Posts

Eliminate Risk: Three Tips For Developing Strong Risk Management Infrastructures

Improperly handling risk management efforts can make or break your loan origination process. Often, unforeseen issues arise that can be effectively dealt with, or even prevented by, the implementation of a strong risk management infrastructure.

Featured Sponsors:

 

 
With potential crises just waiting to be revealed, it is beneficial for lenders to identify these risks up front, before the damage becomes irreparable. Three areas on which lenders should focus in order to protect themselves and their borrowers are title search insurance, AVM audits and the use of innovative technology for property reports.

Title Search Insurance

Performing a title search consists of locating all necessary documents to determine and verify the legal owner of a property, and additional interest(s), claims and encumbrances on the property. Having insurance on these searches protects the lender by insuring that the information presented in the search is accurate and valid. If a title search is performed without proper insurance, the lender is left responsible for any issues down the road. For example, if a lender closes a home equity loan, and two years later the borrower defaults and the lender was not aware that there was a mortgage lien filed prior to the home equity that lender is subject to any losses that could occur as a result of the error on the original property report.

Featured Sponsors:

 
With title search insurance, any errors or missing data on the property report are covered, and the lender is guaranteed a lien position. This indemnifies the lender of fault and losses for any incorrect data on the initial report, should the borrower default on the loan. Lenders should always partner with providers that not only handle nationwide title searches for them, but also provide sufficient title search insurance.

AVM Audits

Automated Valuation Models (AVMs) allow lenders to receive information regarding a residential property at the touch of a button. They show the lender the market value for the property, the tax assessor’s indication of value, recent sales history and comparable sales analysis of similar properties. And, although some lenders lost confidence in AVMs as a result of the 2008 financial crisis, they are making a strong comeback.

Featured Sponsors:

 
In order to keep AVMs up to date and functioning properly, lenders must perform timely audits or validation. These audits should include a thorough comparison of a sample pool with AVMs versus a benchmark, such as a standard appraisal. This allows lenders to understand the strength and accuracy of the AVM model being used and the deviations between both, enabling the lender to adjust guidelines if necessary. Auditors want to see AVM validations to ensure the AVMs are delivering accurate values on properties.

By scheduling regular audits, lenders can trust that their AVMs are presenting correct information.

Using Innovative Technology for Property Reports

Many lenders still receive property reports from third parties that manually pull information from the Internet, transpose it to a report and then deliver the package to the lender. This physical transport of data from one document to another, or the “stare and compare” approach, significantly increases the risk of human error.

Lenders should engage with providers that use technology to create property reports directly from information provided by the courthouse or credit repositories. When no data is manually input by humans, the process becomes much faster and ensures accurate information. The lender is then delivered one concise report in a timely and compliant manner.

The best way to enhance your risk management infrastructure and keep up with competitors is to partner with an expert, third-party provider that offers full title search services, including insurance, AVM audit services and technical property reports. This will not only set you apart from others maintaining out-of-date processes, but will also ensure that all parties are protected throughout the entire loan origination process.

About The Author

Tim Smith
Tim Smith is co-founder and president of Austin, Texas-based FirstClose, provider of end-to-end technology solutions to refinance and home equity lenders nationwide, as well as a vendor management system that eliminates duplicate data entry. The company’s flagship product, the FirstClose Report, is the first, comprehensive refinance and home equity loan solution with capabilities to deliver title, flood, valuation and other important data elements in one report. For more information, visit www.firstclose.com.

Gaps In Risk Management

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

Featured Sponsors:

 
It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Gaps In Risk Management

website-pdf-download

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

Featured Sponsors:

 
The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Communication Is Key

When considering operational risk management and preparing for disaster recovery a proper communication median is commonly overlooked. It is something so simplistic yet too often do we resort to outdated call trees. Relying on one person to call another and having that person call the next not only complicates the process but also leaves unlimited room for human error. An alert notification system will easily replace these old-fashioned methods. Implementing this type of system will help your business build an overall stronger risk management program by allowing key personnel to be notified in minutes. In doing so, management will be able to focus on critical decision making while eliminating human error, misinformation, rumors, and/or heightened emotions from causing additional difficulties during an event.

Featured Sponsors:

 

 
It is important to look for an alert notification system that allows all types of communication including email, text message, and voice message. With all of today’s distractions, your alert notification system should allow you to cut through the noise and simply deliver the message. Always make sure to have back up contact information such as a second email address or second phone number to ensure that everyone is receiving the message at the same time. It is vital that your system allows you to easily create customized messages to be tailored to different target audiences based on roles within the organization and easily update your database with newly added and recently lost employee contact records.

Featured Sponsors:

 
In addition, your alert notification system should support two-way communication to account for read receipts and acknowledgements. Tracking the delivery of messages is just as important as sending them. The objective of alert notification is to get the correct message to the correct people. With two-way communication, not only is the system able to track when the message is opened, but it will also track when the recipient made physical interaction by responding to the message. All report logs should display time stamps and contact records for proper disaster recovery eradication. Tracking this information and organizing current communications will strengthen the process and allow your organization to recover faster.

Featured Sponsors:

 
For an all-encompassing operational risk management program, it is crucial for your alert notification system to integrate with your existing operational risk management systems. Company information such as employee contact information, associations to departments, locations, and even contact lists should only need to be updated in one system and automatically carry over to your other risk solutions. Whether you utilize the alert notification tool for operations closings, disaster notifications, or even to say “Happy Holidays,” a two-way communication tool will round out your recovery process and create an overall sufficient operational risk management solution.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Manage Your Risk Before Auditors Come Knocking

website-pdf-download
Research has shown that the financial industry outsources over 85% of their information technology. Outsourced technology can include your basic products such as the phone system, alarm system, network, servers, or computers. Your more critical outsourced technology might include lending technology, online banking system, secondary marketing system, payment solutions, core solution or ATM processing. From basic to critical technologies, all types of third parties play a key role in business operations proving that outsourcing technology directly effects your institution every day. Outsourcing technology has major benefits if managed correctly. If an effective third party risk management system is not in place, auditors will be waiting to knock down your door. Institutions rely heavily on outsourced technology to perform business functions resulting in an increased overall operational risk. If an outsourced vendor unsuccessfully delivers services then the institution relying on that vendor runs the possibility of failure. The risk associated with your outsourced technology providers directly effects the overall internal operational risk of your institution. If you are effectively managing your entire operational risk management program, you are ensuring you will always be able to perform everyday business functions, which are critical to survival.

One of the biggest struggles of managing third parties is the amount of time and effort it takes to complete the tasks required by the FFIEC and FDIC. The regulations stress the importance of maintaining a strong selection and monitoring process. This process includes qualifying and assessing the risk of each vendor, communicating with the vendor to obtain the necessary due diligence criteria, receiving the authorized review of the due diligence documentation, and continual monitoring of each vendor to update their documentation. Since each vendor provides something different to your institution, the process is extremely complicated. Each vendor must be assessed based on the risk they could bring to your institution, and all due diligence must be properly performed based on the level of risk. As a result of this, there are large amounts of resources, people, and time invested in properly managing your third parties.

Featured Sponsors:

 

Typically, institutions require their Vendor Manager, Vendor Owner, Legal department, Financial advisor, and CFO to be involved in the entire process. There are many hands involved in vendor management, and this is not accounting for external vendor cooperation. The Vendor Manager has the role of overseeing the entire vendor management program and ensures that all tasks and procedures are completed correctly and timely. The Vendor Owner has the role of obtaining all due diligence documentation and screening the vendor. The Vendor Manager begins this process by requesting for the vendor to be reviewed by the Vendor Owner. The Vendor Owner is then required to communicate with their vendor to obtain the proper due diligence information. Often times this point in the process gets delayed by the vendor because the due diligence documentation is viewed as a low priority and burden. This consequently makes an already lengthy process even longer. The difficulty of involving internal company-wide efforts and external vendor participation likely leads to miscommunication and lack of collaboration. Your institution needs to have a uniform process, ensuring interdependencies across your institution are effectively controlled.

If this process is completed manually, the implementation becomes increasingly complicated. Financial institutions often rely on multiple documents and lists which are all managed by different people and could contain duplicate information. One of our current clients previously managed three different vendor lists; contact information, accounts receivable and critical vendors. The departmental contact list was utilized by department personnel and contained contact information needed to communicate with each vendor. The accounts receivable list was utilized by the accounting personnel and contained billing information related to products and services as well as contract renewals. The critical vendors list was created by the IT department to track which vendors provide the most critical services and what due diligence needed to be performed based on the assigned criticality. The three lists each contained important information needed by multiple personnel. It would be impractical to eliminate any of the lists and would also cause chaos to simply combine. The vast amount of documentation and acknowledgements needed on an individual vendor basis essentially takes up more time and effort to maintain separately than it would with a centralized repository. This particular institution and many others have experienced the agony of maintaining a manual vendor management process and have therefore invested in an automated solution.

Simply automating might not be the answer to all prayers. The key is to invest in an automated solution that can easily maintain all vendor information as well as the management process from acquiring a new vendor and vetting an existing vendor to monitoring their relationship. Current systems are often difficult to use and lack the ability to delegate tasks to specific personnel. Since the vendor management process is so lengthy, it requires many hands to get involved to perform due diligence activities. This leaves room for miscommunication, error, and missed deadlines. The ideal automated solution would include user access roles, built in alerts, and a complete document repository. User access roles would allow all involved internal personnel the ability to manage their specific functions and keep track of their individual vendors. Built in alerts would ensure that all review dates and contracts are being reviewed and managed on time and monitored correctly. A complete repository would centralize all vendor due diligence documentation in one area to ensure that each vendor is being properly evaluated and controlled. The overall goal is to mitigate all outsourced technology risk by centralizing all tasks into one system. To achieve this goal, you must anticipate the risks before the auditors.

Unfortunately, institutions tend to maintain a defensive “band aid” approach to auditors and regulations. They panic after a visit from the auditors and find a quick fix to the problem. Usually the quick fix is to purchase a system to cover the area that the auditor scrutinized. Sometimes that system is only covering just a small part of the bigger problem and the institution falls in to a vicious cycle to constantly require more band aids. They might devote the time and money into a vendor management system but then still manage the other areas of risk manually. Instead, the approach should be proactive to eliminate the “band aid” cycle because eventually those band aids will run out and your institution will suffer. The newest FFIEC IT Examination update guides the way to a proactive strategy.

Appendix J in the FFIEC IT Examination handbook explains the importance of strengthening the resilience of outsourced technology by stressing the need to identify, measure, monitor, and mitigate all areas of risk associated with outsourcing. It is no longer practical to invest in several solutions to separately maintain all areas of risk management because of this regulation. In order to stay ahead of the game, it is better to have a solution that ties all areas of risk management under one umbrella. A complete risk management system is the solution to the worries that Appendix J has brought upon the industry. An all-encompassing risk management solution will identify which vendors are correlated to your critical business functions. The vendor must allow you to complete your critical functions or you will be in jeopardy of financial loss or loss of business. You should maintain your institution’s business continuity plan and incident response policy and also monitor the BCP and incident response policies of your third parties. This will ensure that if a disaster affects your vendor, they will be able to continue to provide their product or service to your institution.

Your risk management solution should incorporate vendor management, BCP, and incident response under one solution to ensure that all involved personnel can work together, eliminate further short term solutions, and anticipate future regulatory requirements. An all-encompassing operational risk management solution will ultimately make your institution prosperous.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Standing Up For What’s Right

website-pdf-download

Rebecca Walzak has an outstanding track record of developing, implementing and rejuvenating all phases of risk management. For example, as one of the first employees at Prudential Home Mortgage, she developed the national closing program, the risk management and reporting program for third party correspondents and restructured their regulatory compliance and quality control programs. Moving to national bank-owned mortgage operations provided the opportunity to implement innovative programs in quality control and provide leadership in developing risk management programs. She is a true visionary. Here’s how she sees the future of mortgage lending:

Q: You are probably one of the most well-known women in the industry but rarely recognized for your contribution. Why do you think that is? Do you see the role for women changing in the industry?

REBECCA WALZAK: I think one of the primary reasons is that women have not been recognized for their contribution. The people that get recognized are in production. We have had two women be MBA president, so it is very clear that women are not recognized as leaders. Women are in the back room. They are the underwriters. They are the QC people. They are the people behind the scenes that make things worked. I was told point blank that the reason that people don’t pay attention to QC is because it’s run by women. As a matter of fact, we now have a lot of women in production, but they are not in the senior positions. The people in the senior positions are baby boomers and they were brought up to believe that the man is in charge. That’s how our generation works. Women have stepped forward to try and change that, but stepping forward isn’t always in our makeup. Also, production makes the money. So, if the women are in underwriting and QC, we’re working to make sure things don’t happen. We can have good, healthy production and do things the right way. However, I do think we’re getting there. I may not get recognized, but the women that come after me might get recognized.

Featured Sponsors:

[huge_it_gallery id=”2″]

Q: You have been in the business for a long time, a large part of that time in Risk Management. What changes have you seen in the area of risk management?

