National Mortgage News’ 8th Annual Mortgage Servicing Conference
The Mortgage Servicing Conference 2014 was held at The Westin Galleria in Dallas, TX. This conference featured a variety of panel discussions on challenges facing the mortgage servicing industry. The session topics included compliance, vendor risk management, mortgage servicing rules best practices, GSE reform and more.
Safeguard’s Vice President of Operations Mike Greenbaum was honored to participate on a panel at the conference. A summary of this session is below.
Vendor Risk Management for Mortgage Servicers
Moderator: Robert Hernandez, Pricewaterhouse Coopers
Michael Greenbaum, Safeguard Properties
David Tallman, K&L Gates
Michael Webb, EverBank
Third-Party Risk Management (TPRM)
The panel discusses how TPRM is essential in today’s banking and financial services industries. Failure to implement a comprehensive TPRM framework may result in loss of revenue and decreased shareholder value for financial institutions. Additional consequences discussed during this session included:
- Non-compliance with federal laws and regulations
- Inability to cost-effectively assess and manage third-party risk
- Tarnished brand arising from inappropriate third-party activities
- Customer service disruption by the unexpected failure of a third-party
- Data security breaches and leaks of customers’ personally identifiable information
- Unaligned TPRM processes and non-automated workflows that compromise quality, efficiency, timeliness and accuracy
A strong regulatory emphasis on TPRM is emerging as regulators have issued new guidance in light of findings from recent regulatory examinations. The following regulations serve as the primary federal guidance for managing third-party risks:
- Federal Reserve Bank of New York (FBR SR 13-19): Managing outsourcing risk
- OCC Bulletin 2013-29: Oversight and management of third-party relations
- Consumer Financial Protection Bureau (CFPB) Bulletin 2012-03: Oversight of business relationships with service providers
- Federal Deposit Insurance Corporation FIL 44-2008: Guidance for managing vendor risk
A New Approach
Recent changes in regulatory expectations necessitate a new approach to manage third-party risks with heightened level of monitoring and oversight activities. The panel presented an enhanced approach from the traditional one. The enhanced approach focuses on the following:
- Third party stratification
- Quality of services including legal and regulatory compliance
- Qualification, competence, staffing capacity, workload, and training of third-party staff
- Management of customer complaints
- Management of “fourth party” risk
- Governance and oversight of third-party risks
- Third-party issue escalation and remediation
- Reporting to senior management up to BOD
- Monitoring and testing of transactions
- Conducting onsite visits and audits
- Mitigating customer, regulatory, and reputational risks
Heightened Regulatory Expectations
Over the years, there has been an increase in coordination among regulators. Prudential regulators are not stepping aside; they are now working in alliance with the CFPB. CFPB and prudential regulators together are scrutinizing compliance management systems and are finding deficiencies.
Compliance Management Systems
The panel discussed how all financial institutions, regardless of size and complexity, should manage the consumer compliance process through an effective compliance management system. The CFPB considers assessment of institutions’ compliance management systems to be “one of the most important responsibilities of the CFPB supervisory program.”
An institution’s compliance management system should be “integrated into its overall framework, and applied to its entire product and service lifecycle.” Four of the five consent orders entered into by the CFPB in 2012 contained requirements regarding compliance management systems designed to address the substantive violations underlying the enforcement action. Regulators generally recognize that institutions may adapt their CMS to fit their business profile and complexity.
An effective compliance system commonly has these independent control components: Board and management oversight; a compliance audit function and independence of compliance staff from the business lines; consumer complaint response, which is a CFPB focus; a formal compliance program, as formality will increase in direct proportion to size, complexity, or diversity of operations.
Vendor management is not a new issue for banks, but is new for other covered entities. The CFPB provides guidance to help servicers oversee their business relationships with vendors. Differences between past vendor management guidance and the CFPB’s standards for third-party service provider relationships are that they are more broadly applicable than prior requirements and they focus on consumer protection, rather than safety and soundness.
When it comes to vendor management, one size may not fit all. The best approach to vendor management depends on all parties involved. The panel all agreed that some form of management needs to take place to be successful and to stay compliant.
National Mortgage News’ 8th Annual Mortgage Servicing Conference was held in Dallas, TX.