Greg Robinson Discusses Regulatory Reform and Compliance in the Field Services Industry

The June issue of MReport featured an article authored by Safeguard’s Chief Financial Officer Greg Robinson, titled Front of the Class.

Front of the Class

Regulatory reform brings compliance and third-party oversight to the forefront of the field services industry.

When President Obama signed the Dodd-Frank Wall Street Reform
and Consumer Protection Act of 2010, it represented the largest set
of financial regulatory reforms seen in the United States since the Great Depression.

The wide-ranging and comprehensive legislation significantly
impacted every aspect of the financial services sector—and the field services
industry was no exception. It is imperative that field services companies make
the appropriate investment in resources, both human and technology, to
minimize clients’ exposure to the risks of noncompliance for a wide range of
requirements. Those not committed to compliance and the necessary investment
will not survive the new regulatory environment; those who embrace the
compliance requirements will strengthen their organization and the industry in
immeasurable ways.

While not all-encompassing, the regulatory environment that field services
companies must operate in include but are not limited to:

  • Consumer Financial Protection Bureau (CFPB) rules and regulations
  • False Claims Act provisions
  • Gramm-Leach Bliley Act (GLBA)
  • Protecting Tenants at Foreclosure Act (PTFA)
  • Service Members Civil Relief Act (SCRA)
  • Fair Debt Collections Practices (FDCPA)
  • Unfair Deceptive or Abusive Acts or Practices (UDAAP)

The financial services industry has invested heavily in their audit and compliance
functions to ensure there are proper frameworks in place to assess their suppliers’
adherence to applicable rules and regulations. This has fostered a renewed sense
of partnership and collaboration within the industry as client/vendor audit and
compliance teams have worked side-by-side to identify gaps, implement monitoring
procedures, and create best practices around adherence to these important
requirements. Importantly, organizations that provide services in this space must
embrace the new environment and ensure that executive leadership is engaged and
provides thought leadership to their teams in this dynamic regulatory environment.

Financial Services Focus on Compliance and Audit

There is a renewed focus and investment on vendor oversight within the financial
services industry. Typically, the vendor management department of these
organizations will risk rank their vendors based on predefined criteria such as
 annual spend, service provided, potential risk to the organization, and maturity
of the suppliers’ systems and processes. In the course of a year, depending on
their size, a field services company could undergo close to 75 onsite and desk
audit assessments. There’s no question audits can be time consuming, but each
audit should be looked at as an opportunity to strengthen and enhance existing
compliance frameworks.

There are two focused audits that field services companies undergo: vendor
compliance audits and global information security audits. These audits are
focused on different criteria but often overlap in a number of areas. The
global information security audits are generally focused around the ISO 27002
control set, Information Technology Infrastructure Library (ITIL) controls, Control
Objectives for Information and Related Technology (COBIT) controls, and other
IT-related control frameworks. From a testing perspective, the IT auditors
perform reviews of:

  • Physical security
  • Business continuity and disaster recovery
  • Software development and change management procedures
  • Application permission and authority levels
  • Data integrity and protection (encryption)
  • Network vulnerability testing

As field services companies typically receive and utilize confidential consumer data,
it is imperative that the controls safeguarding this data are robust, comprehensive,
and scalable.

The vendor compliance audits focus primarily on the business processes and
procedures and the frameworks by which controls are in place to ensure quality
service delivery. Comprehensive business process control walkthroughs are
performed and transactional control testing is conducted to ensure compliance.
In the past year, the audits have expanded their scope to ensure compliance with
regulations and to assess the field services companies’ policies and procedures
as they relate to:

  • Comprehensive customer complaint tracking systems
  • Legal complaint tracking systems
  • Background check validation for anyone who performs
    services on a property
  • Human resource management and systems entitlement reviews
  • Customer service call monitoring
  • Vendor management controls and scalability of network
  • Protection of confidential customer data and adherence to
    privacy requirements

Upon completion of the audit, an exit conference is conducted to share any
findings, risk rank those findings based on a severity matrix, and agree upon
remediation activities and timelines. This also is an opportunity for the vendor
to respond to any misinformation and agree upon the formal execution of a 
CAP, or corrective action plan. Progress on the CAP is monitored monthly
and evidence is provided to close out action items once completed.

