Posts

Partnership Provides Insight Into Cybersecurity Risk Exposure

Vendorly is now an authorized reseller of BitSight Security Ratings, which can help provide Vendorly customers with the ability to scale their vendor risk management programs quickly and effectively, regardless of their current security posture.


Featured Sponsors:

 


Global organizations are increasingly facing significant cyber risk management challenges. To help proactively mitigate risk, organizations need automated tools to measure and monitor the security performance of vendors. The BitSight Security Rating Platform generates objective, quantitative measurements on a company’s security performance to produce daily security ratings ranging from 250 to 900.


Featured Sponsors:

 


BitSight analyzes externally observable security incidents and practices, and applies sophisticated algorithms to produce a rating. With over 59,000 vendors actively managed on the Vendorly™ platform, the addition of BitSight showcases Vendorly’s commitment to raising the standards of third-party risk management, with a focus on strategic partnerships to help mitigate risk throughout the vendor lifecycle.


Featured Sponsors:

 


“For many organizations, cybersecurity and threat assessments continue to be an esoteric concept,” said Jim Vaca, Senior Vice President, Vendorly. “Organizations are often not capable of keeping up with the rapidly changing threat environment, let alone understanding the actual security performance of their critical vendors. BitSight has created objective metrics and tools that help identify cyber risk in a way that is understandable for organizations.”


Featured Sponsors:

 


“We are thrilled to work alongside Vendorly to help financial institutions address critical cyber risk challenges,” said Matt Cherian, Vice President of Strategic Partnerships, BitSight. “With companies increasingly outsourcing key business functions, managing vendor risk is critical to protecting a company’s most important assets. BitSight delivers the data and analytics necessary to make informed decisions.”

A New Way To Look At Property Data

Veros Real Estate Solutions announced today the availability of property-specific Disaster Data in conjunction with its VeroVALUE AVM reports and portfolio review services. In regions declared as disaster areas the new data set will allow lenders, servicers, appraisal management companies, and other mortgage transaction participants to determine if a U.S.-based residential property has been directly affected.


Featured Sponsors:

 


Today FEMA Disasters are declared at the county level, meaning the entire county is declared a disaster, even though it only affects a portion of the properties located within the region. As a result, all properties within the county are flagged as being in a disaster area, which halts loan funding. Since most mortgage lenders serve a broad or even national geographic area, they have limited ability to truly know whether or not a specific property is impacted by a disaster. Veros can now eliminate this challenge by identifying disaster area impact at the parcel level.


Featured Sponsors:

 


Using satellite imaging and data analytics, Veros’ initial release of this new tool delivers the information in two ways: on a “match and append” basis for portfolio review use or within the VeroVALUE AVM report on a per property basis. The match and append method indicates when a specific property is in the disaster area by matching the location and then appending the disaster data with one of several tiers of confidence. It then delivers a granular result that is much more specific than the county level information commonly used by lending industry participants today.


Featured Sponsors:

 


“With the release of this new data source we can now provide our customers with accurate property-specific disaster data, allowing them to quickly assess whether or not properties have been impacted by the disaster,” explained Veros’ Director of Product Management Luke Ziegenmeyer. “Additionally, our data is continually updated as the disaster unfolds, ensuring that our customers are always making their risk-based decisions with the most current information.”


Featured Sponsors:

 


Property-specific disaster monitoring data is available for the majority of declared disaster areas and includes hurricanes, earthquakes, wildfires, volcanoes, tornadoes, floods, storm surges and tsunamis. 

For loan origination, before funding can occur lenders need to clear the property to verify that it’s not damaged. VeroVALUE AVMs, enhanced with disaster data, enable them to do this. In the servicing and default area, it will help minimize loss severity by identifying potential default scenarios before they happen. Servicers that manage GSE- or FHA-funded loans will have the ability to proactively identify and assess disaster-related risk. As the largest investors in residential real estate, the GSEs and FHA benefit as well, as they lend everywhere and are therefore subject to the most exposure. 

