Posts

What Happens When Disaster Strikes?

Has your community been effected by a natural disaster? If not, it may only be a matter of time. When it happens, will your institution be ready?

This issue has always faced institutions but was made a regulatory issue for Y2K. Remember 1999 when we were all being told that computer systems all over the world were going to fail? We all worked diligently to insure that when (or more correctly, if) we had a massive computer meltdown, our institutions would all be able to operate and service our customers. January 1, 2000 came and went without so much as a burp in most computer systems and has gone down in history as one of the biggest non-events of all times. Conversely, the natural disasters of the past several weeks have recorded the highest levels of destruction in history.

Featured Sponsors:

 

Disaster recovery plans have been put on the shelf to collect dust, given a cursory annual review, and are not put back up until an auditor or examiner asks to see it. Does it meet the regulatory requirements? Probably. Does it protect your institution and customers in today’s environments in the best possible way? Maybe that deserves another look.

During the 9/11 crisis, one of the largest areas of financial institutional markets was shut down for days and in some cases weeks. The New York Stock Exchange, the New York Federal Reserve, and the corporate offices of the biggest banks in the world were all affected. The disruption of these businesses could have had a devastating effect on not only the United States, but on world markets as well. The disaster recovery plans utilized by these institutions worked, but it also provided a real test that uncovered weaknesses and flaws.

Featured Sponsors:

Disaster recovery is an all-encompassing concept. To be effective it needs to be broken down into subsections:

>>Business continuity

>>Incident response

>>Notification alerts

Business continuity is an institution-wide plan that incorporates all critical elements of your business. A meaningful business continuity plan (BCP) incorporates all institutional resources, employees, locations, vendors and processes and addresses how each will react to a disaster. It is important to keep in mind that a critical vendor or process may not be occurring in your part of the country but may still affect your business. The interdependency of your institution with other businesses is a risk that needs to be assessed, analyzed, and considered. The collection and correlation of data and resources is an integral part of your BCP.

Featured Sponsors:

In order to have a coherent BCP the institution first needs to conduct a business impact analysis and a risk assessment. What is the consequence on your business if your core provider in unable to function as opposed to the impact of the Internet being down. Both are important functions in today’s financial institutional environment but may impact your ability to service your customers differently. Next the institution must develop a strategy of what will happen if a disaster occurs. Is there a secondary provider? Can the institution function for a period of time without a specific service? The answers to these types of questions provides a solution strategy which will then need to be tested, accepted and disseminated throughout your institution. The last issue to be addressed is maintenance of the BCP. An annual review is mandatory, more frequent reviews are advisable, and reviews after an incident are a must. Tools are available to assist your organization in compiling this information, keeping it current, and making sure it is in a safe and accessible environment should your institution need it.

Incident response, as alluded to above, is how your institution reacts to a problem. An incident response plan allows your institution to systematically respond to problems. This type of plan ensures that all incidents are handled by appropriate personnel in a professional and consistent manner. It also provides your institution with ways to improve and prepare for future issues. We are all conscious of the potential financial or regulatory risks this type of plan may mitigate, but consider how this plan may reduce the huge impact on your institution’s reputation if misinformation is made public. Knowing who is going to speak to law enforcement, the press and customers, and what is to be said, is just as important as protecting the financial assets of your organization. The aftermath of an incident should also be addressed. What went right and what went wrong. Documenting this information in a central location is imperative.

Lastly, consider how are you going to let your personnel know what is going on. The days of having a phone tree are obsolete as our organizations grow larger and people are more spread out. Maintaining a system that knows ahead of time who should be notified for particular incident message and knowing that the message is received, is not only efficient but may be life saving. Say a fire occurs in the early morning at one of your branches. The branch manager is alerted by the fire department of the alarm. The branch manager is able to send an immediate notification to his staff. One employee, that sometimes goes in early, does not reply. The manager is then able to advise the fire department that there is a chance someone may be inside. Or conversely, all reply and the fire department does not have to risk personnel conducting a search of a burning building.