To ensure compliance, many in the field services industry have invested
heavily in resources to manage their organizational risk as a supplier. From
new technology and the expansion of in-house internal audit and compliance
teams, a strong partnership of collaboration with clients is formed to proactively
and aggressively manage risk and to ensure the frameworks are in place to
maintain regulatory compliance and fully protect the consumer.

Enhanced Focus on the Supply Chain

As third-party oversight and compliance has become more formalized, it should
be seen as an opportunity to expand activities focused on the compliance and
quality frameworks of third-party providers. While many field services
companies have implemented robust administrative compliance and verification
activities when onboarding vendors in the past, much like the financial services
industry, some have taken the process to the next level by including onsite
vendor audits at their headquarters as part of the overall audit.

So what are some best practices to consider when designing a framework
for establishing the nature, timing, and extent of audit procedures? First,
perform a high-level risk assessment or tierranking activity across all
service lines to place vendors into risk categories. The purpose of the
assessment is to group vendors into “risk” tiers to determine the audit
frequency as well as to properly schedule and execute on a plan.

To facilitate an audit program, contracting with a national independent
audit firm is highly suggested. The company’s subject matter experts
can work hand-in-hand with the firm to create the audit plan, scope, and
program. The scope can include compliance issues, administrative
oversight activities, control frameworks, and substantive testing of
work orders and human resource practices. The following includes
a brief overview of the focused audit and control objectives.

Internal file review—Vendor files are inclusive of verification of proper
insurance; required acknowledgements are executed by applicable
vendor personnel; evidence of required background checks are
available; confidentiality agreements protecting client data have been
executed; and diversity certifications are present if applicable.

Business process walkthroughs—Auditors perform a general
walkthrough of the organization’s controls surrounding the applicable
business processes they perform. Gaps are discussed and best
practice discussions are offered to improve the capacity of the
organization.

Work order testing—Substantive testing focused on key criteria is
conducted on a representative sample of vendor work orders.

License affirmations—File reviews are conducted to validate that the
organization maintains the proper licensing as required by its jurisdictions
and applicable professions.

Quality control framework—A review is conducted of the organization’s
quality control processes and procedures. Evidence is noted for the nature,
timing, extent, and tools utilized to formalize its quality program.

Similar to the client audits we undergo, an exit conference is conducted
to share any findings, risk rank them based on a severity matrix, and
agree upon remediation activities and timelines. A formal CAP is executed
and progress is monitored monthly.

Compliance Frameworks and Executive Ownership

As should be evident by the increased investment in third-party oversight,
executive involvement in compliance activities must be focused and
committed. It is a dynamic environment we are operating in and having
appropriate frameworks in place to be agile, to efficiently identify risks,
and to make procedural adjustments and resource investment is critical.

Anticipating client needs, implementing best practices to minimize their
risk, and creating comprehensive frameworks to ensure transparent
communication protocols are in place from the operational departments
to the boardroom should be a priority in any organization. To proactively
identify and mitigate risk in operations and vendor network, and create
an environment of continual process and procedure improvement, a
nimble governance structure is recommended.

While there are varied ways organizations can accomplish these objectives,
a streamlined committee approach consisting of a cross section of
executive and service-line leadership will enable companies to ensure
consistency and transparency of duties for their clients.

Compliance Committee

The purpose of the Compliance Committee is to ensure compliance and
ethical behavior within the organization by defining responsibilities and
ownership, increasing awareness of compliance requirements, and
providing a mechanism for identifying and responding to new
requirements and noncompliance with existing requirements.
The committee has general oversight responsibility for compliance
programs, policies, and procedures.

The purpose of the committee is to oversee the company’s
implementation of compliance programs, policies, and procedures
that are designed to be responsive to the various compliance and
regulatory risks; assist the organization in fulfilling its oversight
responsibility for the compliance and ethics programs, policies,
and procedures; delegate responsibility for ensuring compliance;
and determine prioritization and resources necessary to have an
effective compliance program.

Security Advisory Board

The purpose of a Security Advisory Board (SAB) is to provide continuity
of knowledge, leadership, executive oversight and guidance for security
policies and activities. The SAB acts as the governing body for risk and
compliance for all of the organization. This includes both physical and
information security.

Through the assessment of security risk and application of appropriate
controls, the SAB is continually focused on the protection of confidential
data and integrity of assets in support of business objectives, physical
and financial resources, reputation, legal position, employees, partners,
and other tangible and intangible assets.