“This new component to our VeroVALUE Automated Valuation Model has the potential to be of tremendous benefit to everyone from lenders and servicers to the GSEs, government agencies and capital markets firms,” said Veros President and CEO Darius Bozorgi. “It’s part of our ongoing commitment to provide innovative solutions that support the lending industry’s need to streamline processes, mitigate risk and create cost efficiencies.”

If there is likelihood or certainty that the property was affected by a disaster, Veros offers onsite inspection and photographic documentation with its VeroPHOTO+Property Condition Report (PCR). VeroPHOTO+ provides “laser focus” assessment of the property. Whether for a home equity line of credit, reassessing the collateral underlying a loan, or any other purpose, VeroPHOTO+ helps lenders quickly gauge disaster impact and the extent to which further due diligence may be necessary.

Eliminate Risk

Improperly handling risk management efforts can make or break your loan origination process. Often, unforeseen issues arise that can be effectively dealt with, or even prevented by, the implementation of a strong risk management infrastructure.

Featured Sponsors:

 

With potential crises just waiting to be revealed, it is beneficial for lenders to identify these risks up front, before the damage becomes irreparable. Three areas on which lenders should focus in order to protect themselves and their borrowers are title search insurance, AVM audits and the use of innovative technology for property reports.

Title Search Insurance

Performing a title search consists of locating all necessary documents to determine and verify the legal owner of a property, and additional interest(s), claims and encumbrances on the property. Having insurance on these searches protects the lender by insuring that the information presented in the search is accurate and valid. If a title search is performed without proper insurance, the lender is left responsible for any issues down the road. For example, if a lender closes a home equity loan, and two years later the borrower defaults and the lender was not aware that there was a mortgage lien filed prior to the home equity that lender is subject to any losses that could occur as a result of the error on the original property report.

Featured Sponsors:

With title search insurance, any errors or missing data on the property report are covered, and the lender is guaranteed a lien position. This indemnifies the lender of fault and losses for any incorrect data on the initial report, should the borrower default on the loan. Lenders should always partner with providers that not only handle nationwide title searches for them, but also provide sufficient title search insurance.

AVM Audits

Automated Valuation Models (AVMs) allow lenders to receive information regarding a residential property at the touch of a button. They show the lender the market value for the property, the tax assessor’s indication of value, recent sales history and comparable sales analysis of similar properties. And, although some lenders lost confidence in AVMs as a result of the 2008 financial crisis, they are making a strong comeback.

Featured Sponsors:

In order to keep AVMs up to date and functioning properly, lenders must perform timely audits or validation. These audits should include a thorough comparison of a sample pool with AVMs versus a benchmark, such as a standard appraisal. This allows lenders to understand the strength and accuracy of the AVM model being used and the deviations between both, enabling the lender to adjust guidelines if necessary. Auditors want to see AVM validations to ensure the AVMs are delivering accurate values on properties.

By scheduling regular audits, lenders can trust that their AVMs are presenting correct information.

Using Innovative Technology for Property Reports

Many lenders still receive property reports from third parties that manually pull information from the Internet, transpose it to a report and then deliver the package to the lender. This physical transport of data from one document to another, or the “stare and compare” approach, significantly increases the risk of human error.

Lenders should engage with providers that use technology to create property reports directly from information provided by the courthouse or credit repositories. When no data is manually input by humans, the process becomes much faster and ensures accurate information. The lender is then delivered one concise report in a timely and compliant manner.

The best way to enhance your risk management infrastructure and keep up with competitors is to partner with an expert, third-party provider that offers full title search services, including insurance, AVM audit services and technical property reports. This will not only set you apart from others maintaining out-of-date processes, but will also ensure that all parties are protected throughout the entire loan origination process.

About The Author

Is Cybersecurity Part of Your Risk Management Plan?

In working with financial institutions across the country on their operational risk management programs one area that regulators and auditors have recently had a keen focus on is Cybersecurity. More and more states and regulators are going to enact similar rules to the one listed below by the New York Department of Financial Services.

Featured Sponsors:

 

 
“The New York Department of Financial Services yesterday issued final regulations that will require its state-chartered banks and affiliates to establish and maintain a cybersecurity program as part of an ongoing effort to protect consumers and the state’s financial system from cybercrime. The rules take effect March 1, and with limited exceptions, banks will have 180 days to comply.”

Featured Sponsors:

 
“The regulations — the first of this kind to be issued by a state regulator — require banks and other financial services providers to maintain a cybersecurity program based on the institution’s level of risk; maintain written cybersecurity policies and procedures; designate a chief information security officer; and maintain an audit trail for cybersecurity events. The rules also impose additional requirements related to annual certification, risk assessments, reporting, recordkeeping, and periodic reviews of access privileges, among other things.”

Featured Sponsors:

 
“The final rules were revised from an earlier NYDFS proposal, which received significant pushback from bankers and other industry stakeholders, including ABA. While the final rules take a risk-based approach, ABA remains concerned that they will add significant regulatory burden to banks of all sizes, and that the short compliance window does not give banks enough time to put the necessary systems and processes in place. In addition, the rules could come in conflict with existing federal regulations, and may not provide enough flexibility to address the constantly evolving nature of cyber threats, the association noted.” This article appeared in the ABA Daily Newsbytes.

This is another reminder of the importance of have a comprehensive operational risk management program in place before the auditors come knocking.

Specialized Data System’s RemoteComply is an all-in-one web based suite containing solutions for business continuity planning, vendor management, incident response, and alert notification. The suite creates one centralized area to easily update and maintain all operational risk management criteria to satisfy the regulators and effectively prepare IT and compliance personnel for an inevitable disruption.

As a leading software provider in the financial industry for over 25 years, Specialized Data Systems is known for developing quality solutions to better the industry. They have developed RemoteComply with the intentions of creating a system that will centralize all risk management in one log-in to easily maintain and present to regulators. The suite will drastically improve the process of operational risk management by saving countless man-hours, ensuring compliance, and alleviating the frustrations typically associated with operational risk management.

About The Author

Guess What’s New

Hey, guess what’s new? According to Richard Parsons in his August 17th commentary, there is a boom in bank lending. Banks such as Suntrust and JPMorgan Chase are experiencing increases ranging from 15.5% to 23%. Likewise, real estate values are going up and up. The trifecta of this development is of course the re-emergence of loan products that we never thought we would see again.

Featured Sponsors:

 

 
What in the world is driving these trends? Well for one thing the inventory of previously owned homes is still rather low while builders are introducing new community developments in all areas of the country. For another, there are now down payment assistance programs either already available or under discussion and banks and investors are hungry for more yield in this continuing low interest rate environment.

Featured Sponsors:

 
The primary result of all this news is that banks and investors are expanding their risk appetites, and because they believe that loan quality is once again healthy, they are willing to add more risk to their portfolios. This is evidenced by the increasing volumes of lending activity. Of course, the lending activity reflected in the bank’s number do not necessarily include those loans originated and funded by non-bank lenders which would increase those numbers even more. So should lenders break out the streamers and champagne? Are we back to the early 2000s with another round of increased borrowing just around the corner?

Featured Sponsors:

 
Whoa! Wait a minute. Aren’t we still suffering under the regulations that were piled on after the collapse of 2008? While the obvious answer to that is a qualified yes, in reality the industry is starting to realize the opportunities available from these reversals of fortune. The question is not should we take advantage of these opportunities, but have we learned enough to avoid the same cataclysmic result. Let’s take a look at the issues.

Credit risk, in the form of both underwriting policy and product development prior to the crash, was expanding to include some very hazardous policies. Stated income loans had been offered as early as 1988 to employees of companies that moved and were eligible for their relocation programs. In less than 12 months it became evident that even these stellar borrowers were having difficulty making payments on stated income loans. Yet any additional reviews of the potential for inaccurate income to be used in these loans was either never done or not published. Furthermore, credit criteria in the form of debt-to-income ratios were also pushed ever higher without any acknowledged analysis taking place. Now of course, the ATR and QRM requirements are in place for federally regulated institutions but what about those who are not?