This article started off with a list of natural disasters that have been in the news recently. Also consider the un-natural disasters. Security leaks, hacking, cyber-theft to name a few. Our society has become enmeshed in the Internet, social media, and online banking. There was a danger to consider in 1999 when we started to contemplate a disaster recovery program, but the risk has escalated so dramatically since then that this is now one of our country’s biggest threats. There are reports almost daily on large databases of information being compromised, yet the use of computer-aided programs to assist us in our daily lives continues to grow. It may be an impossible task to plan for every type of disaster but keep in mind that your institution’s disaster recovery plan should not be a stagnant document.

About The Author

Buy Vs. Build

I frequently speak with risk officers from financial institutions across the country about their operational risk management approaches and potential solutions to minimize risk within their organization. In the past, many of these individuals would manage third party due diligence, business continuity planning, alert notifications and incident reporting through a host of spreadsheets and reports via their own custom solution.

Featured Sponsors:

 

 
As the influx of rules and regulations has increased and the fervor at which auditors are scrutinizing potential risk within the institution, the complexity of managing these processes internally has become daunting. This has forced many risk officers to consider weather to buy or to continue to build on their own operational risk solution.

Risk officers need to consider a host of items before making a long-term decision about building or buying. These include: Do you have the resources, technology background, and expertise needed? What is the time to market when you build vs. buy? Have you evaluated the on-going cost to maintain the solution? How will you keep up with industry trends and innovation? Are best practices incorporated into the solution from a diverse group of experts? Is there greater risk if you build it yourself?

Featured Sponsors:

 
These, and a number of additional considerations, should be reviewed before moving forward. In an article entitled “The Buy Vs. Build Decision: Choose Wrong And Put Your Job At Risk,” Dan Simerlink, a Business Value Consultant for Teradata, discusses additional points to consider.

“When evaluating software solutions, businesses need to determine if they should build or customize their own software, or buy from a vendor. Making the correct choice will deliver a strong ROI, enable competitive advantage and earn accolades for the decision maker. However, the wrong selection can be costly for the business—and for the career of the person spearheading the project.

Buy versus build decisions used to be straightforward, partly due to limited options. Organizations would assess their needs and the IT staff’s workload and make a decision based on a total cost of ownership (TCO) analysis. These days businesses need more accurate methods to keep pace with a labyrinth of ever-expanding choices.

Featured Sponsors:

 
Project Risks And Career Perils

When organizations build or customize a solution, they should expect a 10% to 15% error rate, according to an article on ComputerWeekly.com. The article also notes that in the U.S. alone, an estimated $75 billion a year is spent on rework and failed or abandoned systems. For example, poorly tested software caused transaction process problems for millions of online customer accounts and resulted in widespread email phishing attacks that cost one large multinational bank more than £50 million.

On the other hand, purchasing a solution reduces the likelihood of time and cost overruns and the possibility that the project will fail because:

>>Conversations between vendors and their customers identify the pros and cons of the solution

>>Many of the errors and bugs have already been worked out

>>Vendor specialization in deployments eliminates a long learning curve

Although the cost of failure is usually not considered in the buy versus build analysis, thousands of hours can be sacrificed on a project that will never launch. Even if the project does see the light of day, time and cost overruns can impact people’s careers.

In terms of career stability, the riskiest decision is for the company to build its own software. This exposes the decision maker to much more scrutiny than a “buy” scenario. When a company buys software, the vendor shoulders part of the risk and assigns additional resources if the implementation timeline slips (assuming a reputable vendor with a track record of success is chosen).

Narrow the Choices

The abundance of customizable software solutions now available has erased the hard dividing line between buy and build decisions. As technology matures and business models evolve, default modes for a funding model for buy versus build decision making need to be re-evaluated.

