Due Diligence and Ongoing Monitoring

This message was posted by a user wishing to remain anonymous

Good Morning,

Does anyone have a separate  Lead Generator Vendor Due Diligence checklist that you would be willing to share with me and the group.  And if you could possible share what risk rating a lead generator would normally fall under (High, Medium, Low) I have been requesting that the Lead Generator vendors provide the normal vendor management items and have been getting push back from the stakeholders.  They seem to think that I am asking for way to much, then what is really needed.  It would be nice to see what others are doing.  (list of items requesting:  Tax ID, State of incorporation, Broker/Lender License, Secretary of State check, OFAC, Conduct Check of BBB and CFPB Complaint Database, Financials, SSAE 19 SOC reports, General Liability/Cyber Insurance, Policies and Procedures) 

Any Feedback would be greatly appreciated.  

Original Message------

This message was posted by a user wishing to remain anonymous

Good Morning,

Does anyone have a separate  Lead Generator Vendor Due Diligence checklist that you would be willing to share with me and the group.  And if you could possible share what risk rating a lead generator would normally fall under (High, Medium, Low) I have been requesting that the Lead Generator vendors provide the normal vendor management items and have been getting push back from the stakeholders.  They seem to think that I am asking for way to much, then what is really needed.  It would be nice to see what others are doing.  (list of items requesting:  Tax ID, State of incorporation, Broker/Lender License, Secretary of State check, OFAC, Conduct Check of BBB and CFPB Complaint Database, Financials, SSAE 19 SOC reports, General Liability/Cyber Insurance, Policies and Procedures) 

Any Feedback would be greatly appreciated.

Thank you Barb, for your response, but what about On-line lead generators that capture the borrower's information by asking the consumer a series of questions.  (lead capture pages) the consumer completes the questions and request to be contacted the consumer provides, first and last name, address, city and state, zip code, email address and phone number.  would you perform a full diligence review on this type of lead generator? and would you require that they be properly licensed if the state required for a lead generator to be licensed in that state? 
Original Message:
Sent: 11-08-2019 03:03 PM
From: Barb Peryer
Subject: Lead Generator Due Diligence Checklist

For us, it depends on what information the lead generator is sending.  If they have collected NPPI, we perform a full due diligence and collect information similar to what you listed.  If it's more of a "bulletin board" type lead generator and all that is there is the potential client's name and contact info and everything else is done over the phone, we collect very little information.  Most of our lead generators are coming in either moderate or high, again depending on what information they are collecting and sharing. 

 

 

 

Barb Peryer

Senior Vice President

Third Party Risk Management and Sourcing Operations Manager

Original Message------

This message was posted by a user wishing to remain anonymous

Good Morning,

Does anyone have a separate  Lead Generator Vendor Due Diligence checklist that you would be willing to share with me and the group.  And if you could possible share what risk rating a lead generator would normally fall under (High, Medium, Low) I have been requesting that the Lead Generator vendors provide the normal vendor management items and have been getting push back from the stakeholders.  They seem to think that I am asking for way to much, then what is really needed.  It would be nice to see what others are doing.  (list of items requesting:  Tax ID, State of incorporation, Broker/Lender License, Secretary of State check, OFAC, Conduct Check of BBB and CFPB Complaint Database, Financials, SSAE 19 SOC reports, General Liability/Cyber Insurance, Policies and Procedures) 

Any Feedback would be greatly appreciated.

Maybe this would be a helpful link to review for this question.  https://www.natlawreview.com/article/ftc-settlement-includes-lead-generation-compliance-warnings 

We gather a bit more about the disclosures process, how they record/save the clear and conspicuous confirmation and review their record retention policy. (TCPA related lawsuits have a statute of limitation of 4 years, so we have to know it's being saved for at least that long in case something comes up)   Don't forget about TCPA policies and procedures regarding leads/warm leads/text messages and the like. 

All other info from them is fairly standard as you already listed.
Original Message:
Sent: 11-08-2019 02:32 PM
From: Anonymous Member
Subject: Lead Generator Due Diligence Checklist

This message was posted by a user wishing to remain anonymous

Good Morning,

Does anyone have a separate  Lead Generator Vendor Due Diligence checklist that you would be willing to share with me and the group.  And if you could possible share what risk rating a lead generator would normally fall under (High, Medium, Low) I have been requesting that the Lead Generator vendors provide the normal vendor management items and have been getting push back from the stakeholders.  They seem to think that I am asking for way to much, then what is really needed.  It would be nice to see what others are doing.  (list of items requesting:  Tax ID, State of incorporation, Broker/Lender License, Secretary of State check, OFAC, Conduct Check of BBB and CFPB Complaint Database, Financials, SSAE 19 SOC reports, General Liability/Cyber Insurance, Policies and Procedures) 

Any Feedback would be greatly appreciated.