Vendor Risk Management Thought Leadership Discussion with Consumer Financial Attorney

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best practices, trends and more, I had the opportunity to speak with Amy Hanna Keeney of Adams and Reese LLP.

Amy is a regulatory and litigation attorney. She has practiced in the consumer financial space for most of her career. Amy handles litigation for and counsels banks and financial services companies in the consumer financial space and, recently, in light of the increased regulatory scrutiny surrounding consumer data collection, she became a certified information privacy professional (CIPP/US). Interestingly, she graduated from law school about a month before Dodd-Frank was signed into law, so she’s been watching the CFPB since its inception. 

Amy Hanna Keeney Interview Highlights

During our time, we covered: 

• The CFPB
  • Progress and activities
  • Regulatory guidance
  • Hot topics
• The future of UDAAP enforcement actions
  
  

The Consumer Financial Protection Bureau (CFPB) – This Year’s Progress

Amy shed some light on where she thinks the CFPB is headed in upcoming months. In her opinion, the CFPB will always have a presence in the industry and is a long way from being dismantled. She shares that she often receives questions like this from her clients, asking if they no longer need to worry about the agency, but the answer is no. Consumer protections in third party risk management are a priority and will continue to be.

CFPB Hot Topics 

With the appointment of Acting Director Mick Mulvaney and changes such as the name of the agency from CFPB to the BCFP (Bureau of Consumer Financial Protection), the CFPB has certainly been a large topic of discussion in the news. Amy feels the following will be upcoming CFPB hot topics to be aware of:

1. Plan on fintech companies being a focus for the CFPB.
2. Consumer data privacy will continue to be a target, especially with GDPR going into effect this past May. Remember, GDPR is not just an EU regulation. If you're a US company, handling European data in any way, then you need to think about it.
3. More developments to the Fair Credit Reporting Act and ensuring an organization’s policy is in compliance with FRCA.

UDAAP Enforcement Actions

Amy is really one of the industry experts on UDAAP. UDAAP, an acronym for unfair, deceptive or abusive acts or practices, is a regulatory hot topic lately. Given her expertise, I wanted to get her perspective on UDAAP based enforcement actions in the new era.

Amy predicts fewer unfair, deceptive and abusive based enforcements on the horizon; however, she foresees fraudulent activity being a huge focus for industry regulators. With this, like with the undefined definitions of unfair, deceptive and abusive, organizations may find it challenging to know exactly what will be constituted as blatant fraud. Due to the lack of clarity, you never absolutely know what a regulator will or will not consider as fraudulent activity.

In Summary

The best way to understand CFPB and UDAAP requirements and expectations is to look to enforcement actions at organizations similar to yours. These can be used as a guide, giving your organization more insight as to how to best implement the practices in your third party risk management program.

We can teach you how - download our infographic to learn strategically how to use enforcement actions to your advantage.