United States

Utilizing the compliance management system framework for vendor management


Download white paper

The regulatory atmosphere is evolving for the financial industry, as the Consumer Financial Protection Bureau (CFPB) has assumed more responsibility for oversight and established more expansive guidelines. Federal regulators are increasing their focus on compliance management systems (CMS) and vendor management oversight. All regulated financial service entities must be aware of their regulatory compliance responsibilities to protect customers and avoid significant penalties.

Many organizations have additional compliance demands and are subject to reviews that previously did not fall under the CFPB umbrella. Now the focus has expanded to smaller organizations, and nonbank specialty finance companies are now under the supervision of the CFPB. 

The CFPB's intent is to protect consumers, but the regulatory components may be unclear to those who need to comply. By implementing an effective CMS and expanding its usage to vendors, information and communication can help large and small organizations stay in compliance and thereby protect themselves and customers.

Vendor management is a significant element of an effective CMS, and oversight of this function is critical to receive an adequate rating during a compliance examination. However, not every organization has the same risks, and it is important to document vendors and how many customers each touches to prioritize risks. The CFPB expects a framework to be in place that is appropriate for the size of the organization to identify potential third-party risks.

A CMS with effective vendor management controls includes several key elements, including:

  • Board and senior management oversight
  • Compliance program structure
  • Consumer complaint response
  • Compliance audits

A strong vendor risk management framework is important from a regulatory standpoint, but it is also critical from a business and reputational perspective. Financial penalties for noncompliance with CFPB guidelines can reach tens of millions of dollars, but the reputational damage can have a more lasting effect.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




ERP implementation risks and their impact on your organization

  • March 29, 2017


2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017


AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016


PCI DSS 3.2—What’s next?

  • December 08, 2016