Regardless of these issues, the most significant process failure prior to the meltdown was Quality Control. If nothing else was gained from this catastrophe we learned that the program dictated by the agencies was less than useless. Even though the steps were followed, lawsuits focused on this failure has run into the billions. Yet the agencies have done little to change the requirements despite the fanfare surrounding the new dictates.

So, now we find ourselves in an environment with rising home prices, low interest rates and banks taking on more risk. History tells us this does not look good. It would wise for all of us to remember, “those who fail to learn from history are doomed to repeat it.”

About The Author

Good Headlines?

website-pdf-download

Hey, guess what’s new? According to Richard Parsons in his August 17th commentary, there is a boom in bank lending. Banks such as Suntrust and JPMorgan Chase are experiencing increases ranging from 15.5% to 23%. Likewise, real estate values are going up and up. The trifecta of this development is of course the re-emergence of loan products that we never thought we would see again.

Featured Sponsors:

 

 
What in the world is driving these trends? Well for one thing the inventory of previously owned homes is still rather low while builders are introducing new community developments in all areas of the country. For another, there are now down payment assistance programs either already available or under discussion and banks and investors are hungry for more yield in this continuing low interest rate environment.

Featured Sponsors:

 
The primary result of all this news is that banks and investors are expanding their risk appetites, and because they believe that loan quality is once again healthy, they are willing to add more risk to their portfolios. This is evidenced by the increasing volumes of lending activity. Of course, the lending activity reflected in the bank’s number do not necessarily include those loans originated and funded by non-bank lenders which would increase those numbers even more. So should lenders break out the streamers and champagne? Are we back to the early 2000s with another round of increased borrowing just around the corner?

Featured Sponsors:

 
Whoa! Wait a minute. Aren’t we still suffering under the regulations that were piled on after the collapse of 2008? While the obvious answer to that is a qualified yes, in reality the industry is starting to realize the opportunities available from these reversals of fortune. The question is not should we take advantage of these opportunities, but have we learned enough to avoid the same cataclysmic result. Let’s take a look at the issues.

Credit risk, in the form of both underwriting policy and product development prior to the crash, was expanding to include some very hazardous policies. Stated income loans had been offered as early as 1988 to employees of companies that moved and were eligible for their relocation programs. In less than 12 months it became evident that even these stellar borrowers were having difficulty making payments on stated income loans. Yet any additional reviews of the potential for inaccurate income to be used in these loans was either never done or not published. Furthermore, credit criteria in the form of debt-to-income ratios were also pushed ever higher without any acknowledged analysis taking place. Now of course, the ATR and QRM requirements are in place for federally regulated institutions but what about those who are not?

Regardless of these issues, the most significant process failure prior to the meltdown was Quality Control. If nothing else was gained from this catastrophe we learned that the program dictated by the agencies was less than useless. Even though the steps were followed, lawsuits focused on this failure has run into the billions. Yet the agencies have done little to change the requirements despite the fanfare surrounding the new dictates.

So, now we find ourselves in an environment with rising home prices, low interest rates and banks taking on more risk. History tells us this does not look good. It would wise for all of us to remember, “those who fail to learn from history are doomed to repeat it.”

About The Author

Don’t Be Passive About Risk

While extremely imperative to monitor and uphold, many institutions maintain a passive approach to operational risk. With increased regulatory changes, a difficult and confusing process continues to challenge us with many questions. What information do I have to monitor? How often must I review this information? Will my methods be successful in passing an audit? While most financial institutions find operational risk management to be a large burden, a centralized and intuitive platform will make the task far less daunting.

Featured Sponsors:

 

 
Operational risk management involves the risks resulting from breakdowns in internal procedures, people and systems. As a whole this broadly defined topic seems over bearing but when narrowed down and broken up into sections we can grasp a better perspective. The important areas to focus on are vendor management, business continuity planning, and incident response. Most often, these three areas are treated separately and managed by different departments, but with the growing audit vulnerability due to increased regulations and more intensive exams, it is beneficial to treat them as one.

