Mortgage Service Provider Compliance Failures Could Cost You Your Business
By Bryan J. Pelino Over the years any number of companies, whether they are brokers, title companies, appraisers or otherwise, have popped up to provide services in connection with mortgage loans. In general, each of these groups adds significant value and many are necessary to offer objective assessments (like appraisers). But (and there’s always a “but”), according to the CFPB, what these service providers (aka “third party service providers” or “TPSPs”) do or don’t do may be your responsibility. In a world where compliance is as important to a business’ success as sales, it is alarming that, as a mortgage lender, a compliance failure by a trusted business partner can be as big of a concern for you as if it was your own. Freaked out yet? While the burden is pretty scary, with a little reading, some common sense and strict adherence to a TPSP management policy you can protect your business and yourself from potentially catastrophic financial loss. So what do you do to even get started?
The first step is to identify all of your TPSPs and make a list. Keeping in mind that the CFPB has a tendency to think broadly, it’s a pretty safe bet to say that anyone that makes money related to your lending operations (outsourced marketers, title/settlement companies, brokers, appraisers, credit companies, etc.) or anyone who has access to consumer information (IT providers, QC companies) falls in this category. Be broad in your thinking and be aware that if your TPSP also uses subcontractors you may be responsible for them as well.
TPSP relationships need to be necessary and offer a substantial benefit to the end consumer. Usually, it’s necessary to utilize independent settlement companies and appraisers, but do you need to outsource your marketing, underwriting or back-office operations such as IT or accounting? Although many of these vendors may not have direct interaction with the end customer, the CFPB requires that their risk is measured and service provided adequately monitored. Essentially, do a risk analysis to determine if your business would be better-off handling a particular function internally so it’s easier to manage the risks involved.
After identifying the services that absolutely need to be outsourced, undertake to select your favorite TPSPs in each category. Using multiple TPSPs provides a certain degree of surety that resources will be available when needed. But at what point does that number become too arduous to manage? A good rule of thumb is to implement the 80/20 rule utilizing a challenger/ champion vendor management strategy. This is accomplished by providing your champion with 80% of a specific component of your TPSP business and relegating the challengers the remaining 20%. So if you have a favorite title company, load them up with 80% of your referrals and distribute the other 20% to a few other trustworthy sources. This allows a business to optimize its vendor relationship and properly incentivizes the champion to continue providing the highest quality service at the lowest possible cost, or risk being unseated by a rising challenger.
Do Your Due Diligence
For the remaining TPSPs on your list you will need to perform adequate due diligence, but what does that entail? Review of all available information about a potential or existing TPSP, focusing on the entity’s financial condition, its specific relevant experience, its knowledge of applicable laws and regulations, its reputation, and the scope and effectiveness of its operations and controls. The scope and depth of due diligence should be directly related to the importance and magnitude of the third-party relationship and the potential risk for consumer harm. This doesn’t mean that you have to throw away all common sense. A review of quarterly financial statements for each appraiser that you engage might not be necessary. However, given that Wells Fargo recently paid $175,000,000 for compliance violations made by independent brokers, it might be a good idea to review broker QC reports on a semi-annual basis. Remember, one of the best ways to find your company on the radar of the CFPB is to use a service provider who has violated Federal law. Likely, if your TPSP is being investigated by the CFPB, you may be next when the CFPB conducts a review of companies utilizing the TPSPs services to ascertain if the violation is isolated or epidemic. The good news is that things like Google and online consumer complaint websites make for easy first steps. From there, it is important to consider the impact the provider could have on the consumer and the level of contact with the consumer so you can determine what information you need to gather prior to engaging a TPSP.
Put It In Writing
We all deal with a lot of paper, most of which isn’t all that easy to understand—despite what the government tells us. It’s important that you have written contracts with TPSPs that address, among other things, the scope of your relationship, due diligence review, complaint and investigation disclosure and insurance requirements. No matter the relationship, it is absolutely imperative that privacy and protection of the consumer be at the forefront of each TPSP’s operations. Unwillingness by a TPSP to make the consumer a priority is a clear indication that you want nothing to do with them.
Continue to Pay Attention
Vetting TPSPs isn’t a onetime thing. Just because a TPSP agrees to be conscientious doesn’t mean that they will be. Use public resources and require periodic reports to ensure compliance with your policies is ongoing. The power of the internet is an amazing thing and can be used for periodic research of your TPSPs. I continually tell myself that if my 6 year old can find it on Google (despite all the parental filtering stuff), then I’m responsible for knowing it too. This same theory should be used in monitoring your TPSP relationships. The CFPB is looking for you to “detect, prevent and correct,” compliance failures, which isn’t a bad idea.1 So you may be saying to yourself, “I don’t know anything about my TPSPs.” There’s no doubt that, for many TPSPs, having to provide information and making promises about how they will do business is going to be a new concept. There will be resistance and a period of adjustment, but so long as the CFPB is around, compliance will dictate the culture of mortgage lending. Also, this isn’t an entirely new concept. Federally insured depository institutions have been required to monitor TPSPs for a very long time. Much of what is required to ensure TPSP compliance is a little research and some effort. While this is a daunting task, there are groups out there, like C3 Compliance Consultants Inc. (“C3CC”), that offer compliance support services for a fraction of the cost of an internal compliance staff. C3CC provides a forwardlooking CFPB compliance examination, fluid and comprehensive policies and procedures, ongoing training and even a TPSP management system—all while staying abreast of changes in Federal and state compliance laws that affect your business. A compliance program customized to your business will help alleviate the burden of dealing with such a daunting and potentially costly task. Reprinted with permission from the California Mortgage Bankers Association. Click here to view the PDF of the original article.