REBECCA WALZAK: People didn’t know what risk management was when I started. People did not create their own risk appetite, they just followed Fannie and Freddie. People now understand that if you don’t produce loans the way you say you’re going to, you’re going to be in trouble. The industry has grown and matured. Mortgage was a department in a bigger company. We’ve seen the growth of wholesale and other channels. Consumers also recognize that you don’t have to go to a traditional bank to get a mortgage. Also, when I started you didn’t securitize, the bank that originated the loan held it and serviced it. The industry has gone from a cottage industry to a national industry.

Q: You hold a CQM (Certified Quality Manager). What exactly is that and how does it influence the way you view the business?

REBECCA WALZAK: A CQM is a certification for learning the discipline of producing quality services. It’s about understanding risk, testing for risk, etc. You have to look not at the product, but at the process as a whole as to ensure that the products are being produced a certain way. Quality management is much broader. It goes into rationale, supply chain management and everything that goes into ensuring that the product is produced a certain way. When I got my certification, it was very auditing focused. You would look at one loan or one loan product at a time, isolate things that need to be fixed and send it back. This approach has created an adversarial relationship between QM and production and it doesn’t solve the overall problem because you are not analyzing the process that went into making that loan. When I was at MBA, I asked to see their quality management curriculum and they had nothing. They had just one course. The reason why the private market isn’t coming back as it should is because they don’t have confidence in how the loans are being produced and the reps and warrants. So, if we can get this right, I think it will be a great thing for the industry.

Featured Sponsors:

[huge_it_gallery id=”3″]

Q: You have been a strong supporter of quality control for many years. What influence do you feel you have made in that area?

REBECCA WALZAK: There are days when I want to beat my head against the wall and say that my career has been a waste. However, if I wasn’t out there talking about a different way of doing things, we wouldn’t even have what we have today. We wouldn’t have the networking for QC people to reach out and talk to other QC people. There is now a subcommittee within the MBA. So, I think we are going to see change. We are going to see a movement toward this methodology.

Q: What are your disappointments?

REBECCA WALZAK: My biggest disappointment is that I still have to fight in a production environment to make management understand the value of QC. Management still see it as a cost of doing business and not a real value proposition. Lenders want to know how much money they are saving for every dollar that they are investing, but you can’t put a price on QC. We’re starting to see QC people move into senior positions. I give Chase and Prudential a lot of credit, but some lenders are so production based and they’re outsourcing QC just to say that they are doing it. I would also like the GSEs to reach out to me and others to see what works best. I asked them how many people they’ve terminated because they don’t have QC. If they focused more on action, instead of just making pronouncements, the QC would change.

Q: What is your focus these days?

REBECCA WALZAK: The mantra these days seems to be review, review, review and then review some more. This is counterproductive and contrary to the objective of a quality manufacturing process. I have been developing a QC program that is focused on reducing costs and identifying ways to make the results meaningful. For example, every manager wants to know “How do I compare to other lenders” so I have developed an industry benchmarking tool available to everyone that normalizes the information and allows subscribers to actually compare themselves to others in numerous ways.

My second focus is educating QC people. The idea that you are educated and certified shouldn’t be foreign. There should be increased gratification for those that know their craft. It’s not just six sigma alone. You have to be trained on the process before you can do a root cause analysis on every loan. That’s ludicrous. You have to understand the process and statistics behind everything. From there you have to formulate a correction where we put forth a solution, decide on a change and put forth a change for management to consider. If we had well educated, knowledgeable people working QC, you’d have a better process emerge.

Q: What do we need to change to make risk management better and prevent some of the cyclical crashes in the market?

REBECCA WALZAK: I find it interesting that Fannie and Freddie are coming out with new rep and warrants. One of the things that caused the crash was when we said, forget about the rules. Fannie and Freddie’s focus is making sure that every loan meets the guidelines, but it’s not focused on if the loan will perform even if it doesn’t meet the guidelines. If we can correlate certain things to performance, we’ll understand what we have to do to get more people into loans that actually perform. Extending reps and warrants gives lenders immediate relief, but it doesn’t solve the problem. At some point, you have to understand what isn’t working and fix it instead of just extending warranties. For example, everyone hates pay option arms, but not all of those loans defaulted. So, why didn’t they default? We have to do the hard work to understand the relationship between the loan and the default rate.

Q: Some of the articles you have written have really challenged the industry to look at things differently. Has any of that come to fruition and do you think it will?

