MBA Releases Disaster Recovery Guide

The Mortgage Bankers Association (MBA) today released a new consumer-facing information brochure, Disaster Recovery: A Resource for Homeowners, available for use by all MBA members, counseling groups, government agencies, and any other group that offers assistance and advice to homeowners in the aftermath of a natural disaster.

Featured Sponsors:


“2017 was the worst year on record for economic losses, both insured and uninsured, arising from natural disasters, led by losses from hurricanes Harvey, Irma and Maria. With the 2018 hurricane season fast approaching, we wanted to support disaster preparedness and provide information necessary to help homeowners successfully recover from future disasters,” said David H. Stevens, CMB, President and CEO of MBA. “The guide outlines homeowner disaster preparedness and steps to recovery including who to communicate with about your mortgage, how to navigate the insurance process, and what forms of aid and disaster loans are generally available.”

Featured Sponsors:

The guide features information on how to prepare for a natural disaster before it hits, what steps to take immediately after it hits, how to begin the recovery process, and information on what recovery and rebuilding assistance is available from government agencies.

Featured Sponsors:

In a wide scale appeal for homeowner disaster preparedness education, MBA is encouraging its member companies to offer the guide to their customers ahead of this year’s hurricane season. MBA is also offering the disaster resource guide to the public with targeted outreach to state emergency management agencies and non-profit disaster relief organizations for distribution to borrowers. Organizations are invited to partner with the MBA in the distribution process through co-branding, sponsorship of translations, and reproduction of guides as they see fit.

About The Author

What Happens When Disaster Strikes?

Has your community been effected by a natural disaster? If not, it may only be a matter of time. When it happens, will your institution be ready?

This issue has always faced institutions but was made a regulatory issue for Y2K. Remember 1999 when we were all being told that computer systems all over the world were going to fail? We all worked diligently to insure that when (or more correctly, if) we had a massive computer meltdown, our institutions would all be able to operate and service our customers. January 1, 2000 came and went without so much as a burp in most computer systems and has gone down in history as one of the biggest non-events of all times. Conversely, the natural disasters of the past several weeks have recorded the highest levels of destruction in history.

Featured Sponsors:


Disaster recovery plans have been put on the shelf to collect dust, given a cursory annual review, and are not put back up until an auditor or examiner asks to see it. Does it meet the regulatory requirements? Probably. Does it protect your institution and customers in today’s environments in the best possible way? Maybe that deserves another look.

During the 9/11 crisis, one of the largest areas of financial institutional markets was shut down for days and in some cases weeks. The New York Stock Exchange, the New York Federal Reserve, and the corporate offices of the biggest banks in the world were all affected. The disruption of these businesses could have had a devastating effect on not only the United States, but on world markets as well. The disaster recovery plans utilized by these institutions worked, but it also provided a real test that uncovered weaknesses and flaws.

Featured Sponsors:

Disaster recovery is an all-encompassing concept. To be effective it needs to be broken down into subsections:

>>Business continuity

>>Incident response

>>Notification alerts

Business continuity is an institution-wide plan that incorporates all critical elements of your business. A meaningful business continuity plan (BCP) incorporates all institutional resources, employees, locations, vendors and processes and addresses how each will react to a disaster. It is important to keep in mind that a critical vendor or process may not be occurring in your part of the country but may still affect your business. The interdependency of your institution with other businesses is a risk that needs to be assessed, analyzed, and considered. The collection and correlation of data and resources is an integral part of your BCP.

Featured Sponsors:

In order to have a coherent BCP the institution first needs to conduct a business impact analysis and a risk assessment. What is the consequence on your business if your core provider in unable to function as opposed to the impact of the Internet being down. Both are important functions in today’s financial institutional environment but may impact your ability to service your customers differently. Next the institution must develop a strategy of what will happen if a disaster occurs. Is there a secondary provider? Can the institution function for a period of time without a specific service? The answers to these types of questions provides a solution strategy which will then need to be tested, accepted and disseminated throughout your institution. The last issue to be addressed is maintenance of the BCP. An annual review is mandatory, more frequent reviews are advisable, and reviews after an incident are a must. Tools are available to assist your organization in compiling this information, keeping it current, and making sure it is in a safe and accessible environment should your institution need it.

