When it Comes to Vendor Management, You Are Your Brother’s Keeper

December 8, 2020 at 9:24 am Leave a comment

The people who read this blog are a pretty sophisticated group when it comes to risk management. So why is yours truly spending time on a topic as basic as vendor management? Because two recent regulatory enforcement actions underscore the risk that as banking services become more sophisticated, and those institutions both big and small become more dependent on vendor services, it is incumbent on all of you risk-mitigation folks out there to make sure that what is being committed on paper is executed in reality. 

Exhibit A comes courtesy of Morgan Stanley. The banking behemoth was doing some house cleaning a few years ago and decided to close down some of the data-processing centers it used to facilitate its wealth management business. It hired a third-party vendor to get rid of the data, and given its size and sophistication, I’m going to assume that it had properly drafted contracts and engaged a vendor only after appropriate due diligence. Nevertheless, it now finds itself paying a $60 million fine with a lawsuit alleging that it was negligent in protecting the data maintained on its databases. According to the OCC, its oversight reflected in part a failure to properly assess the risks posed by the vendor project.

Then there’s this announcement that the CFPB and Attorneys General from across the nation had settled a legal action brought against Mr. Cooper, formerly known as Nationstar, for continuing to go forward with foreclosures even as they engaged in loan modifications with some of these consumers. Again, this is a sophisticated company with the resources to avoid such basic mistakes. It appears, however, that there was a disconnect between the arm of the company that onboarded mortgages for servicing and the part of the company responsible for loss mitigation efforts. They too now undoubtedly face a lawsuit or two, increased regulatory scrutiny, and the reputational risks that come with making these kinds of mistakes. Here’s the punchline: if you are reading this blog, secure in the knowledge that your credit union is not vulnerable to these mistakes – my question is why? For your big, most important vendor relationships, and your most important internal operations, how often does your credit union actually double-check its work? 

On that note, Anonymous Chameleon – the name given to me by my google doc link this morning – signs off and wishes everyone a pleasant day.

Entry filed under: Legal Watch, Regulatory. Tags: , , , , .

Washington’s Decisions Have Direct Impact on New York State Can You Mandate That Your Employees Get the Vaccine?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 756 other followers


%d bloggers like this: