Vendor management isn't something that you want to trust to just anyone. After all, your vendors are the lifeblood of your business, and without them everything becomes just a little bit more difficult. But if you want to provide the best service to your customers, you need vendors that are reliable partners. Furthermore, according to financial regulations, you'll have to put policies in place that shows that you and your vendors are being responsible with the information that customers share with you.
Whether you lend primarily online or you're a brick-and-mortar business that wants to ditch the spreadsheets once and for all -- or even if you're a hybrid business that lends online and in person -- vendor management software for payday lenders can help you ensure that your vendors are doing right by you. That's important because of regulations that stipulate that banks and non-bank members must establish a vendor screening process on behalf of their customers.
The Consumer Financial Protection Bureau April 2012 Bulletin
In April of 2012, the Consumer Financial Protection Bureau (CFPB) released a bulletin that required financial institutions to establish a vendor management policy, including guidelines and procedures that are designed to minimize the risk to customers when their information is shared with vendors. Essentially, any unfair, deceptive or abusive acts on behalf of your vendors can put you in hot water, and you may be held accountable for the actions or negligence of your vendors even if you had no role.
In order to avoid any problems, you must have a strategic vendor management framework in place, which stipulates how you validate the vendors that you work with, and that within good reason you won't work with vendors that present a risk to your consumers.
Additionally, the CFPB states that financial institutions must take proper steps to ensure the integrity of their vendor relationships, including verifying that the service provider is capable and able to follow the law. Lenders also must review the service provider's policies and procedures to ensure that the appropriate training and oversight exist. The contract should clearly define compliance and the consequences for any violation, as well as establishing internal controls and monitoring to determine whether a vendor is following the law, as well as what action to take if anything improper is discovered.
How To Meet Your Vendor Management Needs
While it's tempting to take every vendor at their word, it's important to have proper vendor management guidelines in place before bringing on a new vendor or continuing to work with an existing vendor. Ideally, your vendor management software platform will account for industry regulations and other needs so that you can focus on running your business, but it is possible to have a vendor management policy that you create manually.
First up, your vendor management program for a payday lending business should be clear and concise. Instead of trying to use flowery language, keep things simple so that anyone who reads it can understand. Generally, less is more. If the CFPB audits your business, you'll need to show that you're abiding by your vendor management policy, so don't create a policy that you're not actually able to follow.
Once a policy is in place, you'll also need clear guidelines as to how you're following your policy, in addition to who is responsible for signing off and what the proper channels are within your organization. There's a proper lifecycle to each audit, and having a bunch of vendors stuck in the draft stage or somewhere else in your audit process is not a great way to run your vendor management policy.
Vendor Management Best Practices
The good news is that you can outsource your vendor risk management just like you can outsource your other services. We know the last thing you want to think about on a daily basis is whether your vendors are in compliance, and vendor management software can help. But you'll have to do something, because not knowing the rules is not an excuse when it comes to the CFPB.
That said, don't just go through the motions and audit your vendors only when you have some free time. A lot can happen even before you onboard your first vendor, and your vendor at any point can declare bankruptcy, get bought or sold or be a party to some kind of legal dispute or another serious issue. If that happens in February and your review isn't until next January, you could be in for quite the surprise next year.
Ideally, vetting your vendors begins before a contract is even signed. But after a contract is signed, vendor management for payday lenders doesn't stop. You'll need ongoing monitoring either as part of some kind of manual program or on behalf of your vendor management software. After the initial review, you can safely transition to a periodic audit, but you'll also need to have your ear to the ground to ensure that nothing happens with one of your important vendors throughout the year.
Instead of yearly reviews, consider bi-annually or monthly check-ups that will help keep the vendor in compliance. If performance is dipping or they're not meeting your requirements, escalate. Sure, it might be annoying to bring in senior management and have to potentially look for a new vendor, but that's better than getting a call from the CFPB and going through a rigorous audit of your own.
If your vendors have been in this space for any time at all, they'll already be used to oversight and review, and you and your vendors should also be looking to the CFPB for any changes to the regulations that govern payday lenders. Overall, any sort of serious issue with one of your vendors will likely be one in a long string of red flags, and your vendor management policy can help you get in front of a potential compliance issue long before it becomes a problem for your lending business.
Non-Bank Lenders Must Vet Their Vendors
On December 15, 2020, a Federal Trade Commission (FTC) settlement illustrated how businesses can run afoul of necessary compliance issues if a data breach should occur. It also underscores what happens to financial institutions that don't follow the law, and why a comprehensive information security program is needed for anyone that deals with financial information.
In the complaint, the FTC alleged that Ascension Data & Analytics, LLC violated the Standards for Safeguarding Customer Information Rule under Title I of the Gramm-Leach-Bliley Act because they failed to ensure that their vendors had secured the customer information of mortgage holders. But this could have happened to any check-cashing business, mortgage companies and brokers, payday lenders, nonbank lenders, personal property and real estate appraisers, and debt collectors as they are all considered financial institutions by the FTC.
Information Security Programs Required by the Safeguards Rule
According to the Safeguards Rule, financial institutions are responsible for protecting the confidentiality, security and integrity of customer information through the establishment and maintenance of a comprehensive information security program. That means vendor management for payday lenders is the responsibility of each lending business, even if a vendor is unaware. In fact, it's required by contract.
What the FTC found with Ascension is that contracts with their vendors did not include safeguards with regard to customer information, nor did Ascension make their vendors aware of laws such as the Safeguards Rule that require it. That lead to an Ascension vendor conducting optical character recognition on sensitive mortgage documents and leaving personal information intact and available on the internet for more than a year.
The Importance of Vendor Management for Payday Lenders
While banks and other financial institutions may be aware of the sensitive information that they collect from customers in the normal flow of business, that responsibility doesn't just stop at the work being done internally. All third-party vendors that also deal with sensitive information must have proper policies in place to prevent that information from being misplaced or shared with anyone else, and the contract between you and each vendor must state as such.
Generally, you'll have to institute ongoing risk management with each vendor, including specific vendor management guidelines and oversight, as well as the protocol that's followed if an issue is discovered.
The Benefits of Vendor Management Software
Here in 2021, it's not good enough to manage your vendors with a combination of spreadsheets, email and shared folders and drives. It may be cheaper in a strict financial sense, but the lost productivity could cost you thousands that you could use to pay for vendor management software and then some.
Not only does comprehensive vendor management for payday lenders help pay for the management software itself, but it'll also make your vendor management process more accurate and efficient, which can help reduce your risk and the stress of having to stay on top of it all.
But that's much better than a manual process that will leave you with files strewn about and outdated documentation wherever you turn. You might have one common spreadsheet or a contract, but once that's downloaded, who knows what kind of changes were put in place and when a downloaded copy was last merged with the master version.
When it comes time to your due diligence, vendor management for payday lenders simplifies the due diligence and documentation process by holding all your important docs in one central place, always available for review or updating. Comprehensive reports can also be generated anytime there's a question or some kind of audit need, and all that can help streamline the regulatory requirements with your third-party vendors.
For more on how the Infinity Software vendor management platform helps with vendor management for payday lenders, schedule a demo today.