Incident response, as alluded to above, is how your institution reacts to a problem. An incident response plan allows your institution to systematically respond to problems. This type of plan ensures that all incidents are handled by appropriate personnel in a professional and consistent manner. It also provides your institution with ways to improve and prepare for future issues. We are all conscious of the potential financial or regulatory risks this type of plan may mitigate, but consider how this plan may reduce the huge impact on your institution’s reputation if misinformation is made public. Knowing who is going to speak to law enforcement, the press and customers, and what is to be said, is just as important as protecting the financial assets of your organization. The aftermath of an incident should also be addressed. What went right and what went wrong. Documenting this information in a central location is imperative.

Lastly, consider how are you going to let your personnel know what is going on. The days of having a phone tree are obsolete as our organizations grow larger and people are more spread out. Maintaining a system that knows ahead of time who should be notified for particular incident message and knowing that the message is received, is not only efficient but may be life saving. Say a fire occurs in the early morning at one of your branches. The branch manager is alerted by the fire department of the alarm. The branch manager is able to send an immediate notification to his staff. One employee, that sometimes goes in early, does not reply. The manager is then able to advise the fire department that there is a chance someone may be inside. Or conversely, all reply and the fire department does not have to risk personnel conducting a search of a burning building.

This article started off with a list of natural disasters that have been in the news recently. Also consider the un-natural disasters. Security leaks, hacking, cyber-theft to name a few. Our society has become enmeshed in the Internet, social media, and online banking. There was a danger to consider in 1999 when we started to contemplate a disaster recovery program, but the risk has escalated so dramatically since then that this is now one of our country’s biggest threats. There are reports almost daily on large databases of information being compromised, yet the use of computer-aided programs to assist us in our daily lives continues to grow. It may be an impossible task to plan for every type of disaster but keep in mind that your institution’s disaster recovery plan should not be a stagnant document.

About The Author

Disaster Recovery Made Easier

Rentsys Recovery Services has launched an initiative seeking to align with bank core providers, managed service providers, healthcare software companies and regional data center providers to enable them to offer Black Cloud Virtual Office as a business continuity solution to their customers. Here’s the significance:

Black Cloud Virtual Office integrates directly with Rentsys’ other disaster recovery products and enables financial institutions and healthcare providers to recover workstations faster after a disaster has occurred. Users can access workstations from any location or device with an Internet connection and eliminates the cost of having to buy and maintain expensive hardware, such as computers. Additionally, healthcare and financial providers are able to meet regulatory requirements regarding recovery time, retrieve key applications, such as email, in real-time and reduce the risk of losing important data during an unplanned outage or disaster.

Featured Sponsors:


“Offering our Black Cloud Virtual Office solution to the healthcare and financial industries through prominent technology providers enables bankers and healthcare providers to take advantage of technology options that are seamlessly integrated with their existing software solutions,” said Brandon Tanner, senior manager at Rentsys. “The addition of Rentsys’ Black Cloud Virtual Office solution enhances compliance and strengthens the ability to recover more efficiently in the event of a disaster.”

Founded in 1995, Rentsys Recovery Services is a provider of business continuity and compliance testing solutions for businesses ranging from healthcare, banking and energy to large enterprise organizations. The company’s solutions enable businesses to comply more effectively with regulatory requirements, improve data security and speed up the organization’s ability to recover key IT systems and data after an unplanned outage or disaster has occurred. The company offers business continuity software, professional planning services and customizable and testable solutions, which include communications systems, mobile recovery centers and cloud-based data backup.

What’s A Good LOS To Do?