Increased competition, shorter time-to-value cycles, and the rapid pace of innovation are forcing organizations to look at the speed and agility of their software deployments. In fact, these factors can be parlayed into a competitive advantage, which means the project must be carefully planned so that advantage is not devoured or sacrificed to failure.

The decision-making process should entail estimating the TCO for the software. A good starting point is to create a list of criteria for each potential option that weighs factors such as time to value, solution functionality, the technical expertise required, and funding. The value proposition for the buy, build or customize options can help narrow the choices.

Considering the time to value, which is erroneously omitted from many financial business cases, helps make a more informed project decision. Including all costs, along with ROI and time-to-value evaluations, enables decision makers to reach the most informed conclusion.

Critical Decisions 

The proliferation of software vendors and solutions has greatly complicated the selection process. To make the best choices, organizations need to quantify options and approaches to determine the total costs and benefits. The right choice will deliver substantial value to the business and could launch a career. At the other end of the spectrum, the wrong choice can cost a lot of time and money—and put your job at risk.”

In a blog published by Rex Chekal of TableXI, he looked at the buy vs. build decision from this perspective. “Our software build vs. buy checklist: When we’re looking to make a buy or build software decision, we don’t rely on a complex matrix or framework. Instead, we ask four straightforward questions:

>>What are the must-have features for this software? Then we determine if an existing product can deliver enough of those features to get the job done. If yes, we move on.

>>What’s the timetable? The feature set will determine what’s going to be faster–off-the-shelf or custom. A super-tight timetable may make the decision for us.

>>What’s the build vs. buy cost analysis? Once we know the features we need and the time we have to build them, we can start scoping out what it will cost to buy vs. build.

>>What’s the ROI potential? This is the biggest question we need to answer: Will this product make enough money to justify its costs? Sometimes this answer will push us toward custom or off-the-shelf. Sometimes it will force us to return to step one and rethink our features until we have something we know will turn a profit.”

As you can see, there are many factors that need to be considered before making the decision to buy vs. build. One thing is clear though: the old way of throwing together a few spreadsheets for due diligence, business continuity planning, alert notifications and incident reporting and thinking it will meet auditors expectations for operational risk management is no longer true. The time to make the right decision about buying vs. building is now, before the auditors come knocking.

About The Author

Is Cybersecurity Part of Your Risk Management Plan?

In working with financial institutions across the country on their operational risk management programs one area that regulators and auditors have recently had a keen focus on is Cybersecurity. More and more states and regulators are going to enact similar rules to the one listed below by the New York Department of Financial Services.

Featured Sponsors:

 

 
“The New York Department of Financial Services yesterday issued final regulations that will require its state-chartered banks and affiliates to establish and maintain a cybersecurity program as part of an ongoing effort to protect consumers and the state’s financial system from cybercrime. The rules take effect March 1, and with limited exceptions, banks will have 180 days to comply.”

Featured Sponsors:

 
“The regulations — the first of this kind to be issued by a state regulator — require banks and other financial services providers to maintain a cybersecurity program based on the institution’s level of risk; maintain written cybersecurity policies and procedures; designate a chief information security officer; and maintain an audit trail for cybersecurity events. The rules also impose additional requirements related to annual certification, risk assessments, reporting, recordkeeping, and periodic reviews of access privileges, among other things.”

Featured Sponsors:

 
“The final rules were revised from an earlier NYDFS proposal, which received significant pushback from bankers and other industry stakeholders, including ABA. While the final rules take a risk-based approach, ABA remains concerned that they will add significant regulatory burden to banks of all sizes, and that the short compliance window does not give banks enough time to put the necessary systems and processes in place. In addition, the rules could come in conflict with existing federal regulations, and may not provide enough flexibility to address the constantly evolving nature of cyber threats, the association noted.” This article appeared in the ABA Daily Newsbytes.

This is another reminder of the importance of have a comprehensive operational risk management program in place before the auditors come knocking.