REBECCA WALZAK: At the time of the Pirates/Cubs playoff my son said that he hoped the Cubs won since in the second Back to the Future movie, there was a sign in Wrigley Field congratulating them on their 2015 World Series victory. He just wanted to see one thing from that movie actually happen. I would be very happy if any of the ideas I have put forth in those articles came about.

Q: What worries you about the future of the industry?

REBECCA WALZAK: There are not enough people who understand the mortgage industry from top to bottom. Not many people have actually worked in all the areas including production and servicing, so they don’t know how things relate to one another. The collective knowledge of what we do and how we do it will be lost as us older folks leave. There is no one to replace us. While “book learning” for the CMB is good, it does not replace the knowledge that comes from experience.

INDUSTRY PREDICTIONS

Rebecca Walzak thinks:

1.) We are in a rising interest rate environment that may slow down the rate of growth, but it won’t have a devastating impact because Millennials are looking to buy a house and settle down.

2.) I also think that baby boomers are going to want to dispose of their home to move into a condo, which will add new housing inventory and a demand for financing around other types of housing.

3.) Regulations will have more of an impact on the secondary market. I’d like to see the CFPB be more definitive in the new rules that they produce. You can’t have regulation by litigation.

INSIDER PROFILE

rjbWalzak Consulting, Inc. was founded and is led by Rebecca Walzak, a leader in operational risk management programs in all areas of the consumer lending industry. In addition to consulting experience in mortgage banking, student lending and other types of consumer lending, she has hands on practical experience in these organizations as well as having held numerous positions from top to bottom of the consumer lending industry over the past 25 year.

Progress In Lending
The Place For Thought Leaders And Visionaries

New Informative Website Launches

Specialized Data Systems, Inc., a software development company that provides Loan Origination Solutions (LOS) and Risk Management Solutions to the financial industry is proud to announce the launch of their newly enhanced corporate website; www.specializeddata.com. The new website will feature information on both the loan origination and operational risk management product divisions.

Additionally, the enhanced site offers a user-friendly layout, which is easier to navigate. Individuals can access information on the loan origination and operational risk management software, gain key industry insights, learn how technology is solving industry pain points, read the most recent newsletters, and learn more about how the company is delivering much needed solutions to the financial services marketplace.

Featured Sponsors:

[huge_it_gallery id=”2″]

The interactive site delivers many enhanced navigation tools. Simply click on “schedule a live demo” to set up a personalized demo with one of our experienced product managers for either RemoteLender or RemoteComply. To learn more about each product and the service each product offers simply click on “download product sheet” and select the product you’re interested in learning about.

Featured Sponsors:

[huge_it_gallery id=”3″]

Marc Riccio, President and CEO of Specialized Data Systems, has commented on the launching of the new website: “We have spent a great deal of time and resources to deliver a dynamic user experience that provides key industry insights and detailed product solutions through this highly professional web site that we are proud to display.”

Specialized Data Systems is extremely excited for this launch, which will go live February 23, 2016.

Progress In Lending
The Place For Thought Leaders And Visionaries

Don’t Get Caught In The Headlines

Just read the latest industry publications or open up your e-mail newsletters and you will see numerous headlines like: CFPB Hits Three Lenders as Part of False AD “Sweep”, Holder Asks Lawyers to Pursue Bankers in Mortgage Fraud Cases, CFPB Fines Lender $2M for Alleged Kickback Scheme, As Founder Is Pushed Out, Owen’s Future Is Cloudy. Here’s how you can stay out of these headlines:

As you can see, these are not flattering headlines.  This type of press can have an extremely negative impact on your business. When these type of stories are published many companies scramble and look to implement a “crisis management” or “reputation management” strategy.

Featured Sponsors:

[huge_it_gallery id=”2″]

Crisis management is typically thought of as the process by which an organization deals with a major event that threatens to harm the organization, its stakeholders, or the general public. Reputation management normally is referred to as the influencing and/or control of an individual’s or business’s reputation.

The major problem that we typically see when companies are dealing with these situations is that they try to implement these strategies after the fact.  The first time that companies think about crisis management and reputation management is after the stories have run and after the reputation of their company and the individuals running it have already be run through the ringer.

Featured Sponsors:

[huge_it_gallery id=”3″]

Proper reputation management should start long before an issue or situation ever arises.  Companies need strong communication strategies that enhance the reputation of their organization and its leaders before a problem arises.  They need to deliver thought leadership and valuable insights to the market in a genuine and proactive way.

