Alan Jaffa Reflects on Continuous Improvement
The February issue of Mortgage Banking Magazine published an article authored by Safeguard’s CEO Alan Jaffa, entitled “Continuous Improvement.”
How a field service company installed the self-auditing tools to continually improve performance and satisfy regulators.
Business schools and career counselors often teach and coach students and managers about the importance of “managing up” — anticipating the needs of their bosses, not only to develop more effective working relationships, but to improve outcomes for their organizations.
Managers who manage up develop good listening skills. They pay attention to the issues and challenges their bosses and their organizations face. They offer ideas and solutions to address problems. They understand organizational goals and guide their teams to deliver high-quality results and meet corporate objectives.
A similar managing-up approach applies to building effective relationships between vendors and their clients — in particular, the relationship between field service providers and their mortgage servicing clients as it relates to the servicers’ challenges in complying with myriad government regulations, as well as their own corporate risk-management requirements.
The housing crisis has sparked new and tighter regulations on an already highly regulated mortgage industry. While these regulations were designed to afford greater protections for consumers and homeowners, and address what in many communities are large volumes of vacant, defaulted and foreclosed properties, they also have created enormous administrative burdens. Servicers today must audit and document virtually every process to demonstrate compliance. Failure to do so places servicers at risk for severe penalties, fines and court fees.
Similarly, technology advances, the sophistication and proliferation of mobile communications devices and the increased risks from hackers and cyberattacks have forced companies to tighten their security policies to protect sensitive information related to their operations, as well as their employees and customers. The results of these efforts can impact everything from a company’s operation and reputation to insurance rates and stock prices.
To monitor and ensure compliance with internal policies and external regulatory requirements, companies not only audit their own processes and outcomes, but those of their vendors and suppliers. And this has never been more evident than in today’s mortgage servicing business.
Audits make us stronger
The audit process provides an opportunity for field service companies not only to manage up and help ease the compliance burden for their mortgage servicing clients, but also to strengthen their own processes and improve their own outcomes.
On a regular basis, Safeguard Properties, along with every field service company that provides property preservation services, participates in audits with their mortgage servicing clients.
Depending on the client and the need, an audit can range from providing responses to a servicer’s specific requests for information, to lengthy and comprehensive reviews of all functions and services involved in the performance of a contract. Comprehensive reviews, however, have become more common because of increased regulatory requirements and stricter regulatory scrutiny.
Under a comprehensive audit, the process usually begins with a questionnaire that the servicer sends to its field service partner. The most important areas of focus usually relate to information security and quality control. However, servicers also request information about vendor company policies and procedures, workflow management, training and recruitment, and other elements that relate to the performance of contractual services. They also may ask about a vendor’s ownership, leadership team and finances.
Along with responses to the questionnaire, field service vendors often provide dozens of exhibits to support the information provided in the questionnaire. These may include copies of information technology (IT) and security policies and procedures, process flow charts and other forms of documentation.
Site visits follow the submission of information. Again, depending on the client and the depth of the audit, one client representative or a team of four to five may spend one day or several days visiting facilities and meeting with various staff.
During these site visits, auditors seek to understand and verify the information that they have received. Information security is typically a key area of focus. To verify, for example, that borrower information is protected, auditors may ask to see relevant policies and procedures, and perform a “walk through” of the system to test the effectiveness of these policies and procedures in action and experience for themselves how secure their data is.
In responding to audits, field service vendors like Safeguard have a choice to simply provide their clients with the information they request, or to use the power of information and performance measurements to add value and quality to build a strong and lasting business partnership, and to evaluate and improve our own internal processes and systems.
For example, servicers have stringent requirements around on-time completion of work in the field. Safeguard implemented an “on-time first-time” measurement designed not only to track on-time performance, but to take a step further to minimize instances where work orders need to be reopened because of errors. It is a best practice that servicers are free to implement with their other vendors.
Information security a priority
In the past five years, Safeguard’s internal policies around information security alone have increased tenfold, from approximately 10 basic policies to more than 100 specific policies today to protect not only Safeguard’s data but our clients’ data as well. This information includes the identity of defaulted borrowers, loan numbers, property addresses, the work history on each property and the photo images that accompany each work order.
The volume and intensity of Safeguard’s policies have increased both in anticipation of our clients’ information security needs, and also in response to specific client requirements and audit points they have brought forward.
As it relates to information security, Safeguard proactively has established, evolved and formalized information security policies to provide controls around our processes for storing and protecting data, tracking and monitoring the utilization of computers and mobile devices where information is stored, and how we manage and control change orders to ensure consistency and continuity. Our policies also cover data classifications, access authority and monitoring, remote access, password requirements and data encryption.
The devastation that resulted from Hurricane Sandy late in 2012 offered a stark reminder of the importance of establishing and complying with policies and procedures to ensure business continuity and disaster recovery in the wake of business disruptions.
These include procedures for maintaining redundant systems on separate electrical grids, and maintaining business functions in multiple sites to prevent business disruptions in the event of a disaster.
After Hurricane Sandy, Safeguard found itself without electrical power for four days at its headquarters and two days at a business continuity site, and maintained business as usual at both facilities with the use of multiple backup generators with sufficient strength and capacity to support operations.
