by: Henry Meier, Associate General Counsel, Credit Union Association of New York
This is the Golden Age to be a financial services vendor. After all, I can’t predict what the Consumer Finance Protection Bureau’s final mortgage regulations will look like, but almost all credit unions will be using vendors to update their technology, disclosures and procedures to comply with them. Reasonable minds can differ as to where technology is taking banking, but your credit union will use a vendor to get you there.
This means that, regardless of your size, the single most important aspect of your compliance program should be vendor due diligence. This is not only because of NCUA guidance but because basic vendor management protocols can go a long way to ensuring that your credit union’s members and reputation are protected. Furthermore, every credit union, regardless of its assets size, can insure that its business partners reflect positively on the credit union. Here are some basic steps that all credit unions should take but don’t always get around to:
- Know who it is you are dealing with and why. This one is going to vary depending on the size of the service you are outsourcing, its cost and the extent to which it exposes the credit union to both legal and reputational risk, but research your vendor and go comparison-shopping. While NCUA got much deserved criticism for proposing regulations giving it enhanced oversight over CUSO’s, it is justifiably anxious to ensure that credit unions understand with whom they are dealing and the products they are providing. Talking to the credit union down the street may be sufficient to satisfy your due diligence when finding a cleaning service, but if you are entering into an indirect lending program this should be the beginning and not the end of your work.
- Review the contract. All contracts are not created equal and the lawyer who wrote the contract for the vendor is paid to make sure you have as few legal rights as the law will permit. Have your lawyer review the contract and negotiate changes if they are necessary. At the very least, the contract should commit the vendor to providing you with the service or product for which you are contracting. This may seem obvious, but you’d be amazed how many contracts disavow any responsibility to provide you with anything meaningful.
- The contract is the beginning not the end of the vendor relationship. Suppose you have software that helps you monitor your member accounts for suspicious activity. The software won’t do you a bit of good if you don’t have staff assigned to monitor it. Earlier this year, the Court of Appeals for the First Circuit found that a bank was liable for the unauthorized transfer of money from a business account in part because its “generic” risk mitigation strategies were not modified to reflect the unique needs of the client and staff did not review the results of computer monitoring software. Warren Buffet is notoriously reluctant to invest in technology companies because he doesn’t understand the technology. Credit unions should never invest in a new product or software package without understanding what it is they are buying.
- What does the vendor know and when did he know it? In the last few years there have been so many changes to lending requirements that I know it is difficult to keep up. But make sure that your vendor actually has software that is flexible enough to change with the regulations. For instance, there is a very good possibility that the calculation of mortgage interest rates will be changing dramatically. Does your vendor know that these proposals are out there? Can your software package be modified to reflect these changes? And how can you be sure? Remember your vendor is not your compliance officer and explaining to an examiner that “the vendor made me do it” is not going to be a particularly good argument or assuage the anger of a member who feels he has been ripped off.
In this low interest rate environment third-party relationships can help credit unions quickly and cost-effectively offer their members new products and services as well as make your staff more efficient. But a mismanaged vendor due diligence program is tantamount to giving a teenager the keys to the car and then going away for the weekend. Chances are everything will be fine, but if it’s not, cleaning up the mess is going to leave you with some bad memories about your weekend getaway.
Henry Meier, Associate General Counsel, Credit Union Association of New York
As associate general counsel for the Credit Union Association of New York, Henry is actively involved in all legislative, regulatory and legal issues impacting New York credit unions. Whether he’s joining in the Association’s advocacy efforts, lending his legal expertise to the Association and its affiliate companies or arguing before the New York State Appellate Division, his voice is unique and influential. Before joining the Association in 2006, Henry served as a counsel to the New York State Assembly Republican Conference for seven years. Henry is a graduate of American University in Washington, D.C., and Hofstra University’s School of Law in New York. New York’s State of Mind Blog www.cuany.org