The Importance of Strong Vendor Management

Posted by Gracie Nelson on October 31, 2024

Today, the Consumer Financial Protection Bureau (CFPB) issued a consent order against VyStar Credit Union for deficiencies in its third-party vendor management which resulted in significant harm to its members. This order serves as a critical reminder to credit unions everywhere about the importance of robust due diligence, vendor management, and project planning practices.

VyStar’s situation unfolded when they attempted to launch a new online and mobile banking platform through a new, untested provider in May 2022. Due to a lack of comprehensive testing and oversight, the new system experienced a serious outage shortly after going live. This outage not only restricted member access to essential services but also led to fees and other financial hardships.

The CFPB identified key areas where VyStar’s processes fell short: outdated and insufficient policies, inadequate oversight of their service provider, and a rushed project timeline. This oversight resulted in compliance violations and requires VyStar to pay a $1.5 million penalty and establish a governance committee to prevent future missteps.

This case is a strong reminder that when undertaking projects with consumer-facing impacts, credit unions must be vigilant in vetting third-party vendors and managing project execution with care. By learning from these challenges, credit unions can better protect members, ensure seamless service delivery and avoid costly repercussions in the future.

Posted in Advocacy on the Move.