Near the beginning of the American classic movie “It’s a Wonderful Life” Jimmy Stewart and Donna Reed are dancing on a gym floor that, unbeknownst to them, opens up to a swimming pool. Unaware that the periphery of the floor was slowly receding beneath them, they keep dancing, heading closer and closer to a steep drop into the water, all the while ignoring the shouts of others telling them to stop, that there was danger ahead. As would be expected, they fall off the edge and into the unknown waters beneath.
Ten years ago the mortgage industry, dancing with Wall Street, was in the same position as Jimmy and Donna. Just like these two we kept dancing, despite the warnings being given, until we fell off the edge into the worst financial devastation seen in recent times. This Great Recession resulted in thousands of people losing their homes, hundreds of companies going bankrupt and the reputation of mortgage lenders destroyed. The repercussions were swift and severe. The Dodd Frank Act was passed and the Consumer Financial Protection Bureau (“CFPB”) was created. The regulations and examinations emanating from this body has placed previously unregulated independent lenders under their control, restricted credit, created new disclosure standards and documents that have cost millions for both production and servicing operations and generated fear of examinations, along with penalties, that have reached millions of dollars. Most surviving lenders, especially the larger banks, have been inundated with lawsuits from numerous private investors who trusted Wall Street and lenders representations about the loans contained in numerous RMBS deals. These lawsuits have cost the industry billions.
Of course we have heard over and over again the underlying reasons for this debacle. It was the administration’s efforts to meet homeownership expectations that produced the bubble. Or was it in fact, the creation of new “easy qualifying” products, lower interest rates, the run up in housing prices, the expansion of subprime or the excessive appetite of investors, including Fannie Mae and Freddie Mac, to earn large returns on investments that were rated triple “A”? We now recognize that it was all of these in some combination that fueled the fire. However, in conversations with numerous executives, underwriters and loan officers it actually came down to one simple thing: greed. Once the profits starting rolling in and practices like stated income and pay options became part of lending, the only thing that mattered was making sure “nobody else did a deal I could have done.”
Now that we have “paid the price” for the excesses of the 2000’s, but have we learned our lesson? Right now the economy is once again growing, interest rates continue to be low, and housing prices are rising. So, are we setting ourselves up for another jump off the cliff. There are many on all sides of the issue that say the new regulations and the changes made by Fannie Mae, Freddie Mac and FHA are sufficient to prevent another crisis. Yet others believe that the CFPB must continue its diligent control over the industry to prevent another disaster.
To really understand the probability of a similar situation occurring we have to look at what we as an industry have done to prevent such a reoccurrence. We cannot continue to justify similar actions because of the interest rates, or investors, or any of the other myriad of drivers that came together to create the loan origination bubble that burst in 2007. We must recognize that at the very center of the problem, it was our lack of control over the people, processes and technology involved in loan production and servicing that were at the very heart of the collapse. So, where did we fail? A root cause analysis of the operational risk issues underpinning this failure can tell us what controls were lacking and help the industry understand what has to be done to prevent it from happening again.
Root Cause Analysis
A “root cause” analysis is part of a quality management program. Its focus is on identifying the issues that are embedded into any process where the results are unsatisfactory. This type of analysis is also known as a fishbone diagram since it is used as the most common way of delving deeper and deeper into a broken process. Beginning with the obvious problem, sub-processes that contribute to the end result are identified and connected to the problem. Once completed, each sub-process is examined to see which one(s) is not working correctly. From there the analyst can make recommendations as what needs to be “fixed” if the outcomes of the process are to produce as expected. Performing this analysis tells us a great deal about where our operations failed.
If we work from the expectation that mortgage loans are produced with the expectation that they will perform and consumers will get the information they need to understand their repayment responsibilities, the following list of issues must be classified as critical failures that led to the collapse.
1.) Believing that technology was the critical control point in approving loans.