Quality Council

Comprised of executive leadership, the Quality Council’s main focus is
to review progress on quality assurance efforts and drive change based
on the results of internal audits and quality assurance initiatives. The
objectives of the Quality Council include:

  • Report on key metrics such as quality control results and internal
    operations audit findings.
  • Discuss trends impacting quality of services and agree on
    short- and long-term actions to address quality problems.
  • Provide updates on quality improvement initiatives and
    prioritize quality improvement initiatives and resources.

The governance structure can be organized within any framework that
meets the organization’s goals and objectives. The key point is that
executive leadership is continually involved in risk management and that
a transparent and actionable environment is created within an organization.

The enhanced focus on compliance brought on by the regulators has
proven to provide a solid framework for third-party oversight—something
that was much needed in the field services industry. Those who welcome
the changes and continue to invest in the resources necessary to improve
their organization will continue to flourish in this dynamic environment. This
requires the collaboration and partnership with their clients, executive
ownership, and understanding of risk factors that affect day-to-day activities,
proper investment in both human and technological resources, and a focused
partnership with vendors through collaborative third-party oversight.

Please click here for the article in PDF.

About Safeguard 
Safeguard Properties is the largest mortgage field services company in the U.S. Founded in 1990 by Robert Klein and based in Valley View, Ohio, the company inspects and maintains defaulted and foreclosed properties for mortgage servicers, lenders, and other financial institutions. Safeguard employs approximately 1,700 people, in addition to a network of thousands of contractors nationally. Website: www.safeguardproperties.com.

x

CHIEF EXECUTIVE OFFICER

Alan Jaffa

Alan Jaffa is the chief executive officer for Safeguard, steering the company as the mortgage field services industry leader. He also serves on the board of advisors for SCG Partners, a middle-market private equity fund focused on diversifying and expanding Safeguard Properties’ business model into complimentary markets.

Alan joined Safeguard in 1995, learning the business from the ground up. He was promoted to chief operating officer in 2002, and was named CEO in May 2010. His hands-on experience has given him unique insights as a leader to innovate, improve and strengthen Safeguard’s processes to assure that the company adheres to the highest standards of quality and customer service.

Under Alan’s leadership, Safeguard has grown significantly with strategies that have included new and expanded services, technology investments that deliver higher quality and greater efficiency to clients, and strategic acquisitions. He takes a team approach to process improvement, involving staff at all levels of the organization to address issues, brainstorm solutions, and identify new and better ways to serve clients.

In 2008, Alan was recognized by Crain’s Cleveland Business in its annual “40-Under-40” profile of young leaders. He also was named a NEO Ernst & Young Entrepreneur of the Year® finalist in 2013.

x

Chief Operating Officer

Michael Greenbaum

Michael Greenbaum is the chief operating officer for Safeguard. Mike has been instrumental in aligning operations to become more efficient, effective, and compliant with our ever-changing industry requirements. Mike has a proven track record of excellence, partnership and collaboration at Safeguard. Under Mike’s leadership, all operational departments of Safeguard have reviewed, updated and enhanced their business processes to maximize efficiency and improve quality control.

Mike joined Safeguard in July 2010 as vice president of REO and has continued to take on additional duties and responsibilities within the organization, including the role of vice president of operations in 2013 and then COO in 2015.

Mike built his business career in supply-chain management, operations, finance and marketing. He has held senior management and executive positions with Erico, a manufacturing company in Solon, Ohio; Accel, Inc., a packaging company in Lewis Center, Ohio; and McMaster-Carr, an industrial supply company in Aurora, Ohio.

Before entering the business world, Mike served in the U.S. Army, Ordinance Branch, and specialized in supply chain management. He is a distinguished graduate of West Point (U.S. Military Academy), where he majored in quantitative economics.

x

CHEIF INFORMATION OFFICER

George Mehok

George Mehok is the chief information officer for Safeguard. He is responsible for all strategic technology decisions, new systems deployments and data center operations supporting a national network of more than 10,000 mobile workers.

George has more than 20 years of leadership experience dedicated to high-growth companies in the mobile telecommunications and financial services industries, spanning startups to global industry leaders.

George played a senior role in the formation of Verizon Wireless, leading the IT product development and strategic planning team. He led the integration planning for the Verizon merger including: GTE, Vodafone-AirTouch, Bell Atlantic Mobile and PrimeCo.