Specialized Data System’s RemoteComply is an all-in-one web based suite containing solutions for business continuity planning, vendor management, incident response, and alert notification. The suite creates one centralized area to easily update and maintain all operational risk management criteria to satisfy the regulators and effectively prepare IT and compliance personnel for an inevitable disruption.

As a leading software provider in the financial industry for over 25 years, Specialized Data Systems is known for developing quality solutions to better the industry. They have developed RemoteComply with the intentions of creating a system that will centralize all risk management in one log-in to easily maintain and present to regulators. The suite will drastically improve the process of operational risk management by saving countless man-hours, ensuring compliance, and alleviating the frustrations typically associated with operational risk management.

About The Author

Gaps In Risk Management

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

Featured Sponsors:

 
It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Gaps In Risk Management

website-pdf-download

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

Featured Sponsors:

 
The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Communication Is Key

When considering operational risk management and preparing for disaster recovery a proper communication median is commonly overlooked. It is something so simplistic yet too often do we resort to outdated call trees. Relying on one person to call another and having that person call the next not only complicates the process but also leaves unlimited room for human error. An alert notification system will easily replace these old-fashioned methods. Implementing this type of system will help your business build an overall stronger risk management program by allowing key personnel to be notified in minutes. In doing so, management will be able to focus on critical decision making while eliminating human error, misinformation, rumors, and/or heightened emotions from causing additional difficulties during an event.

Featured Sponsors:

 

 
It is important to look for an alert notification system that allows all types of communication including email, text message, and voice message. With all of today’s distractions, your alert notification system should allow you to cut through the noise and simply deliver the message. Always make sure to have back up contact information such as a second email address or second phone number to ensure that everyone is receiving the message at the same time. It is vital that your system allows you to easily create customized messages to be tailored to different target audiences based on roles within the organization and easily update your database with newly added and recently lost employee contact records.

Featured Sponsors:

 
In addition, your alert notification system should support two-way communication to account for read receipts and acknowledgements. Tracking the delivery of messages is just as important as sending them. The objective of alert notification is to get the correct message to the correct people. With two-way communication, not only is the system able to track when the message is opened, but it will also track when the recipient made physical interaction by responding to the message. All report logs should display time stamps and contact records for proper disaster recovery eradication. Tracking this information and organizing current communications will strengthen the process and allow your organization to recover faster.

Featured Sponsors:

 
For an all-encompassing operational risk management program, it is crucial for your alert notification system to integrate with your existing operational risk management systems. Company information such as employee contact information, associations to departments, locations, and even contact lists should only need to be updated in one system and automatically carry over to your other risk solutions. Whether you utilize the alert notification tool for operations closings, disaster notifications, or even to say “Happy Holidays,” a two-way communication tool will round out your recovery process and create an overall sufficient operational risk management solution.

About The Author

What To Look For In An LOS

website-pdf-download

It wasn’t that long ago when consumers were in the market for a new car, exciting options such as high quality audio systems, alloy wheel rims, sunroofs, leather seats were not standard features. Consumers were forced to purchase these special options aftermarket from a third party.

Featured Sponsors:

 

 
Consumers purchasing a new car today expect their vehicles to include digital entertainment systems that include everything from your basic AM/FM plus Sirius XM satellite radio service with Bluetooth/Wi-Fi integration with their smartphones, GPS, cruise control, leather seats, alloy wheels, moon roof, etc. What we find more interesting is the car manufacturers don’t produce most of these exciting options, but rather integrate these components so they are “built-in” to their total vehicle “package.” The key is they provide tight integration and support.

Featured Sponsors:

 
To a certain extent, the loan origination software space has evolved in the same way. Looking back the past ten to 15 years, if a lender was using a LOS platform that only supported mortgages, lenders would acquire a second lending platform for HELOC’s, Consumer Loans or Commercial Loans. Often Lenders would subscribe to a separate Point-of-Sale platform for their loan officers or branches. HMDA reporting tools would be licensed to generate the .dat file or a Doc Prep solution was licensed to print documents like closing documents or disclosures.

