FNI Inc. president David Bafumo noticed the vendor management portion of the latest consent order from the Consumer Financial Protection Bureau closely tracks and elaborates on the bureau’s original service provider guidance bulletin.

Bafumo explained his reasoning in light of the June 19 consent order in which the CFPB demanded that GE Capital Retail Bank, now known as Synchrony Bank, to provide an estimated $225 million in relief to consumers harmed by illegal and discriminatory credit card practices. GE Capital must refund $56 million to approximately 638,000 consumers who were subjected to deceptive marketing practices.

The CFPB said in the order that any add-on compliance plan shall also include the development or revision of a written vendor management policy. The bureau spelled out several minimum requirements in that vendor management policy.

First, bureau officials want an analysis to be conducted by the bank, prior to the bank entering into a contract with any service provider, of the ability of the service provider to perform in compliance with all applicable federal consumer financial laws and the bank’s policies and procedures

Next, for new and renewed contracts, the CFPB said the written contract between the bank and the service provider must set forth the responsibilities of each party, especially these elements:

—The service provider’s specific performance responsibilities and duty to maintain adequate internal controls over the marketing, sales, delivery, servicing, and fulfillment of services for the add-on Products

—The service provider’s responsibilities and duty to provide adequate training on applicable federal consumer financial law and the Bank's policies and procedures to all service provider employees or agents engaged in the marketing, sales, delivery, servicing, and fulfillment of services for the add-on product

—Granting the bank the authority to conduct periodic onsite reviews of the service provider’s controls, performance, and information systems as they relate to the marketing, sales, delivery, servicing, and fulfillment of services for the add-on product

—The bank's right to terminate the contract if the service provider materially fails to comply with the terms specified in the contract

Furthermore, regulators are looking for periodic onsite review by the bank of the service provider’s controls, performance, and information systems.

After reviewing that segment of the consent order, Bafumo said, “Another reminder that financial institutions must conduct due diligence and document it in the selection of a product provider — plus enhanced details on what financial institution clients should insist is included in their product producer agreements

“This order’s multiple references to ‘on-site review’ of service providers suggests that minimum due diligence efforts must include an onsite investigation by someone who knows what to look for,” he continued.

Bafumo closed his analysis by drilling down further on how the decrees can be applied to auto finance products.

“These terms make clear the client's responsibility for making sure product providers’ agents or employees that interact with customers or dealer partners are properly trained in applicable consumer financial law and client policies and procedures,” he said.

“In addition, this order’s language makes it plain that responsibility is not limited to the service provider’s compliance ability and efforts but also ‘fulfillment of services’ for the product itself,” Bafumo went on to say.

“For auto finance products, that means financial institutions need a complete understanding of the administrative policies and operational ability of their service contract, GAP and financial protection product partners and processes in place to monitor performance,” he added.

Editor’s Note: This report is the second in a series of analysis from FNI focused on the latest consent order from the CFPB. The first installment can be found here.