Monitoring is very much like due diligence in that your monitoring activities must be commensurate with the risk. In the case of fair lending and other consumer protections, those monitoring activities would be limited to those third parties posing those specific risks.
For those third parties, there are two sides to monitoring, risk, and performance.
Risk monitoring generally happens once a year for high-risk and critical third parties. To address fair lending and consumer protections specifically, I recommend you request the third party's current compliance policy and reports detailing compliance training for their employees. You will also want to review the most recent information security and privacy policies, customer complaint logs, and resolutions.
For performance monitoring, I would look at customer complaints at least quarterly. However, many organizations look at this information monthly which is a good practice to prevent emerging issues from becoming trends.
Those are my thoughts, I would love to hear what other members would add.
Original Message:
Sent: 09-02-2021 03:05 PM
From: Anonymous Member
Subject: Fair Lending
This message was posted by a user wishing to remain anonymous
Can anyone share what you include in your third-party service provider oversight programs in connection with monitoring for fair lending or other consumer protection regulations?