Although the industry has had technological support in completing its tasks since the early 80s, it was the introduction of automated knowledge based work (i.e. underwriting) that destroyed one of the most critical parts of the process. Despite automating steps in the process that relate to documenting the collection of information, that retrieves information and generates documents, it is still human analysis and understanding that generate the most effective decisions. When first introduced, automated underwriting systems were heralded as the answer to easing the chokepoint of underwriting, but only for “plain vanilla” applications. This however soon changed as more and more programs were introduced and the use of and payment for these programs became more competitive. At the same time the process failed to address the issues associated with the data that was input into the system and the probability that if incorrect or inaccurate data was input, the results would be bad as well.
During the booming days of the mid 2000s, these programs were used and abused by every lender. It is important to remember that these programs were not neural networks that “learned” from each loan underwritten, but were merely rules based engines. In other words, garbage in resulted in garbage out.
In reviewing numerous files generated by investor lawsuits it is all too common to find income input that was miscalculated, copied incorrectly or just plain fraudulent. This was also true of assets and other areas focused on underwriting. Often there were numerous AUS reports in the files that were obviously rerun with different information until such time as an approval was generated. This result was then used to approve the loan.
Another issue with this technology was the failure to complete the information about the application required by these AUS approvals. All too frequently the output of the system would require additional information or provide direction on requirements to be met prior to closing. These were rarely found in the file. Furthermore, when these programs referred these loans to underwriters, rather than analyze the issues they were just approved; most with no compensating factors identified. Whether you believe this was due to pressure from loan officers and production managers or just plain bad underwriting, the end result was that far too many loans were approved that should not have been.
An unintended consequence of this technology was the reduction in human underwriters who have been trained in the effective ways to analyze credit risk. Because of the volume and pressure, most of the individuals generating underwriting approvals were mere point and click junior processors. They didn’t understand the impact of bad data or the potential impact of inaccurate results. Unfortunately, the data from these poorly underwritten loans was used to generate data that was used in the secondary market for selling the loans. When this sales staff generated information showing DTIs averaging 40%, they believed that the number was accurate. They didn’t know, and never asked, if these number were correct when in fact many times, and in some cases, as many as 65% or more, were not.
2.) Failing to control counterparty and third party risk
There are no systems, or very few anyway, that are closed end systems. In other words, every system needs inputs and produces outputs that can be used in another, or greater system. This is true for mortgage origination and servicing. However, when we take the outputs of one system and introduce it into another, we open that system to risks that may not naturally be present. When we provide our outputs to others to help us address risks, we open ourselves up to their risks as well. The only way these risks can be managed is through a solid operational risk management program. The traditional approach to control these risks is through a vigorous selection and monitoring system. Unfortunately, the processes necessary for controlling these risks were inadequate or not present at all and these control points failed.
In conducting our root cause analysis of this process it becomes very obvious why. The original controls established made sense and were focused on doing business with only those companies that met the strictest criteria. In addition, the system was designed to evaluate the output they delivered to ensure only products meeting each company’s standards were accepted. This should have resulted in effectively managing the risk.
Unfortunately, these controls, while existing on paper, were not followed or enforced by senior executives. Many times loans from brokers or other lenders were found to contain false information yet these lenders and/or brokers were not eliminated from the program. All too often the refrain of “but they couldn’t be committing fraud, they are one of our best clients/producers” echoed through executive conference rooms. These cries were not based on the quality of the products themselves but on the amount of revenue they generated for these loan officers or account execs as well as for the company. If at any time an underwriter or quality analyst questioned the decision for maintaining a relationship with any questionable supplier, they were repeatedly told that they were not being a “team player” and it was for the betterment of the company that the relationship would continue.
The fact that these risks were not seen as real “risks” was evident in the testimony provided to Congress in the hearings that followed the collapse. The phrase “originate and sell” became synonymous with the failure of the loan origination process, which ignored the third party risks and the controls which were to be in place.
3.) Total Failure of Quality Control
Without a doubt, this was the most significant and devastating failure of the entire crisis. This failure, more than any other, drove the acceptance of loans that were clearly fraudulent and/or inconsistent with the risks defined by credit policy. When as many as 90% of the loans in any RMBS fail to meet the guidelines they are represented to meet, the production process is clearly out of control. Yet none of the quality control processes that were supposed to be in place, such as the review of files prior to purchase by correspondent lenders, the standard post-closing program and/or the due diligence process were effective in preventing or controlling the massive amounts of exceptionally poor quality loans from being sold and included in RMBS deals.
