Aravo Pattern - Header

Third-Party Risk Management Guidance, Regulations & Standards

In the world of third-party risk management, organizations need to navigate a complex and expanding web of guidance, standards and regulations. Here, you can explore an overview of major industry standards and regulations that can help you ensure third-party compliance and build a more resilient business.

Regulators have made clear that third parties should attest to and align to your compliance, ethics, and risk management standards and obligations. Aravo enables customers to easily capture, update, manage and retain third party attestations and certifications with these regulations and other ethics and compliance standards. 

Financial Services

 The Consumer Financial Protection Bureau (CFPB), USA

CFPB Bulletin 2016-02

The Bulletin emphasizes that the Consumer Financial Protection Bureau (CFPB) expects supervised banks and nonbanks to manage their relationships with service providers in a way that ensures compliance with Federal consumer financial law.

“The mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with Federal consumer financial law to avoid consumer harm. A service provider that is unfamiliar with the legal requirements applicable to the products or services being offered, or that does not make efforts to implement those requirements carefully and effectively, or that exhibits weak internal controls, can harm consumers and create potential liabilities for both the service provider and the entity with which it has a business relationship. Depending on the circumstances, legal responsibility may lie with the supervised bank or nonbank as well as with the supervised service provider.” (Page 2)

CFPB Bulletin 2017-01

The bulletin provides guidance to covered persons and service providers about the potential for violations of sections 1031 and 1036 of the Dodd-Frank Wall Street Reform and Consumer Protection Act’s prohibition on engaging in unfair, deceptive, or abusive acts or practices (UDAAPs) when assessing phone pay fees.

“Lack of employee monitoring or service provider oversight may lead to misrepresentations or failure to disclose available options and fees. A number of entities have policies and procedures in place requiring phone representatives to disclose all available phone pay options and fees to consumers, including requiring the use of detailed phone scripts. But deviations from call scripts may potentially cause phone representatives to misrepresent the available phone payment options and fees resulting in a consumer being charged a higher fee than otherwise would have been applicable. Entities can reduce the risk of misrepresentations through adequate monitoring.”

The Consumer Financial Protection Bureau (CFPB) issued a bulletin outlining its expectations for supervised banks and nonbanks to ensure compliance with federal consumer financial law and protect the interests of consumers.

“The CFPB recognizes that the use of service providers is often an appropriate business decision for supervised banks and nonbanks. Supervised banks and nonbanks may outsource certain functions to service providers due to resource constraints, use service providers to develop and market additional products or services, or rely on expertise from service providers that would not otherwise be available without significant investment.”

The information contained on this page is for reference and informational purposes only.  As such, Aravo expressly disclaims any and all legal and professional liability associated with the content and any suggestions and/or recommendations provided therewith.

Our Expertise
Who We Help

Learn More About Our Partners

Interested in partnering with Aravo?