Featured Sponsors:

 
Lenders are looking for their LOS to handle more functionality than your “Father’s” LOS. Today, we recognize that electronic signatures, MISMO standards and other exciting functionality is high on lenders’ wish lists. But sometimes we need to go back to the basics.

Lenders, like consumers purchasing new cars, are looking for basic innovative technology that is included in the “package,” which will help streamline their operations, keep them compliant and ease the vendor management process by doing business with ONE vendor.

Vendors are constantly developing new functionality and/or successfully integrating their lending platforms to deliver “expected” functionality. Those vendors that deliver a fully integrated, data-driven loan origination system (LOS) will be the winners in the LOS space.

So you might ask, what is “expected” functionality that Lenders expect in the “basic” package? Read on to learn what Lenders are expecting …

The LOS Platform Should Supports ALL Loan Types

Due to the forthcoming regulatory changes, the advantages of a multi-functional LOS platform that supports more than one loan type greatly outweighs the idea of having multiple LOS system. This makes it easier to extract loan level data for reporting purposes ESPECIALLY with the new HMDA reporting requirements expected in just over 12 months. This approach will ultimately gain efficiencies and offer a better experience for Lenders.

Those Lenders that implement a LOS that can originate, process, underwrite, close and fund Mortgages, Equity Loans, HELOC, Construction Loans and Consumer loans are provided a competitive advantage, convenience and cost savings since they only have to manage a single system for all loan products.

Built-in Doc Prep and Reporting

The fact of the matter is … LOS platforms are supposed to generate documents. Whether those documents are hard copy or generated electronically, Lenders still has to generate critical lending documents. Lenders can expect cost savings are increased productivity when the LOS can generate all loan documents (including Loan Estimate and Closing Disclosures) directly from the LOS platform versus using a Third party “doc prep” service. Advantages include:

>> Security – Lender does not expose Borrower data outside their lending platform just to print documents.

>> Quicker document generation – documents are printed “on-demand” and no import or export process is required. Plus, it’s another link in the chain that can break if the Doc Prep provider is down.

>> Reporting – The reporting system should be internal with the LOS and users should be able to select any field in the database. Automated report scheduling should be supported and reports should be able to run dynamically. Besides generating hard copy reports, the reporting system should allow users to save reports in various formats including .pdf, .csv, excel, SQL, HTML and other popular formats. A data dictionary must be provided for quality report development and creating reports with graphical representation should be supported.

Since many legacy systems supported Crystal Reports templates, the ideal reporting system should be able to convert existing Crystal Report templates to your internal report writer environment.

>> Configuration control – flexibility of mapping fields.

Integrated Compliance Automation

This feature allows Lenders to validate or test compliance within your LOS platform such as QM/ATR, HOEPA, HPML (High Price Mortgage Loan), HMDA, Net Tangible Benefits. The LOS should also test for RESPA violations automatically and provide Forms compliance support without having to transfer data to a third-party compliance system. This results in…

>> Testing the compliance in your LOS, Lenders find there is a direct correlation in the reduction of regulatory errors.

>> Consistent Pass/Fail criteria will isolate specific violations that need to be addressed.

>> Live, real time results can be used for validating compliance.

>> Improved data transparency, which results in a smoother regulatory exam process. In other words, borrower data utilized during the regulatory testing process can easily be identified.

Smart Logic Equals Lender Definable Workflow

If you get 10 lenders in a room, I guarantee you will find 10 different ways to originate, process, underwrite and/or close loans. When the LOS allows lenders to dictate the “flow” (or logic) of data entry screens, required fields and which forms are generated by loan type/plan, lenders obtain a powerful LOS tool that will increase productivity and eliminate end-user errors.

