As I discussed in my recent report, Small Credit Card Issuers 2012: Waiting For ARenaissance, small credit card issuers have an impressiveand comprehensive array of processing and outsourcing services attheir disposal. It’s not an exaggeration to say that most of theroughly 5,000 small credit card issuers owe the ongoing existenceof their credit card businesses to the availability of outsourcersand their capabilities. Small issuers have justifiably come todepend on the processing, marketing, risk management, and evencompliance expertise of their partners. The credit card businesshas become incredibly complex, and the ability to access qualityoutsourcing services is a critical survival factor for smallissuers.
The recent Consumer Financial Protection Bureau bulletin serves asa warning to financial institutions that in spite of businesscomplexity, you can’t outsource the diligent monitoring of youroutsourcing partners. As the bulletin states, The CFPB expectssupervised banks and nonbanks to have an effective process formanaging risks of service provider relationships. The bulletinlists a number of responsibilities, including conducting duediligence regarding a provider’s knowledge of applicable law, theirinternal controls, contractual compliance expectations, ongoingmonitoring, and problem resolution.
The challenge, of course, is that small issuers outsource elementsof their card programs because they don’t have the expertisein-house. Increasingly, they rely on their outsourcing partners’expertise to keep them in compliance with applicable legislationand rules (as well as fraud management, network rule compliance,competitive product features, etc., etc.).
But just as an issuer is ultimately responsible for their owncredit policies and credit risk, the CFPB is reminding issuers theyare ultimately responsible for the capabilities they choose tooutsource, and the selection of the partners to provide them.
Being a financial institution is still a tough job, no matter whatyou outsource.