Featured Sponsors:

 
Vendor management involves the process of monitoring critical vendors to ensure that your institution will not falter if there happens to be an external disruption in services. So what does happen if a vendor remains inoperable and your institution relies on that vendor to maintain critical business processes? Here is where vendor management runs head to head with business continuity planning. Information such as institutional resources, personnel, departments, critical processes, and vendors should be taken into consideration for both vendor management as well as business continuity planning. The best way to prevent complete failure is to prepare for the worst case scenarios. Disaster recovery tests should be performed internally between departments as well as externally involving vendors. Your vendor management program and business continuity planning program should unify to reflect this co-dependency.

Featured Sponsors:

 
Naturally, most financial institutions utilize around one hundred outsourced vendors. As a result, a greater dependence on third party providers can lead to a larger cybersecurity risk. Your incident response policy should prepare your institution to take the correct steps to prepare and control an incidental breach. Most often a vendor could be involved in the situation which would require further monitoring and might even increase the overall vendor risk rating. All of which is important to track and mitigate, utilizing an effective operational risk management program involving both vendor management and incident response. An integrated program will facilitate the ease of sharing imperative information across all areas of operational risk.

The best solution is to maintain one centralized platform for operational risk management. Since all areas are tied together, the systems should allow for this tight integration using shared information. If your process is easily managed and allows for well integrated information, then the implementation and ongoing monitoring will no longer be a daunting task. You should be confident in your institution’s operational risk management process and the best way to get to there is to start recognizing and managing operational risk areas in a cohesive light.

About The Author

Are You In The Know About What The Regulators Have Done?

Did you know that in the year 2015, the FFIEC released eight regulatory updates? Five of these updates focused solely on operational risk management. It can be difficult to keep abreast of the growing importance of operational risk management in the financial industry. Staying current with all compliance regulations can be a full time job, a job that becomes even more daunting when added to an already long list of duties. As a result, many institutions have turned to outsourcing their technology as a cost-effective approach to managing their operational risk management. These institutions have found this approach to be a double-edged sword: on one hand they are minimizing the burden of manually managing tasks, but on the other they are utilizing several different systems that do not work together. The solution is to look for one vendor that can centralize all systems onto one platform.

Featured Sponsors:

 

Regulators are not going away, and they are not letting up. The five most current FFIEC updates included changes to Appendix J, updated cybersecurity priorities, updated cybersecurity mitigation tasks, release of the Cybersecurity Self-Assessment tool, and revision to the IT Technology Examination Handbook, emphasizing the importance of managing enterprise-wide risk management. These five regulatory updates highlight disaster recovery planning, vendor management, and cyber incident response. The FFIEC along with all regulatory agencies are creating correlations between areas of operational risk in more ways than one. How can anyone possibly hope to keep up?

A common problem found in this industry is the vicious cycle of the “Band-Aid” approach. Implementing quick-fix systems and processes that will cover only these five regulatory updates is not economical or sensible. Perhaps these fixes will provide coverage for one year, but what happens when the FFIEC rolls out five new regulations? Continually seeking short-term solutions for current problems can leave one vulnerable to fines, penalties, and system inadequacies. A Band-Aid is useful small and short term issues but will not fix a bullet hole. The best solution for the long-term is to ensure continued compliance and to be proactive to regulatory agencies. The only solution is to centralize all operational risk management onto one platform.

Centralizing operational risk management onto one platform will allow your institution to breathe a sigh of relief. Vetting one vendor to handle all areas of operational risk will not only minimize your third party risk, but will also integrate all data into one area. For example, if your vendor management program is advising you that Vendor X is a high-risk vendor, while your disaster recovery program tells you that the processes completed using the technology of Vendor X have a low recovery time objective, there is certainly something amiss. If these two systems do not speak to each other, then these correlations will remain unseen. All areas of operational risk management are intertwined together, and they should be treated as such. Centralizing operational risk management can eliminate double data entry, reduce the amount of resources needed to manage the systems, and put you ahead of the regulators with a new and proactive approach.

