Regulatory and Industry Requirements

Recent federal regulations have challenged lenders and risk managers. Secure Insight assists these organizations in meeting the following federal regulatory requirements:


The OCC expects national banks to "properly oversee and manage third-party relationships...including a risk assessment...due diligence...written contracts...and ongoing oversight of third party activities."  OCC-2001-47, November 2001.


Fannie Mae’s guidelines to banks on “Preventing, Detecting & Reporting Mortgage Fraud,” states in part that mortgage lenders must “know [their] business partners...and consider using outside sources to…selectively choose closing attorneys and settlement agents…”   Fannie Mae Customer Education Group, Report of December 2005.


NCUA acknowledges that third-party relationships are essential but “… inadequately managed and controlled third-party relationships can result in unanticipated costs, legal disputes, and financial loss…” The agency does not  want to “stifle the innovative use of third-party relationships to meet member needs and strategic objectives,” but wants to reemphasize that credit unions “clearly understand risks they are undertaking and balance and control those risks…” NCUA Guidance Letter 07-CU-13, December 2007.


The CFPB issued a Bulletin in April 2012 in which it stated that lenders are expected to adopt written, comprehensive risk management policies for third party service providers, including closing agents, to protect consumers from harm for violations of federal financial laws, which include laws prohibiting mortgage fraud. Failure to comply may result in a lender being held jointly and severally liable with a third party for harm. See this link to Bulletin 2012-3:

Consumer Finance Protection Bureau Bulletin

 CFPB Investigatory Powers in Violations of Federal Consumer Financial Laws

In June 2012, the CFPB adopted three final rules that deal with its procedures and practices related to enforcing federal consumer financial law. The three final rules deal with the agency’s investigative and adjudicative processes and its interactions with state law enforcement authorities. One of these final rules describes the CFPB’s procedures for investigating whether persons have engaged in conduct that violates federal consumer financial law. This rule sets forth the CFPB’s authority to conduct investigations, including the procedures for issuing civil investigative demands. It also describes the rights of persons from whom the CFPB seeks to compel information in investigations. Because third party service providers, such as closing professionals interact with consumers at the closing table, their actions and omissions can rise to the level of fraud and misrepresentation, thereby violating federal (and state) consumer protection statutes, particularly because these agents have special fiduciary and agent relationships with consumers. The CFPB is reserving the right to investigate all persons associated with an incident involving a claim of consumer harm, and, as noted in their April Bulletin, lenders cannot simply rely on the fact that closing professionals are unsupervised by them, they must take steps to evaluate risk and monitor risk to protect consumers or risk being held jointly and severally liable in the event of an incident.


In the FDIC regulatory compliance manual, the agency details the procedural requirements regarding third party risk. The board of directors and senior management of an insured depository institution are ultimately responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution. The full text can be found at the following link:

     FDIC Compliance Manual VII-5.1