Vendor complaints – A Cause for enforcement actions

Vendor complaints – A Cause for enforcement actions

By Branan Cooper, Chief Risk Officer,Venminder

Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

As the Chief Risk Officer at Venminder, a provider of third party risk solutionsto help institutions manage risk, I like to tell people that I am well-positioned to help thousands of companies at a time with best practices in third party risk management, rather than just one at a time. I spent 28 years in banking at three very unique institutions and have represented banking management in audits with all of the major regulators. My current professional focus is on operational and regulatory processes and controls while leading Venminder’s delivery team as the third party risk management subject matter expert in residence.

What, for you, are the benefits of attending a conference like the 4th Annual Vendor & Third Party Risk USA and what can attendees expect to learn from your session?

Conferences are always a wonderful way to share best practices, discuss common challenges and keep close tabs on emerging trends in third party risk management. It’s also great to have the opportunity to meet a wide array of risk and compliance professionals. I particularly enjoy those conferences in which discussion is encouraged, for an open exchange of ideas and challenges. Attendees can expect to learn what you need to know about vendor complaints, setting performance and management expectations, what to watch for with the vendor, improving vendor performance and examples of enforcement actions.

Based on your experience, what are a few best practices to implement at an institution to assist with vendor complaint management?

I believe it all starts with a solid set of expectations. The expectations could be things like checking the company’s established track record of complaints through online sources (e.g., CFPB Complaint Database or Better Business Bureau), setting firm contractual guidance on how complaints are to be handled or requiring even that they report all complaints and a full root cause analysis to you to handle. A customer who feels aggrieved should always be addressed and made to feel that their concerns are valid and will be resolved, if at all reasonably possible.

If an institution receives many vendor complaints, or poorly manages complaints, what types of risk could they be exposed to?

Reputation risk, and even compliance risk, can result and perhaps rise to the level of an enforcement action or other regulatory harm to the institution. These risks can impact customers and shareholders and may cause them to lose confidence in the management team.

What are some vendor complaint red flags to watch for?

If a vendor changes its pattern of behavior, it must be addressed. Common red flags we often see are changes in financial performance, loss of key management team members, lack of responsiveness, even on routine issues, failure to follow up on standard reporting, failing to address concerns raised by your institution and many others.

Do you have any suggestions to proactively help avoid vendor complaints before they happen?

Enforcement actions at similar institutions are always highly informative as a lens through which to view your own institution. Look for elements in the underlying cause of the action that may remind you of practices at your institution. Taking a proactive approach is certainly warranted and, to the extent you find an area of concern, it should be addressed and well-documented. This will allow you to catch issues before they escalate or spread.

Join CeFPro and Venminder Chief Risk Officer, Branan Cooper in New York on June 4, 2019 at the 4th Annual Vendor & Risk USA.

vendor & third party risk usa series