The responsibility for this failure rests completely and solidly on the shoulders of Fannie Mae, Freddie Mac and FHA. These entities have been responsible for dictating to lenders how the post-close QC process was to be conducted since its inception by Fannie Mae in 1985. Even though it was founded on antiquated “auditing” techniques that provided no operational assessments, any effort on the part of companies and/or individuals to change these requirements were met with a stone wall of resistance.
The potential failure of the program was clearly evident beginning with the fact that the methodology was based on what these agencies wanted to review rather than allowing lenders to focus the program on their own risks. Furthermore, the sampling programs “approved” by these agencies were so flawed that it was impossible to conduct any type of reliable analysis. In addition, the process of “rebuttal” of the findings resulted not in better results as expected, but actually resulted in hiding critical issues. Adding insult to injury, the results were not even presented to management until 90 days after the origination process had occurred and the findings themselves were nothing but a data dump that provided no direction to management what so ever. In fact, management itself would redesign the results and reports so that any potential investor could easily be misled into thinking the origination process was working fine. In other words, these programs left lenders operating blind to the risks within the organization and the process.
Additionally, the individuals actually conducting the reviews and running the programs had no educational background in how a proper QC program was to be conducted. Companies, including Wall Street firms, blindly followed these agency requirements, knowing full well that the results were failing to produce any type of information that would identify negligence and improper origination processes. Since they could originate and sell why worry, the issues were someone else’s problems, until they weren’t.
Yet there was one last place to stop these corrupt loans from being included in securities; the due diligence review. Unfortunately, this process was, if possible, worse than QC. Here the sellers of the loans basically dictated to the companies conducting the reviews what they should be looking for and what issues were not of concern. These standards were followed despite the fact that reviewers could find massive amounts of fraud and consistently poor underwriting in the files. After all, if they found these issues, the seller would never again request their services for a due diligence review. Interestingly enough, in trying to demonstrate a much stronger analytic focus on loan quality to one Wall Street firm, they rejected the idea since they had (according to the analytic staff) a much better program. That company was Lehman Brothers. Guess it just wasn’t so!
What has been done?
Based on the results of this analysis a review of changes that have been made and/or imposed on mortgage lenders must be conducted to see if, in fact, the underlying causes of the crisis have been adequately addressed. The review of today’s practices and policies identified some.
1.) The implementation of strong operational controls and executive management accountability for operational excellence.
While the CFPB has incorporated the requirement for an effective management process as part of its expectations, most companies have spent little time or focus on what this actually means. This situation could be the result of the need to address the numerous other regulations from the CFPB or it could be that executives actually believe they are already meeting this standard. Based on management statements and actions exhibited today it is readily apparent that the latter is more likely the case. However, it is also evident that many of these older “originate and sell” leaders area now exiting the industry and there is hope that the new leaders will be focused on operational excellence.
Probability the issue will create another crisis soon: high
2.) Use of technology
While the use of AUS systems will undoubtedly continue, it is apparent that the remaining systems are being reviewed and updated. Changes in the way credit is evaluated was recently announced and is expected to be implemented in September. This however does not change the risk emanating from the lack of knowledgeable, experienced underwriters creates. There is still a critical need for people with credit analytic knowledge and experience.
In other operational areas, systems such as LoanLogics HD, are being heralded as having the ability to filter loans from correspondent lenders so that emphasis can be placed on reviews of poor quality execution. In addition, lenders are being to recognize that external vendor products may in fact alleviate some of the more specialized areas of risk such as regulatory. Having these programs run standard comparative reviews and isolating the problem loans also allows for specialization in the review process.
Probability the issue will create another crisis soon: low
3.) Control of third party risk
Although loans continue to be sourced through third parties, the processes for approving, monitoring and terminating unacceptable partners has improved significantly. Lenders are using technology to support these efforts and are less welcoming to those that show any activities toward processes and/or programs that reflect the previous proclivities found in unacceptable loans.