About The Author

National Fraud Levels Decline, But Not In Florida

*National Fraud Level Declines, But Not In Florida*
**Interthinx Releases Report**

***Interthinx has released its quarterly Mortgage Fraud Risk Report covering data collected in the third quarter of 2012. According to the most recent analysis, overall risk nationwide has decreased by nearly 8 percent to the lowest value observed in the past two years. However, significantly increased levels of fraud risk in Florida pushed it past Nevada and into the top spot for overall fraud risk.

****Florida also appears on three of the four type-specific top 10 riskiest lists this quarter. Of particular concern is the finding that in Florida, investment purchases have more than three times the level of employment/income fraud risk than purchases for primary residences.

****Other notable findings include:

****>> Florida and Nevada are the two riskiest states with Interthinx Mortgage Fraud Risk Index values of 206 and 205, respectively. Currently, Florida has 17 metropolitan statistical areas (MSAs) classified as “very high risk.”

****>> Arizona is the third riskiest state for mortgage fraud, with a risk index value of 191.

****>> California, which is the fifth riskiest state in the country, has six of the top 10 riskiest metros, including Merced — the riskiest metro in the nation. California also has one of the 10 riskiest MSAs for identity fraud, three of the 10 riskiest MSAs for occupancy fraud, five of the 10 riskiest MSAs for property valuation fraud, and eight of the 10 riskiest MSAs for employment/income fraud.

****>> Iowa City, Iowa, leads the nation in identity fraud risk with an identity fraud risk index of 325, a 118.4 percent increase from the second quarter of 2012.

****>> Miami-Fort Lauderdale-Pompano Beach, Florida, appears on all of the type-specific top 10 riskiest lists except employment/income.

****“The report shows that even when overall fraud risk is decreasing nationwide, there are still areas of concern, as we see with this quarter’s findings in Florida,” stated Mike Zwerner, senior vice president of Interthinx. “The report’s actionable intelligence helps lenders pinpoint where additional due diligence may be needed, improves loan quality, reduces repurchase risk, and ultimately helps the economy recover.”

****The Mortgage Fraud Risk Report is an Interthinx information product created by an internal team of fraud experts. This is the fourteenth time Interthinx has released its quarterly report. The report provides deeper insight into current fraud trends through the analysis of more than 12 million loan applications amassed from the industry’s use of the Interthinx FraudGUARD loan-level fraud detection tool.

Understanding The News: Avoid Risk, Know The Subject Property Better

*Avoid Risk, Know The Property Better*
**Partnership Makes Property Visibility Easier**

***One leg of making a good decision about a loan is knowing everything there is to know about the property. So, how do you do that? It just got easier. CoreLogic, a provider of information, analytics and business services, and California Regional MLS (CRMLS), the nation’s largest multiple listing service (MLS) provider, today announced that CRMLS has joined Partner InfoNet by CoreLogic. The companies also announced that CRMLS has agreed to a multi-year extension of its Matrix MLS system contract.

****Launched in June 2010, Partner InfoNet is an innovative revenue-sharing program in which MLSs license their listing data to CoreLogic for use in risk management products for mortgage lenders, servicers, and capital markets (but not consumer outlets). With the addition of CRMLS, Partner InfoNet now encompasses nearly 1.1 million active listings and more than 450,000 real estate professionals from 78 MLSs.

****Matrix is an enterprise-class MLS system that provides real estate brokers and agents with a flexible, high-performance platform for managing real estate listings. 16 MLSs serving more than 163,000 real estate professionals currently use Matrix, and six more installations are scheduled for this year. In total, CoreLogic serves approximately 550,000 real estate professionals with its MLS systems—more than half the North American market.

****“Through our local member associations, we strive to provide the most dependable, convenient and affordable listing technology services available,” said Art Carter, CEO of CRMLS. “Matrix has proven to be an extremely fast and reliable MLS system that meets the needs of our progressive subscribers by supporting virtually all computing platforms and devices. Partner InfoNet supports our goal of keeping costs down for our members by simply and securely leveraging the value of our listing data.”