VENDOR VETTING SOLUTIONS
The TILA-RESPA Integrated Disclosure rule (TRID) highlights two requirements and their interdependence. Firstly, the Consumer Financial Protection Bureau (CFPB) indicated that the lender is ultimately responsible for the service provider and must manage the service provider and ensure accreditation to ensure no harm to the borrower. Secondly, the CFPB indicates the lender must provide a list of available settlement service providers based on loan type.
The CFPB continues to reinforce the Regulation Z, 12 CFR 1026.36(f) requirements to ensure that the loan officer, appraiser, and other third-party service provider are accredited and managed to ensure no harm to the borrower. The CFPB bulletin also states that the lender is liable for any harm caused to the borrower by the third parties.
TRID also reinforces the creditor’s requirement to provide the consumer with a written list of available settlement service provider within three business days after receipt of the consumer’s application.
The requirement to provide the borrower with a list focuses attention on the need for action by the lender on ensuring accreditation of those the lender provides in the list. How can the lender provide the list if they don’t first create a policy and procedure and implement the procedures to conduct their due diligence and ongoing monitoring of the third-party service providers.
CFPB Documents State:
The CFPB expects supervised banks and non-banks to have an effective process for managing the risks of service provider relationships.
To limit the potential for statutory or regulatory violations and related consumer harm, supervised banks and non-banks should take steps to ensure that their business arrangements with service providers do not present unwarranted risks to consumers. These steps would include, but are not limited to:
- Conducting thorough due diligence to verify that the service provider understands, and is capable of complying with federal consumer financial law
- Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities
- Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices
- Establishing internal controls and on-going monitoring to determine whether the service provider is complying with federal consumer financial law
- Taking prompt action to fully address any problems identified through the monitoring process, including terminating the relationship where appropriate
TYPICAL LENDER VETTING PROGRAM
|Typical due diligence & monitoring components||BDV||Lender||Vendor|
|Define Policy and Requirement|
|Risk Assessment (NPPI and Loan Influence)||√|
|Contractual and Insurance Requirements||√|
|Develop Written Policies and Procedures||√|
|Vendor Screening and Verifications|
|Company, Owner, and Agent Review||√|
|Licenses and Regulatory Sanction History||√|
|Criminal and civil court check||√|
|Review and Rate||√|
|Corporate History, Qualifications, and References||Archive vendor documents and set status||√|
|Prior Audit Results / SAE 16||Archive vendor documents and set status||√|
|SIG, Security, Training, and Operating Policies||Archive vendor documents and set status||√|
|Financials and Insurance Coverage||Archive vendor documents and set status||√|
|Review and Rate||√|
|Licenses, Sanctions, and New Court Records||New record alert|
|Submit Updated Corp. Documents and Audit Results||Refresh reminders||√||√|
|Review and Rate||√|
|New Vendor Setup||√||√|
|Vendor Document Archive and Index||√|
|Lender Staff Training||√|
|Risk Mitigation and Compliance Integrity|
|Loan Level Service Provider Status Confirmation||√||√|
|Service Provider Issue Tracking and Status Change||Update status||√|