 2010 (CFPA) by providing substantial assistance or support to credit-repair businesses that use telemarketing and charge unlawful advance fees to consumers.
Continue Reading CFPB Alleges that Service Provider Helped Credit-Repair Businesses Charge Illegal Fees