Companies should never underestimate the cost of a poor reputation in this or any other marketplace.

About The Author

[author_bio]

Michael Hammond
Michael Hammond is chief strategy officer at PROGRESS in Lending Association and is the founder and president of NexLevel Advisors. They provide solutions in business development, strategic selling, marketing, public relations and social media. He has close to two decades of leadership, management, marketing, sales and technical product experience. Michael held prior executive positions such as CEO, CMO, VP of Business Strategy, Director of Sales and Marketing and Director of Marketing for a number of leading companies. He is also only one of about 60 individuals to earn the Certified Mortgage Technologist (CMT) designation. Michael can be contacted via e-mail at mhammond@nexleveladvisors.com.

What Is A Management System?

One of the less frequently discussed requirements of the CFBP is that companies have in place a Compliance Management System. This has resulted in a lot of concern and confusion about what exactly they are requiring. Typically when discussions involve the term system, most often it is a discussion about technology. Yet it is commonly assumed that this is not a requirement to implement an entire new technology platform focused on meeting all the regulations. In fact, not all the regulations have been finalized. Therefore even though there is great concern about making sure the requirements are met, this requirement can’t be about technology. So what in fact is this requirement all about? Let’s break it down:

What is a system?

When it comes to understanding what the CFPB means when it requires a “management system” lenders must remember that the term system is far broader that just a technology platform. A system is a set of principles according to which something is done. In the business world it is the set of values and possibly a mission statement under which the business operates. Imbedded in this set of principles are the goals and objectives of the company. These typically revolve around the expected results of the company and generally focus on three sets of stakeholders. These include shareholders who are expecting a good return on their investment, customers who expect that the products and/or services promised will be produced and the members of the organization. Turning these principles into the expected results is the “system” under which the company operates.

While some business systems are relatively simplistic, most are very complex, having numerous functions operating together to produce the desired result. This complexity is addressed through operational functions such as marketing, production, financial management, risk management and regulatory compliance. In order to ensure that all functions are working in an effective manner, a coordinated monitoring and feedback system is put in place. Part of this system’s management responsibility is developing the goals and objectives for the organization. Flowing from these goals and objectives are the development of which products and/or services will be produced.

Designing the product/service that the company will produce is typically the responsibility of individuals with significant knowledge about the company’s goals and how such products/services are generated. In most manufacturing companies this is the work of the engineering team. In mortgage banking however, we look to credit policy and secondary marketing experts for this design work. Their work results in the specifications of what is going to be produced and is most frequently seen as policy statements and requirements.

Once the product and/or service policy has been designed, the operational units must produce the corresponding operational functions. For example, if the product policy statement contains requirements which include ensuring the integrity of the data, then the operational staff must incorporate a process to make this happen and document it through a procedure that is given to the operations staff to follow. An integral part of this development process is the identification, selection and implementation of the technology that will be used in conjunction with the production of the products.

In both of the systems involved in mortgage lending (production and servicing), there are numerous overlapping procedures that must also be incorporated into the final product.   Operation management must ensure that these overlaps are clarified and consistent among all staff and are grounded in the organization’s policies and procedures. In other words, can management demonstrate how a policy is actually implemented in the procedures across all operational units used by the company? Among these overlapping functions are risk, accounting and regulatory compliance.   Because of all these overlapping systems, mortgage lending and servicing is an extremely complex business and requires highly complex systems to make it work. It is also why a management system is an essential part of the business.

Purpose of a management system

All business have some type of management system. They can be as simplistic as having one person deciding the goals of the business and then determining how those goals are to be met. This individual must also determine what risks the organization faces in meeting these objectives and how these risks will be addressed as well as monitor the output of the operational processes and direct any changes that are necessary to meet the goals and objectives. However in a business as complex as mortgage lending, it is impossible for one individual to accomplish this and most frequently there are several key members in the organization with specific responsibilities.

While not always recognized as a “system”, the interaction between these individuals is the leadership that successful companies require. If one of the functions within a leadership system overwhelms all other functions the result is typically an organization that fails to meet its overriding responsibilities for its shareholders, customers, regulators and/or employees.

Elements of a management system

Management systems have three basic responsibilities that, when effectively executed, assure that the founding principles are followed and goals and objectives met. These functions include governance, risk and control.

