The Consumer Financial Protection Bureau (CFPB) expects organizations to oversee business relationships with service providers to ensure compliance with applicable laws and regulations. But companies can’t simply check a box and generate copies of vendor or supplier certifications. Organizations must do their due diligence and implement simple controls.
FTC and CFPB Expectations
The FTC and CFPB expect the following:
- Companies must develop an effective process for managing the risks of third-party relationships.
- Consumers must not be exposed to unwarranted risks or that vendors that do not comply with applicable laws and regulations.
- Clear demonstration that unfair, deceptive, or abusive acts or practices have not occurred.
Agencies can better meet these expectations by applying the following measures:
- Confirming vendors are complying with applicable laws and regulations.
- Assessing vendor training and oversight of their employees.
- Enforcing long-term compliance through contracts.
- Ensuring timely response to risk exposures and other consumer protection issues.
To ensure your agency meets and successfully manages vendor compliance, consider the following best practices:
- Create a data flow diagram – By showing your vendors how you expect data to flow from them through to your organization, you establish a process that helps to eliminate potential problem areas.
- Provide advanced notice when conducting an audit – Audits are an ongoing part of your vendor compliance management program. Providing your vendors with an awareness that you intend to audit compliance measures enables them to secure processes – and it promotes goodwill.
- Schedule on-sight visits – One of the best ways to ensure vendor compliance is to maintain a face-to-face relationship with the organization. Solid relationships build trust.
- Ask questions and understand how everything works – You want to understand vendor processes and how they flow into your company’s methods. Learning their business model is an effective way to streamline workflow and ensure compliance.