The LOS should support smart logic design and a lender definable workflow. his capability allows lenders to identify specific loan requirements and characteristics to ensure all required data elements and proper documentation (i.e. disclosures) are provided to the borrower. This capability will increase productivity and definitely reduce errors.

Processing or underwriting screens should be grouped together using smart logic or “staging.” Required fields should be dictated by regulatory requirements and/or the lender. If required fields are missing, a visual indicator should be turned immediately on so end-users are alerted immediately that required information is missing.

Other examples of Smart Logic include:

When originating a 5-1 ARM, the LOS identifies the product and only prints the 5-1 ARM disclosure that is specific for that product.

Another area impacted by this logic is the generation of Closing Documents. Similar to the 5-1 ARM example, the system can identify key characteristics and state system requirements so that ALL documents are accurately provided.

Integration and New Account Opening

You would think the days of manually re-keying data to order basic services like credit, title, flood, appraisals, insurance, DU or LP are over. NOT. Many lenders still have manual processes when it comes to ordering 3rd party services.

Today, LOS platforms can deliver two-way, real time integration with service providers at time of application. Look for those vendors that follow MISMO standards.

This also leads to New Account Opening. The LOS should capture enough applicant information to open a new deposit account or at least cross sell other products. It is important to support OFAC at time of application. Two-way integration with the bank’s or credit union’s core system is very popular and supported by LOS vendors. Two-way integration means populating the loan application with CIF data at time of taking a loan application and uploading (also referred to as boarding a loan) closing and accounting information to the core system once the loan has closed.

There you have it, the five basic “features” that should be included in your LOS “package”. So get those keys out and start driving those loans home!

About The Author

Here’s What The Future Of Mortgage Technology Innovation Will Look Like …

For the sixth consecutive year, PROGRESS in Lending Association hosted its groundbreaking ENGAGE Event designed to engage the mortgage industry to discuss and find solutions to so many pressing  industry issues. This was a frank and thorough exchange of ideas and tips about how to solve the problems that face the mortgage industry.  Yesterday we reported on what the speakers said about the future of mortgage regulatory compliance. Here’s what they had to say about the future of mortgage technology innovation:

Featured Sponsors:

 

 

“Looking back, the industry under estimated the amount of effort required to comply with TRID,” said Roger Gudobba, vice president, mortgage markets at CSi. “The industry is always reactive instead of being proactive. The new buzzword going around now is the digital mortgage. I hope it’s more then a buzzword. We as an industry need to focus on the data, which is what we always needed to do.”

Featured Sponsors:

 

So, what will define a truly forward-looking and innovative mortgage company in the years ahead? “Burdens in many areas continue,” answered Paul Wetzel, product management lead for Mortgage Cadence. “You need an open platform with a modern interface. Ease of use is critical. The innovative technology firms will be adding quality development staff. The innovative system of the future will be scalable, compliant and include all of the fun stuff, too.”

Featured Sponsors:

 

Case in point, let’s look at Fannie Mae’s launch of Collateral Underwriter. The GSE has invested a lot in development to roll out new tools to both digitize the process and ensure compliance, but is it working? “People are accepting of CU,” pointed out Lisa Binkley, senior vice president business development and mortgage services at Platinum Data Solutions. “However, people say that it is too manual. The UI is easy, but many feel like they need to know what’s underlying the decision of CU so they can address the findings. CU is an advance, but it has to be improved.”

The key to innovating is getting as many lenders to embrace smart automation. If lenders won’t automate at all, innovation just can’t happen. One way to get lenders to move faster is to offer more automation in one platform that is either all-in-one or tightly integrated to best-in-class players.

“It is an expansive and timely process for lenders to vet so many technology vendors,” explained Marc Riccio, president at Specialized Data Systems. “Vendors have to offer both lenders and borrowers a truly better process. You can’t just automate an old process, you have to automate to improve the process. For example, if you are working with someone on a mortgage, you should be able to offer them other products like a credit card, a boat loan, or something else, all from one system. Innovative technology allows lenders to work smarter.”

