United States

Using the compliance management system framework for vendor management


Download white paper

The regulatory atmosphere is evolving for the financial industry, as the Consumer Financial Protection Bureau (CFPB) has assumed more responsibility for oversight and established more expansive guidelines. Federal regulators are increasing their focus on compliance management systems (CMS) and vendor management oversight. All regulated financial service entities must be aware of their regulatory compliance responsibilities to protect customers and avoid significant penalties.

Many organizations have additional compliance demands and are subject to reviews that previously did not fall under the CFPB umbrella. Now the focus has expanded to smaller organizations, and nonbank specialty finance companies are now under the supervision of the CFPB. 

The CFPB's intent is to protect consumers, but the regulatory components may be unclear to those who need to comply. By implementing an effective CMS and expanding its usage to vendors, information and communication can help large and small organizations stay in compliance and thereby protect themselves and customers.

Vendor management is a significant element of an effective CMS, and oversight of this function is critical to receive an adequate rating during a compliance examination. However, not every organization has the same risks, and it is important to document vendors and how many customers each touches to prioritize risks. The CFPB expects a framework to be in place that is appropriate for the size of the organization to identify potential third-party risks.

A CMS with effective vendor management controls includes several key elements, including:

  • Board and senior management oversight
  • Compliance program structure
  • Consumer complaint response
  • Compliance audits

A strong vendor risk management framework is important from a regulatory standpoint, but it is also critical from a business and reputational perspective. Financial penalties for noncompliance with CFPB guidelines can reach tens of millions of dollars, but the reputational damage can have a more lasting effect.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018


Cybersecurity risks for employee benefit plans

  • January 11, 2018


Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017


Cybersecurity best practices and considerations for the public sector

  • October 26, 2017


Learn the real cost of a data breach

  • October 17, 2017