Your Brother’s Keeper – You May Now be Responsible for Your Vendor’s Actions

Terrence O'Loughlin

Your Brother's Keeper – You May Now be Responsible for Your Vendor's Actions

Adam and Eve begat Cain and Abel. Abel slew Cain. When questioned by the Lord as to the whereabouts of Cain, Abel defiantly asked this question in reply, "Am I my brother's keeper?"

To which the CFPB responded, "Yes, you are."

To quote the CFPB, "A well planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, protect consumers from non-compliance and associated harms, and help align business strategies with outcomes."

The CFPB's mission is to ensure that markets for consumer financial products and services are "fair, transparent, and competitive."

Vendor management is part of the expectation of the CFPB.

The Problem

Certain dealers engage vendors for various functions which are extensions of the dealer's operations. For example, Reynolds Motors, an independent dealer, may provide special financing and hold the paper. It hires a company, Diablo Wreckers, which specializes in locating and repossessing vehicles. Diablo is unlicensed, reckless, and doesn't know the law regarding repossessions, let alone following the law. Consequently, Diablo becomes embroiled in litigation and the subject of governmental discipline. Could Reynolds Motors be held liable for Diablo? The answer is yes.

The Quick Solution

Dealers need to hire an attorney for this problem. It is complex and requires a legal analysis. The alternative is to have a vendor management protocol with any vendor which appears to be an extension of certain dealerships as it pertains to financial products and services.

Understanding the CFPB

To understand this problem one needs to understand the immensity of the CFPB's power and reach. It prosecutes, regulates, and supervises, with its 700 attorneys and a budget exceeding $570,000,000.00. Eighteen major federal laws have been delegated to it for enforcement including the Equal Credit Opportunity Act (ECOA), Fair Debt Collection Practices Act (FDCPA), and the Truth in Lending Act (TILA). It has collected over $1,600,000,000.00 as a result of its Consent Orders. It has authority over entities offering consumer financial products and services including banks and "covered non-banks." It oversees "covered persons."

"Covered persons" are persons or entities which offer or provide consumer financial products and services. This definition includes car dealers but only if a dealer has its own finance company and doesn't routinely assign its Retail Installment Sale Contracts to an unrelated finance source or doesn't have a service department. (Franchise dealers are exempt from this definition due to the herculean efforts of the NADA. The NADA earned its membership fees of its members forever by the success of these efforts.) Franchise dealers should be wary if they own an independent lot or a BHPH store. Covered persons also include various banks, payday lenders, consumer finance lenders, money service businesses, and "services providers."

A service provider is any person that provides a "material service" to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service. A "material service" includes, but is not limited to, designing, operating or maintaining, a consumer financial product or service or processing transactions relating to a consumer to a consumer financial product or service. Service providers include such diverse and outsourced entities such as marketers, debt collectors, repossession agents, remarketers and others.

As defined by the Dodd-Frank Act and the CFPB the definition of a financial product or service is quite broad and especially germane to dealers is the inclusion of "extension of credit or deferred payment of debt by an organization to a consumer" and "debt collection."

What Should a Dealer Do?

If a dealer hasn't already done so, the first step is to establish a Compliance Management System (CMS) which includes a board with oversight, written compliance plan, compliance officer, consumer complaint response program, and third-party reviews. The CMS should also include a Vendor Management program.

The Vendor Management Program

This program should be a formalized written plan which allows for training, monitoring, and corrective action, if necessary. It is part of the CMS.

Managing Service Providers

As part of this process dealers must do the following:

  • Verify that the service provider understands and is capable of complying with federal consumer financial laws.
  • Review each service provider's policies, procedures, internal controls, and training materials.
  • Ensure that the service provider conducts appropriate training and oversight of its employees or agents.

The contract with the service provider should outline the clear expectations regarding the service provider's compliance requirements. There should be appropriate and enforceable consequences for violations of compliance-related responsibilities.

New and current contracts with vendors should take into account how significant the outsourced function is. Is it the type of responsibility the dealer can legally afford to outsource as to compliance risk? Can the dealer monitor the actions of the vendor? Contract decisions should be documented by management.

The ongoing discharge of the vendor's duties must be monitored by the dealer to ascertain whether the vendor is following consumer finance law. Should the dealer determine that there is a problem, the dealer must respond promptly and remedy the matter.

It is important to recognize that dealers should know the past history of the vendor and its current operations. Dealers should know the following:

  • The service provider's litigation and regulatory history and how it redresses external complaints. Is it licensed and bonded if appropriate?
  • What are the service provider's protocols in observing the law?
  • What have been the complaints asserted against the service provider (e.g., state Attorney General, websites, CFPB complaints).

Once a dealer has established that the service provider meets its standards and contracts with it, a dealer must continue to monitor the service provider. Audits, inspections, annual reviews, and ongoing correspondence should be employed. Should financial challenges, technological problems, or other issues emerge from this monitoring process a dealer needs to document the issue and take appropriate action.

Unfortunately, the traditional legal defenses such as independent contractor, vicarious liability, or using indemnification clauses will probably prove ineffective. In addition, errors and omission insurance may not apply.


As with any compliance issue, the truly important step is to at least try to comply with the wishes of the CFPB or any regulator for that matter. This is a new compliance challenge and is actually a sound business protocol. Good service providers should be willing to fully cooperate.



As seen on P&A Magazine.

Risk Assessment

Are you Prepared for a Regulatory Audit?

Are You Compliant?

Cash Reporting Rules

Listen to a preview of Cash Reporting Rules and Form 8300.

Watch / Learn More