Governance refers to the system of structures, duties, and support by which corporations are directed and controlled. Governance provides the structure through which corporations set and pursue their objectives and monitor the actions, policies and decisions of the corporation. In other words, governance involves determining what the company will produce and putting in place all the elements that will ensure the production. This includes oversight of all the processes, people and technology and all facets of these operational requirements.

The second is risk management. Risk is commonly defined as the chance of something happening that will have an impact on the objectives of the company. Every organization contains numerous risks and a management system must have a means of identifying, evaluating and determining how these risks will be addressed. This includes ensuring that there are coordinated, delegated resources to minimize, monitor and control these risks. One such risk is, of course, complying with all regulatory requirements. This includes not just those related specifically to consumers, but comprehensive regulatory risks as well.

About The Author

[author_bio]

Rebecca Walzak
rjbWalzak Consulting, Inc. was founded and is led by Rebecca Walzak, a leader in operational risk management programs in all areas of the consumer lending industry. In addition to consulting experience in mortgage banking, student lending and other types of consumer lending, she has hands on practical experience in these organizations as well as having held numerous positions from top to bottom of the consumer lending industry over the past 25 years.

Six Things You Need To Know About Today’s Risk Management

website-pdf-download

Chris-AppieThe 2014 midterm elections are now behind us, and the predicted shift in the Senate’s majority party has given Republicans control of both houses of Congress. While some of its legislative priorities have been signaled in advance, it is not clear how—or if—the Republican leadership may choose to revisit the Dodd-Frank Act.

Now in its fourth year, that Act remains a lightening rod that attracts criticism for its effects on the economy, regulatory burdens, and confusion regarding rules that have yet to be finalized. House Financial Services Committee Chairman Jeb Hensarling (R-TX) and Oversight and Investigations Subcommittee Chairman Patrick McHenry (R-NC) released a committee staff report in July that made plain the majority’s perspective. Its title, Failing to End Too Big to Fail: An Assessment of the Dodd-Frank Act Four Years Later did not leave much to the imagination. Ironically, among its findings was the observation that: “The Financial Stability Oversight Council (FSOC) is an unwieldy conglomeration of regulatory officials charged with identifying risks and taking steps to mitigate them.” This comes in the same quarter that the Office of the Comptroller of the Currency (OCC) published final guidelines for strengthening governance and risk management practices for larger financial institutions. The “unwieldy conglomeration…charged with identifying risks and taking steps to mitigate them” statement can as easily be applied to inefficient risk management practices as it can to Dodd-Frank itself, and regardless of possible revisions that may be in the Act’s future, it’s safe to say that the collective mandates from the OCC, the CFPB, and the Federal Reserve promoting enterprise risk management (ERM) are here to stay. While there are many components of ERM, transaction risk management (TRM) is one of the most easily addressed, yet often overlooked areas where a financial institution can improve its overall ERM practices.

As the regulatory conditions on the ground continue to evolve, financial institutions have reached out with risk management concerns that have taken on a common pattern, with six questions raised more frequently than others.

Risk management is not new. Why are we talking about managing transaction risk now?

Risk management is as old as risk, and managing the risks surrounding transactions is something that every financial institution has done in some form or another from the first day they opened their doors for business. So why are we talking about it today like it’s something new? The financial crisis of 2008 has intensified national focus on this perennial subject on all levels, starting with the Congress, the federal regulating agencies, and on down to the community bank on our street corner. Our current regulatory environment is one that demands rigorous operational methodologies and careful analysis of data to manage those risks specifically related to the transaction. And when Fannie Mae and Freddie Mac begin requiring the Uniform Closing Data set to accompany portfolios they are purchasing, the importance of the underlying data and its validation will drastically increase.

My institution already has an ERM program—why do we need to a special program to manage transaction risk?

Transaction risk management is a necessary component of enterprise risk management and may be thought of as the data collection and analysis systems of enterprise risk management. Much in the same way a financial institution is responsible for managing its data, the Office of Financial Research (OFR) is responsible for the collection and analysis of the data that assesses the health of our financial system. In both cases, the success of data analytics starts with the data itself. It is interesting to note that the “Failing to End Too Big to Fail” report rates the OFR’s progress as “unsatisfactory” and that its “data collection efforts risk imposing substantial costs.” The OFR’s work is intended to support the Financial Stability Oversight Council (FSOC), but here again the inherent challenges of an “unwieldy conglomeration” must be overcome at both the regulatory level and the financial institution level. Data collection and analysis must be an integrated component of transaction risk management, rather than a separate, disconnected process that gets tacked on somewhere during the processing of loans. The only sustainable data analytics solution is one of automation, and one that is part and parcel of the larger TRM program.

