In an issue of its Supervisory Highlights publication, which was also released recently, the CFPB said:
Some entities may have interpreted the bureau’s 2012 bulletin to mean they had to use the same due diligence requirements for all service providers no matter the risk for consumer harm. As a result, some small service providers have reported that entities have imposed the same due diligence requirements on them as for the largest service providers.
Instead, the new guidance indicates that the CFPB,
expects that the depth and formality of the entity’s risk management program for service providers may vary depending upon the service being performed – its size, scope, complexity, importance and potential for consumer harm – and the performance of the service provider in carrying out its activities in compliance with federal consumer financial laws and regulations.
Read the guidance.
Read Supervisory Highlights.