About The Author

Don’t Forget To Manage Operational Risk

A major issue in the financial industry is due to institutions maintaining a narrow scope on operational risk management programs resulting in miscommunication and gaps in the process. In the past, the biggest focus of operational risk management was on business continuity, which became a job task for one particular employee. As the market place evolved, vendor management regulations became more prevalent and another person was designated into the responsibility of maintaining the vendors.

Featured Sponsors:

 

More recently, incident response regulations due to an escalation of cyber security threats increased resulting in another person taking on the task of maintaining incident response. Instead of consolidating all operational risk management tasks and looking at it as a bigger picture, the different areas of risk were delegated amongst a large span of people. Because of this, people don’t communicate and products don’t communicate with each other. As a result, these individuals rarely maintain a large focus on these operational risk management tasks and when they do they only focus on a small aspect of the larger picture.

Featured Sponsors:

Another issue in the financial industry is that operational risk management is often over looked if the institution isn’t under an auditor’s microscope. Their approach to operational risk management is reactive and defensive rather than proactive and going on the offensive to auditors and regulations. They look for systems after it is too late and they don’t have the resources to devote someone entirely to managing all areas of risk. They often panic and purchase one system covering a small part of the bigger problem. They devote the time and money into the system and then never use it to its full capabilities. The minimal amount of information input is just good enough to get that check mark from the auditor but will leave them scrambling when an actual event occurs due to an inefficient process.

Featured Sponsors:

RemoteComply is the solution for these industry frustrations. Our suite allows the financial industry to easily manage all areas of operational risk management under one platform. Instead of spreading the job tasks across departments, the suite allows complete communication throughout the risk management process. The suite will put institutions ahead of the game due to best practices and complete compliance built into the system. RemoteComply is cost effective and will eliminate the need to delegate different job tasks based on each area of operational risk management. These functionalities save valuable time and resources.

About The Author

Managing Operational Risk

website-pdf-download

A major issue in the financial industry is due to institutions maintaining a narrow scope on operational risk management programs resulting in miscommunication and gaps in the process. In the past, the biggest focus of operational risk management was on business continuity, which became a job task for one particular employee. As the market place evolved, vendor management regulations became more prevalent and another person was designated into the responsibility of maintaining the vendors.

Featured Sponsors:

 

 
More recently, incident response regulations due to an escalation of cyber security threats increased resulting in another person taking on the task of maintaining incident response. Instead of consolidating all operational risk management tasks and looking at it as a bigger picture, the different areas of risk were delegated amongst a large span of people. Because of this, people don’t communicate and products don’t communicate with each other. As a result, these individuals rarely maintain a large focus on these operational risk management tasks and when they do they only focus on a small aspect of the larger picture.

Featured Sponsors:

 
Another issue in the financial industry is that operational risk management is often over looked if the institution isn’t under an auditor’s microscope. Their approach to operational risk management is reactive and defensive rather than proactive and going on the offensive to auditors and regulations. They look for systems after it is too late and they don’t have the resources to devote someone entirely to managing all areas of risk. They often panic and purchase one system covering a small part of the bigger problem. They devote the time and money into the system and then never use it to its full capabilities. The minimal amount of information input is just good enough to get that check mark from the auditor but will leave them scrambling when an actual event occurs due to an inefficient process.

Featured Sponsors:

 
RemoteComply is the solution for these industry frustrations. Our suite allows the financial industry to easily manage all areas of operational risk management under one platform. Instead of spreading the job tasks across departments, the suite allows complete communication throughout the risk management process. The suite will put institutions ahead of the game due to best practices and complete compliance built into the system. RemoteComply is cost effective and will eliminate the need to delegate different job tasks based on each area of operational risk management. These functionalities save valuable time and resources.

About The Author