As chief information officer at Revol Wireless, a VC-backed CDMA wireless communications network operator, George’s team implemented an integrated technology infrastructure and award-winning business intelligence platform.

George holds a bachelor’s degree in political science and economics from Eastern Michigan University and an M.B.A. from The Ohio State University. He is a board member of Akron University’s School of Business Center for Information Technology, in addition to an advisory board member for OHTec.

In 2013, George won the Crain’s Cleveland Business CIO of the Year award for his team’s work in completing a major acquisition and technology transformation at Safeguard. In 2015, George’s team was recognized by InformationWeek’s annual Elite 100 ranking of the most innovative U.S.-based users of business technology. The mobile inspection technology developed at Safeguard was selected as InformationWeek’s “One of the top 20 ideas to steal in 2015”.

x

General Counsel and Executive Vice President

Linda Erkkila, Esq.

Linda Erkkila is the general counsel and executive vice president for Safeguard, with oversight responsibilities for the legal, human resources, training, compliance and audit departments. Linda’s broad scope of oversight covers regulatory issues that impact Safeguard’s operations, pro-active risk mitigation, enterprise strategic planning, human capital and training initiatives, compliance and audit services, litigation and claims management, and counsel related to mergers, acquisition and joint ventures.

Linda’s oversight of the legal department along with multiple compliance and human capital focused departments assures that Safeguard’s strategic initiatives align with its resources, leverage opportunities across the company, and contemplate compliance mandates. Her practice spans almost 20 years, and Linda’s experience, both as outside and in-house counsel, covers a wide range of corporate matters, including regulatory disclosure, corporate governance compliance, risk assessment, executive compensation, litigation management, and merger and acquisition activity. Her experience at a former Fortune 500 financial institution during the subprime crisis helped develop Linda’s pro-active approach to change management during periods of heightened regulatory scrutiny.

Linda previously served as vice president and attorney for National City Corporation, as securities and corporate governance counsel for Agilysys Inc., and as an associate at Thompson Hine LLP. She earned her JD at Cleveland-Marshall College of Law. Linda holds a degree in economics from Miami University and an MBA. In 2017, Linda was named as both a “Woman of Influence” by HousingWire and as a “Leading Lady” by MReport.

x

Chief Financial Officer

Joe Iafigliola

Joe Iafigliola is the Chief Financial Officer for Safeguard. Joe is responsible for the Control, Quality Assurance, Business Development, Accounting & Information Security departments, and is a Managing Director of SCG Partners, a middle-market private equity fund focused on diversifying and expanding Safeguard Properties’ business model into complimentary markets.

Joe has been in a wide variety of roles in finance, supply chain management, information systems development, and sales and marketing. His career includes senior positions with McMaster-Carr Supply Company, Newell/Rubbermaid, and Procter and Gamble.

Joe has an MBA from The Weatherhead School of Management at Case Western Reserve University, is a Certified Management Accountant (CMA), and holds a bachelor’s degree from The Ohio State University’s Honors Accounting program.

x

AVP, High Risk and Investor Compliance

Steve Meyer

Steve Meyer is the assistant vice president of high risk and investor compliance for Safeguard. In this role, Steve is responsible for managing our clients’ conveyance processes, Safeguard’s investor compliance team and developing our working relationships with cities and municipalities around the country. He also works directly with our clients in our many outreach efforts and he represents Safeguard at a number of industry conferences each year.

Steve joined Safeguard in 1998 as manager over the hazard claims team. He was instrumental in the development and creation of policies, procedures and operating protocol. Under Steve’s leadership, the department became one of the largest within Safeguard. In 2002, he assumed responsibility for the newly-formed high risk department, once again building its success. Steve was promoted to director over these two areas in 2007, and he was promoted to assistant vice president in 2012.

Prior to joining Safeguard, Steve spent 10 years within the insurance industry, holding a number of positions including multi-line property adjuster, branch claims supervisor, and multi-line and subrogation/litigation supervisor. Steve is a graduate of Grove City College.

x

AVP, Operations

Jennifer Jozity

Jennifer Jozity is the assistant vice president of operations, overseeing inspections, REO and property preservation for Safeguard. Jen ensures quality work is performed in the field and internally, to meet and exceed our clients’ expectations. Jen has demonstrated the ability to deliver consistent results in order audit and order management.  She will build upon these strengths in order to deliver this level of excellence in both REO and property preservation operations.

