New Rules of Consumer Protection: Six Steps for Banks to Manage Third-Party Compliance Risk and Avoid the Fate of Capital One

By Sarkar, Richik | Risk Management, March 2013 | Go to article overview
Save to active project

New Rules of Consumer Protection: Six Steps for Banks to Manage Third-Party Compliance Risk and Avoid the Fate of Capital One

Sarkar, Richik, Risk Management


For more than a decade, regulators have been reminding banks of their responsibility to ensure that third-party service providers comply with federal laws. Last July, that message got louder when the Consumer Financial Protection Bureau (CFPB) announced the results of its first public enforcement action: a consent order under which Capital One agreed to refund at least $140 million to two million customers and pay $25 million to the agency's Civil Penalty Fund.

According to the bureau, Capital One violated the Dodd-Frank Act by failing to implement a compliance program effective enough to prevent its third-party call centers from engaging in deceptive practices. But even before Capital One, regulatory agencies were announcing that they would begin to enforce federal consumer financial law to the fullest extent of their authority.

One reason for this has been a general increase in the world's focus on consumer protection since the mortgage crisis, but it is also a response by regulators who have watched an industry outsource more of its core operations. In the past, banks and other financial services firms relied on outside companies mainly for peripheral services like printing, record storage and transaction processing. But in recent years, cost advantages have driven them to delegate other important functions. Many companies now depend on third parties to prepare mandatory disclosures, conduct compliance reviews and sell products to consumers.

Moreover, financial services firms now routinely contract outside companies to market new services that these institutions did not develop internally, such as investment and insurance options. More than ever, third parties are performing more-regulated functions, and firms must be cognizant of the compliance risks involved. And there are a lot of them.

Every segment of the financial sector is subject to the oversight of myriad regulatory authorities. Some are public agencies, and others are private organizations, such as the Financial Industry Regulatory Authority and the national securities exchanges. Dodd-Frank created the newest of these regulatory bodies, the CFPB, and charged the agency with enforcing the whole of federal consumer financial law, deriving from no fewer than 19 different legislative acts.

To nobody's surprise, this has led to confusion. So in an effort to minimize inconsistency, the CFPB entered into memoranda of understanding with other governmental entities, including the Federal Trade Commission and the Department of Justice, to coordinate their enforcement efforts.

Fortunately for financial-sector companies, a number of governmental entities, including the FDIC, the Federal Reserve Bank of New York and the CFPB, have offered guidance that should help banks maintain oversight of their third-party service providers. These recommendations generally propose a four-phase process involving due diligence, policy examination, contract review and control creation.

As part of the Capital One consent order, the company agreed to implement a compliance plan within these guidelines, but financial services organizations need not wait for a CFPB enforcement action. In addition to considering the consent order and referring to the bureau's "Supervision and Examination Manual," organizations can create a process to monitor this risk by following these six steps.

1. Develop an Understanding of Federal Consumer Financial Law

Without a thorough knowledge of the laws and regulations that apply to the work that third parties perform, banks and other financial services firms cannot hope to control their third-party compliance risk. The breadth of federal consumer financial law can be overwhelming, but, given the CFPB's mandate and its enforcement priorities, financial services organizations should certainly understand the operation of key statutory provisions.

The key areas to examine are Dodd-Frank's Section 1031 (which prohibits unfair, deceptive or abusive practices in connection with consumer transactions for financial products and services), and Section 5 of the Federal Trade Commission Act (which prohibits unfair and deceptive practices more generally).

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

New Rules of Consumer Protection: Six Steps for Banks to Manage Third-Party Compliance Risk and Avoid the Fate of Capital One


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?