This of course does not mean that the risk is gone, only that it has been minimized by stronger operational controls and technology. The industry must stay vigilant that their third party relationships are carefully monitored and alert for any signs of deterioration in loan quality. Consistent with that is the increasing focus of these management groups to develop stronger reporting tools and standards by which they can measure and compare their lender/broker base.
Probability the issue will create another crisis soon: medium
4.) Effective Quality Control and Due Diligence programs
Despite the fact that the agencies have made several changes and added words reflecting modern QC techniques, today’s dictated quality control programs continue to result in an abysmal failure. In reality, they have done nothing that fixes the problems with the previous program. What they have done instead is create a stronger base on which to reject loans that they don’t like without providing direction to lenders on how to utilize these new requirements. Basically what they have done is similar to a piano teacher showing a student some basic key strokes and scales and then placing Beethoven’s 9th Symphony in front of them and saying “now play and if you get it wrong you will be punished”.
While the basic flaws in the program are many there are some that stand out like a sore thumb. For example, they have embedded the terms “Quality Manufacturing” into the program along with the use of the term “defects”. From here they identified what they believe to be defects that lenders must identify in their reviews. Next they must calculate these “defects” to arrive at an “error” rate. Anyone who has any knowledge of actual quality management principles knows that this is wrong.
A.) Defects are process failures that impact the actual performance of the product. When questioned about how they determined the defects were identified as impacting loan performance they responded that “someone must have done it.” Once again lenders are faced with focusing on the issues Fannie, Freddie and FHA are worried about, not their own concerns.
B.) Calculating error rates is another flaw. Quality management and Six Sigma calculate error rates as the percentage resulting from dividing the number of errors by the number of opportunities for error. For example, if there is one possible defect per loan and 100 loans of which 10 have that error, then your error rate is 10% or 10 divided by 100. The complex identification of defects and the equally complex classification system that each lender has to develop leave the results open to manipulations and errors.
C.) The reporting requirements are focused on providing trends to management. However, the flawed sampling parameters, the lack of understanding of statistical control methods, ranges of variation and random errors means that any trending reports are so inaccurate they are meaningless.
D.) The pre-funding review process is a joke. Since they do not understand QM at all, the agencies do not comprehend the uselessness of these inspections. Management on the other hand, and rightly so, see these as another expense with no value added. Rather than try and “catch” mistakes on individual loans, the effort would be much better spent on analyzing the process.
E.) Conducting a “root cause analysis” on each error. This leads to nothing but wasted effort due to the totally flawed sample and review requirements. For example, one lender recently found 11 files with the same underwriting issue but rather than attacking this as a process problem, they conducted a root cause analysis of every one of the findings. Of course, none of the results were the same. At the end of the day these changes have really done nothing but add cost and wasted effort.
Probability the issue will create another crisis soon: extremely high
So what have we learned from this analysis; will there by another crisis in the not so distant future. The answer to that is “probably.” After all, the obvious and overstated issues of the 2007 crisis either still exist and others, such as “no doc” loans, and “stated income” are beginning to re-emerge. Private investors are once again peeking out of the rabbit hole they ran down in 2009 and 2010.
Unfortunately, while there are new requirements in place, many of the truly needed operational controls are still in the hands of senior executives. To prevent even the threat of another crisis these individuals must take on the accountability for something other than profitability within their organization. This means leading initiatives that develop industry wide operational control standards and benchmarks for regulator and investor expectations. As a result, the industry would have comparative analytics to determine conformance to requirements and quality excellence.
They must also individually develop quality control programs based on their own risks and controls to ensure they are getting reports that provide meaningful and useful direction on producing quality products. We must break from the chokeholds that are agency requirements and individually determine what is best for each of us.
Lenders and investors alike must recognize the operational risks in every process that increase the likelihood of financial impact and establish a means to account for it financially. Whether it is a higher price for product excellence, a cost benefit for improvements or an ROI measurement, until this is built in these risks will just be seen as a “cost of doing business” and will continue to increase every year.
Overall our analysis shows that the probability is much higher than it should or could be if executives focused on the operational risks within their organizations. Whether the industry leadership along with each individual executive, take these issues to heart and institute strong operational controls is still an open question. Hopefully it will be answered in our favor.