Jen joined Safeguard in 1997 and was promoted to director of inspections operations in 2009 and assistant vice president of inspections operations in 2012.

She graduated from Cleveland State University with a degree in business.

x

AVP, Finance

Jennifer Anspach

Jennifer Anspach is the assistant vice president of finance for Safeguard. She is responsible for the company’s national workforce of approximately 1,000 employees. She manages recruitment strategies, employee relations, training, personnel policies, retention, payroll and benefits programs. Additionally, Jennifer has oversight of the accounts receivable and loss functions formerly within the accounting department.

Jennifer joined the company in April 2009 as a manager of accounting and finance and a year later was promoted to director. She was named AVP of human capital in 2014. Prior to joining Safeguard, she held several management positions at OfficeMax and InkStop in both operations and finance.

Jennifer is a graduate of Youngstown State University. She was named a Crain’s Cleveland Business Archer Award finalist for HR Executive of the Year in 2017.

x

AVP, Application Architecture

Rick Moran

Rick Moran is the assistant vice president of application architecture for Safeguard. Rick is responsible for evolving the Safeguard IT systems. He leads the design of Safeguard’s enterprise application architecture. This includes Safeguard’s real-time integration with other systems, vendors and clients; the future upgrade roadmap for systems; and standards designed to meet availability, security, performance and goals.

Rick has been with Safeguard since 2011. During that time, he has led the system upgrades necessary to support Safeguard’s growth. In addition, Rick’s team has designed and implemented several innovative systems.

Prior to joining Safeguard, Rick was director of enterprise architecture at Revol Wireless, a privately held CDMA Wireless provider in Ohio and Indiana, and operated his own consulting firm providing services to the manufacturing, telecommunications, and energy sectors.

x

AVP, Technology Infrastructure and Cloud Services

Steve Machovina

Steve Machovina is the assistant vice president of technology infrastructure and cloud services for Safeguard. He is responsible for the overall management and design of Safeguard’s hybrid cloud infrastructure. He manages all technology engineering staff who support data centers, telecommunications, network, servers, storage, service monitoring, and disaster recovery.

Steve joined Safeguard in November 2013 as director of information technology operations.

Prior to joining Safeguard, Steve was vice president of information technology at Revol Wireless, a privately held wireless provider in Ohio and Indiana. He also held management positions with Northcoast PCS and Corecomm Communications, and spent nine years as a Coast Guard officer and pilot.

Steve holds a BBA in management information systems from Kent State University in Ohio and an MBA from Wayne State University in Michigan.

x

AVP, Mobile and Analytics

Jason Heckman

Jason Heckman is the assistant vice president of mobile and analytics for Safeguard. He is responsible for both Safeguard’s mobile development and strategy as well as the company’s data warehousing and business intelligence. Jason oversees the design, development and release of all Safeguard’s internally developed mobile applications. He also oversees the development and delivery of operational and analytical data technologies throughout the organization.

Jason joined Safeguard as manager of mobile in 2012. During that time he led the development and integration of Safeguard’s mobile applications across the company’s vendor network to provide real-time data from the field. In 2014, he was promoted to director of mobile applications and named assistant vice president in 2017.

Prior to joining Safeguard, Jason was the director of application development and business intelligence for Revol Wireless, a privately held wireless provider in Ohio and Indiana.

Jason holds a bachelor’s degree in business management from Case Western Reserve University in Ohio.

x

AVP, Business Development

Tim Rath

Tim Rath is the AVP of business development for Safeguard. He is responsible for developing innovative growth strategies for Safeguard and developing and overseeing potential partnerships, mergers and acquisitions.

Tim joined Safeguard in 2011 as project director and has filled numerous roles within Vendor Management, most recently serving as director of vendor management, a role he assumed in 2011.

Prior to Safeguard, Tim worked as director of supply chain at PartsSource Inc. in Aurora, Ohio, a provider of medical replacement parts, procurement solutions and healthcare supply chain management technology services. He also has held sales positions with Rexel, ComDoc, and Pier Associates, all based in Ohio.

Tim holds a degree in marketing and sales from The University of Akron in Akron, Ohio. He also earned his FAA Certified Commercial UAS (Drone) Pilot license in 2017.