The mystery surrounding what exactly happened at Ellie Mae to cause its system to go down continues to unravel. What Ellie Mae initially labeled “a distributed denial of service (DDoS) attack” is now being called an outage that was “triggered by a confluence of factors involving network, hardware, software and demand for service.” Regardless of what happened, lenders deserve better. So, I went out to another LOS to see how they would handle this situation if it happened to them.

“Ellie Mae is a strong competitor,” said Keven Smith, President and CEO at Mortgage Builder. “We compete with them in almost every deal. We feel badly for the impacted lenders, but we also want to reach out to talk about our strategy. These attacks are nothing new. We’ve had attacks in the past and we’ve prevented them from disrupting our clients’ business.”

In the wake of this disaster, Mortgage Builder decided to be proactive and inform their clients about what would happen if Mortgage Builder found itself in Ellie Mae’s shoes. Can Mortgage Builder fend off what Ellie Mae called a distributed denial of service (DDoS) attack? I obtained that letter. Here’s some of what Mortgage Builder said to explain to its clients what Mortgage Builder is doing to ensure their system doesn’t experience the same outage as Ellie Mae’s Encompass did:

“Based on this event we have had a handful of clients this week reach out to ask “can this happen to us” as a Mortgage Builder client. Although it does not entirely mitigate all the risks associated with doing Internet business, we already have in place system functionality and IT infrastructure that should put our customers at ease. We have two types of deployed LOS systems at Mortgage Builder:

>> Client Hosted – these are clients that host MB at their office locations or at a Co-Location facility of their choice. For these clients the software and data would not be affected by a DDoS attack on our MB hosting facility. One important differentiator between MB and most other LOS’s is that document preparation is embedded into the MB system and all interfaces are built directly to the vendor or provider of service and do not route through any middleware product hosted by MB. So in short, an MB DDoS occurrence would not affect a self-hosted MB customer in any way.

>> Mortgage Builder Hosted – These clients are hosted in one of our MB Co-Location facilities.  The Mortgage Builder environment provides multiple redundancies to provide constant uptime in the case of a DDoS attack. There are 5 Internet connections from multiple providers and an engineered routing policy to analyze, react, and mitigate Internet traffic in the event of a DDoS attack. When our Co-Location detects an abnormal spike or malicious network traffic directed at the target host (MB server), the mitigation routing policy is deployed and automatically routes the target’s IP address upstream to prevent saturation of the MB connection. The network returns to normal when the network event is over and the malicious packet stream has subsided. This DDoS defense is protecting our entire network (all products). With its protection your network will remain up, even during a dangerous network event.”

Let’s face it, lenders have been so focused on lowering volume and increased regulation, lenders don’t want to worry about technology. Lenders want to be on browser-based solutions in the cloud or fully Web-based systems and they don’t want to worry about it. That’s fine, but there are things that lenders have to look for in an LOS to make sure that their business is secure.

“We have clients paying per closed loan in a SaaS environment that opt to host the data themselves,” explained Smith. “We can also host the data on our servers as well. Our strategy is such that if our servers are down, the customer is still protected. Also, all of our interfaces go direct to the vendor, not through a platform like the Ellie Mae Network or another third party.”

Mortgage Builder touts that it can also transition clients from one model to another over just a weekend. “We can transition clients to a hosted model or they can transition back to a client-server environment if they feel more secure with that strategy given what happened with Ellie Mae. We can also offer disaster recovery solutions to those lenders that want to self host, but still want that security.”

In the end every vendor is vulnerable to DDoS attacks and other issues, but the better vendors do everything possible to make sure their clients are not impacted.

About The Author


Disaster Recovery Needs Continue

I always hear lenders say things like: “Electronic closings are so far off from being mainstream, why do I need that?” I would argue that you do, but the one thing nobody can argue that they need is protection against disasters. Here’s proof:  Rentsys Recovery Services, a provider of disaster recovery solutions for businesses ranging from community banks and credit unions to enterprise organizations, has significantly increased the number of customers being served in 2013. Here’s why:

Contributing to this growth was the company’s acquisition of EverGreen Data Continuity in July. Since the acquisition, Rentsys has utilized this business continuity software to create Rentsys Continuity Manager (RCM), which is designed to help businesses plan for, mitigate and manage disaster recovery situations that affect daily business operations.

