I don't think that relying on a vendor to produce adverse action notices is a very common practice. Especially if they are sight unseen by the bank before going to the customer. I would recommend that you review with the vendor the Reg B requirements, require that they can reproduce adverse action notices exactly as provided to the customer, test them yourself, and change your procedures or vendor if this doesn't improve. A review of your current contract with the vendor may also be in order, including an indemnification by the vendor to cover regulatory fines or the cost of renotification to customers or file searches if the regulator finds deficiecies in the process. The regulators will hold you responsible for compliance with the adverse action requirements.
The opinions expressed here should not be construed to be those of my employer: PPDocs.com