Even though a topic may not fall under TCA’s typical umbrella of compliance, we often have broader compliance discussions with our clients that we feel are important to share for informational purposes; this is one of those instances.
We were told by a banker that an examiner had cited a deficiency in the institution’s vendor relationship management program. The examiner recommended that the institution incorporate third-party relationships in the monitoring scope or audit reviews to help identify risk of consumer harm. The specific weakness noted was that contracts with certain third-party vendors did not address the institution’s ability to access third-party consumer complaints. The examiner recommended that the Board and management strengthen oversight of existing third-party relationships by incorporating language in contractual documents providing for access to all third-party consumer complaints received by the vendor.
As part of your annual due diligence reviews of vendor agreements, it would be a good exercise to review third-party contracts to see if your institution has the right to review consumer complaints against any vendor who may be processing consumer transactions on the institution’s behalf. If this is not addressed in your contracts, adding it may be a conversation you should have with these vendors.
We are sharing this to alert you to this regulatory violation when evaluating your vendor management program. TCA will continue to pass along information that we feel may be helpful to our clients in managing broader areas of compliance risks.
If you need assistance with any aspect of your compliance program, please contact TCA at [email protected] or (800) 934-7347. TCA is A Better Way to manage your compliance risk.