In December, the company also acquired IT-Lifeline, a provider of disaster recovery and compliance testing solutions for the financial services industry, including BlackCloud, a secure, private compliance-based data vaulting and recovery solution. Additionally, Rentsys hosted its Second Annual Education Seminar on Business Continuity and Disaster Recovery in September to provide additional education on risk management and business continuity.

Other important milestones for Rentsys include:

>> Completing its Service Organization Controls 2 (SOC 2) audit, which involves Rentsys’ processes, procedures and information systems being rigorously evaluated and tested to ensure the company meets regulatory standards for data security and operations;

>> Providing more than 1,900 contracted locations with recovery services;

>> Doubling the number of workstations contracted to provide business continuity services;

>> Implementing cloud-based Automatic Call Distributor recovery solutions to expand it’s ‘work from home’ strategy enabling customers to use cloud-based call distribution tools in the event of a disaster;

>> Launching the company’s new customer On-boarding Process, designed to prepare financial institutions for a more efficient recovery following a disaster, as well as to better prepare for an audit.

Certain technologies are needed.

Another Significant Acquisition

I just heard yesterday that the Ellie Mae acquisition of MortgageCEO closed. I also heard that Rentsys Recovery Services, a provider of disaster recovery solutions for businesses ranging from community banks and credit unions to enterprise organizations, has acquired IT-Lifeline, a provider of disaster recovery and compliance testing solutions for the financial services industry. Here’s the scoop:

The acquisition came about through a prior strategic partnership between the two companies in which IT-Lifeline offered Rentsys’ business continuity services. IT-Lifeline’s BlackCloud, a compliance-focused vaulting, testing and recovery solution, will be incorporated into Rentsys’ disaster recovery offerings. Rentsys also retained IT-Lifeline’s support team, who brings a wealth of knowledge regarding regulatory requirements as well as cloud technology. Rentsys acquired IT-Lifeline in December.

Last year, Rentsys also acquired Evergreen, a software solution designed to help businesses plan for, mitigate and manage disaster recovery situations that affect daily business operations. It was renamed Rentsys Continuity Manager (RCM) and added to the Rentsys offering.

“This acquisition expands our product offering and enhances our ability to meet the evolving business continuity and compliance needs of our customers,” said Walt Thomasson, managing director of Rentsys Recovery Services. “IT-Lifeline’s BlackCloud along with the recent addition of RCM enhances our ability to deliver business continuity solutions that ensure our clients will have access to their critical business functions if a disaster or outage does occur.”

About The Author


Are You Ready For A Natural Disaster?

College Station, Texas-based Rentsys Recovery Services, a provider of integrated disaster recovery solutions for businesses ranging from community banks and credit unions to enterprise organizations, has introduced Rentsys Continuity Manager (RCM), a software solution designed to help businesses plan for, mitigate and manage disaster recovery situations that affect daily business operations.

RCM includes all of the key features from the EverGreen software suite, which Rentsys obtained through its acquisition of EverGreen Data Continuity in July. The combined product offers a best-of-breed business continuity planning solution designed to intelligently develop and track a disaster recovery program. The solution incorporates user-provided data into an automatically generated business continuity plan, enabling risk managers to measure statistical probability of downtime and loss, improve interdepartmental communication, meet federal regulations and manage incidents in real time.

RCM minimizes the need for manual data entry by allowing users to load data from their production database systems to the web-based RCM interface. Using the provided data, the program generates intelligent risk analysis reports, mitigation strategies and recommendations for disaster preparedness, recovery planning and testing.

“RCM automates much of the business continuity planning process, making it easier and faster for organizations to plan for and recover from a disaster that threatens their business operations,” said Walt Thomasson, managing director of Rentsys Recovery Services.