How to Learn From a Vendor Management Enforcement Action

Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They serve as a record of things that can go wrong. Yet, at the same time, there is much to be learned from an enforcement action.

As an institution, your bank or credit union certainly doesn't want to be the subject of an enforcement action. However, as you’re reading the news and learn of an enforcement action, it can be a moment to reflect and learn. Bad news can be good advice.

Don't Be the Next Victim – Do These Things

As you prepare for exams and, really, as you go about your day to day work, you're also preventing yourself from being the next institution to receive an enforcement action. To help in this mission, do the following things.

1. Evaluate your practices. It’s a good opportunity to stop and read carefully. Use an enforcement action as an opportunity to evaluate your own institution’s actions and practices and look through the lens of the regulator to see if any activities are present in your own institution that may give you concern or things that can be tightened up.
   
   
2. Read the specifics of the decision. Read items that led to the decision, you may find things you need to adjust in your own program, perhaps even in the lines of business. Certain items, like UDAAP (Unfair, Deceptive, Abusive Acts or Practices), may be linked closely to a failure of an institution to properly oversee its third party activities.
   
   
3. Look at the names in the news. Are there familiar names or products in the unfortunate news? Do you do business with them? If so, this is a great time to call together your risk management teams and look for ways of proactively addressing it before the spotlight is on your institution.
   
   
4. Involve your teams. Involve your compliance officer, your legal counsel, your audit function and your senior risk managers for an informed and engaged review of the action. And, use the opportunity to help head off a problem before it occurs.
   
   

Tool to Use to Help You Keep Watch

For a list of many of the more recent enforcement actions, visit Payment Law Advisor and look at their UDAAP tracker in particular. It’s a really useful tool sorted by regulator and includes links to the actual enforcement action itself. I also like Law360.

Other than that, the regulators all publish the enforcement actions on their websites, tally and recap them in monthly news bulletins. An example headline is, "OCC Makes Public January Enforcement Actions." You'll find a helpful link to the overall tracking of the various actions, as well as a description of the pertinent facts. In addition, make sure you are subscribed to industry alerts and publications/associations newsletters.

Good luck!

And to learn more about how other financial institutions are handling vendor management, download our State of Vendor Management 2017 whitepaper.