How is transaction risk management different than compliance?

Compliance is not a new concern in the financial industry. Most financial institutions are able to stay in compliance by hiring more staff and leveraging document libraries that are intended to warrant compliance. Although compliance (or lack thereof) is top of mind for institutions today, it is only one of many inherent risks of each transaction. If nothing else, the 2008 financial crisis, the subsequent formation of the CFPB, and the increased focus on financial institutions’ policies and processes have made it clear that profitability requires more than creating additional checklists to achieve a compliant outcome. Instead, there is an increased focus on a solution that encompasses more than just compliance risk mitigation: a solution that addresses operational risk, reputation risk, liquidity risk, and other risk types. Not only will a transaction risk management solution manage compliance risk, but it also leverages technology to flush out errors and inconsistencies that may be present in transaction content. The ability to address these types of issues is critical to minimizing the operational and reputation risk to which a financial institution is exposed. The CFPB has provided a convenient method for consumers to share complaints related to their experiences with institutions. Currently, consumers have the option of posting small synopses of their complaints on the CFPB website, but the Bureau has proposed an expansion of the rule that would allow consumers to publish full narratives of complaints. This trend toward full transparency as it relates to consumer complaints (complaints that, many times, cannot be properly defended based on the institution’s obligation to protect consumer information) makes it essential for institutions to pursue a TRM solution that allows them to transact business in way that diminishes the likelihood that a consumer would find cause for complaint. Although compliance is, and will continue to be, a major component of any TRM solution, there are many other risk factors that institutions need to consider when doing business.

Risk management doesn’t make my institution more competitive…or does it?

Addressing transaction risk not only makes institutions more competitive, it also can make them more profitable. A common reaction to new regulations is for institutions to hire more employees. More hiring equates to more training and more personnel costs. If those investments are instead allocated to a transaction risk management solution, personnel can spend less time checking for errors, researching which documents are required for which transaction, and making sure no required data is missing. This allows more time to be spent building, maintaining, and enriching borrower relationships. A focus on the borrower rather than the document supports a reputation of excellence in customer service.

At what point in the transaction process does TRM start?

At its core, a TRM solution is driven by data: both the data that is specific to a given transaction and data that is more universally applicable to a financial institution’s operational processes. The TRM process starts long before any data is collected. Setting up and configuring a risk management solution helps assure institutions that policy decisions and product definitions are configured correctly within the system before a borrower walks through the door. Once this data is configured and vetted by the proper personnel, loan officers can focus on collecting only the required customer data at transaction time. These processes help ensure that each transaction, regardless of who at the institution performs it, is completed with a high level of accuracy.

Is transaction risk management a bridge too far?

A dedicated effort to manage transaction risk can sound like a target too ambitious to actually reach, and the truth is that today’s business targets may be unrealistic if you approach them with yesterday’s business systems. It’s easier for business operations to update technology processes with technology than it is to update human processes with technology. No one is designing their online banking program for dial-up or backing up their data center with floppy disks, but it’s common to hear about manual processes and laminated checklists used to manage compliance-crucial data validations. The technology is out there now to help you institute a transaction risk management program that automates and safeguards critical data analysis.

Business Change: More the Same Than Ever

It seems unlikely that the recent election will drastically change the regulatory environment created by the Dodd-Frank Act in 2010, but based on the Republican leadership’s position that the law missed the mark, we may see tinkering around its edges. Markets crave certainty even if the players do not particularly like the rules that regulate them. It is better to know how to follow an unwanted rule than not knowing what do to at all, and it may be that fear of such uncertainty becomes the force that stalls significant modifications to the Act. This congressional hesitancy, along with proposals to eliminate the Fannie Mae and Freddie Mac conservatorships, new guidelines from the OCC for risk management practices, and ongoing CFPB rule proposals that can touch every aspect of your business. Today’s mortgage industry landscape requires constant improvements in technology to ensure profitability for lenders, safeguard compliance, and open up home ownership to a new generation of Americans stung by the market collapse and toughening underwriting standards.

About The Author

[author_bio]

Chris Appie is an attorney and Vice President of Products at Compliance Systems, Inc. (CSi). CSi is a provider of financial transaction technology and expertise serving over 1400 financial institutions across the United States. When he’s not keeping up with the CFPB he’s trying to keep his four kids under control in grocery stores and other public places. He can be reached via email at cappie@compliancesystems.com.