Raising the bar on partnership and business value
While quality improvement has always been embedded into Safeguard’s operations, the audit process highlighted a need for Safeguard to raise it to a new level. In the past, the function had been divided along service lines.
Two years ago, as the depth and volume of client audits grew, the company formalized the creation of a quality-assurance department that serves as the central coordinating point, not only for Safeguard’s internal quality assessment and improvement functions, but for all client audits as well. The quality-assurance department is independent of all other functions within the company, and yet is integrated with each.
The value of this independent and integrated approach is that it provides Safeguard with the ability to cross-pollenate knowledge and best practices across service lines and departments and among clients.
Central to the function, as it relates to client audits, is a documentation library that is a repository for every query, response, scorecard and audit finding. Safeguard’s quality team evaluates that information, identifies strengths and gaps, and implements plans to either share knowledge and build on strengths or improve performance — and in all cases, to measure results.
We view each audit as an opportunity to continuously raise the bar on quality outcomes — our own and those of our clients. What we learn from one client audit, we build into our processes to improve outcomes in another.
For example, in one audit, a mortgage servicing client inquired about our processes to ensure that contractors in our network carry licensing required under local laws to perform maintenance and repair services. This requirement is an important focus for government-sponsored enterprises.
Although Safeguard required each contractor to comply with all local laws and licensing, as a result of this particular audit, the company changed its internal process to formalize the requirement. Contractors in the Safeguard network now must attest annually that they are in compliance with local licensing requirements.
To verify compliance, Safeguard also conducts monthly audits of a random sampling of its network. This process change allows all Safeguard clients to demonstrate compliance on this point to their investors.
As another example, many of Safeguard’s mortgage servicing clients follow audit and reporting standards under the Statement on Standards for Attestation Engagements (SSAE) No. 16. These standards, developed by the American Institute of Certified Public Accountants (AICPA), help to guide organizations in developing controls around their information systems, financial operations and other business systems.
Among the controls are those that protect system access to authorized users only. Another is change controls to ensure that system changes are tested prior to implementation so that they do not cause a disruption in service. Others address overall information technology policies, such as training protocols and internal and external communications regarding system usage. In an effort to maintain compliance on behalf of its clients, Safeguard follows and applies SSAE 16 standards in its operations as well.
Sharing knowledge and best practices
In a managing-up partnership, field service companies also should be resources to their mortgage servicing clients to share knowledge and identify opportunities to improve their own audit processes and compliance outcomes.
As the industry prepares for the implementation of the Consumer Financial Protection Bureau (CFPB) servicing guidelines in 2013, an area of focus will be borrower communication and outreach.
For many years, Safeguard has provided outreach to homeowners on behalf of its mortgage servicing clients. This outreach has included efforts to encourage troubled borrowers to contact their mortgage servicers for help and guidance, and identifying defaulted homes occupied by the families of active-duty service members and informing service members of their rights under the Servicemembers Civil Relief Act (SCRA).
After major disasters, such as Hurricane Sandy, Safeguard not only provides damage assessments to its servicing clients, but also helps disseminate contact information for the servicer, insurance information and other relevant communications.
Safeguard’s documentation library also has been a useful tool to help mortgage servicing clients align audit processes to reduce redundancies and inconsistencies. As an example, three separate departments at one client had requested information about Safeguard’s disaster recovery procedures within a short span of time. By cross-referencing the data requested by each department, we helped to identify a duplicate process and create an opportunity for the client to share information and auditing efficiencies across departments.
Proof is in the results
As a field service company representing the mortgage servicing industry to protect and preserve properties, Safeguard views its internal scorecards and its clients’ scorecards as one and the same. By continuously tracking and measuring our performance based on information gleaned from data on tens of millions of properties in our system, and continuously improving our processes we improve both our internal quality measures and the scorecards we receive from clients.
Working in partnership with clients to determine the right processes to measure and the right targets to meet is critical. This is especially true in situations where the client teams tasked with managing vendor relationships do not have the depth of experience to understand certain nuances and details that may impact outcomes, such as different sets of industry guidelines, requirements and issues that apply to maintaining pre-foreclosure and post-foreclosure properties.
Each service line maintains and monitors internal scorecards on the services it performs and is responsible for proactively implementing corrective actions to address deficiencies and maintain quality and client satisfaction. In the past year alone, Safeguard has made significant performance improvements that have directly benefited its clients.
Safeguard’s real estate-owned (REO) service line tracked an improvement of 39 percent in properties that had no deficiencies or quality issues, and a 79 percent improvement in the timeliness and quality of grass cuts. Overall, our quality scores for property preservation services on pre-foreclosure properties improved 11 percent in 2012, and quality scores for post-sale properties improved 7 percent.
By managing up, anticipating our clients’ needs and working to satisfy them, Safeguard has not only helped its clients comply with government regulations and internal requirements, but our clients also have helped us become a better company delivering higher-quality services and value to them.
Please click here to view as a PDF.
Safeguard Properties is the largest privately held field services company in the country. Located in Cleveland, Ohio and founded in 1990 by Robert Klein, Safeguard has grown from a regional preservation company with a few employees and a handful of contractors performing services in the Midwest, to a national company with more than 1,600 employees. Safeguard is supported by a nationwide network of subcontractors able to perform any requested superintendence, preservation, and maintenance functions, as well as numerous ancillary services in the U.S., the Virgin Islands, and Puerto Rico.