Posts

Buy Vs. Build

I frequently speak with risk officers from financial institutions across the country about their operational risk management approaches and potential solutions to minimize risk within their organization. In the past, many of these individuals would manage third party due diligence, business continuity planning, alert notifications and incident reporting through a host of spreadsheets and reports via their own custom solution.

Featured Sponsors:

 

 
As the influx of rules and regulations has increased and the fervor at which auditors are scrutinizing potential risk within the institution, the complexity of managing these processes internally has become daunting. This has forced many risk officers to consider weather to buy or to continue to build on their own operational risk solution.

Risk officers need to consider a host of items before making a long-term decision about building or buying. These include: Do you have the resources, technology background, and expertise needed? What is the time to market when you build vs. buy? Have you evaluated the on-going cost to maintain the solution? How will you keep up with industry trends and innovation? Are best practices incorporated into the solution from a diverse group of experts? Is there greater risk if you build it yourself?

Featured Sponsors:

 
These, and a number of additional considerations, should be reviewed before moving forward. In an article entitled “The Buy Vs. Build Decision: Choose Wrong And Put Your Job At Risk,” Dan Simerlink, a Business Value Consultant for Teradata, discusses additional points to consider.

“When evaluating software solutions, businesses need to determine if they should build or customize their own software, or buy from a vendor. Making the correct choice will deliver a strong ROI, enable competitive advantage and earn accolades for the decision maker. However, the wrong selection can be costly for the business—and for the career of the person spearheading the project.

Buy versus build decisions used to be straightforward, partly due to limited options. Organizations would assess their needs and the IT staff’s workload and make a decision based on a total cost of ownership (TCO) analysis. These days businesses need more accurate methods to keep pace with a labyrinth of ever-expanding choices.

Featured Sponsors:

 
Project Risks And Career Perils

When organizations build or customize a solution, they should expect a 10% to 15% error rate, according to an article on ComputerWeekly.com. The article also notes that in the U.S. alone, an estimated $75 billion a year is spent on rework and failed or abandoned systems. For example, poorly tested software caused transaction process problems for millions of online customer accounts and resulted in widespread email phishing attacks that cost one large multinational bank more than £50 million.

On the other hand, purchasing a solution reduces the likelihood of time and cost overruns and the possibility that the project will fail because:

>>Conversations between vendors and their customers identify the pros and cons of the solution

>>Many of the errors and bugs have already been worked out

>>Vendor specialization in deployments eliminates a long learning curve

Although the cost of failure is usually not considered in the buy versus build analysis, thousands of hours can be sacrificed on a project that will never launch. Even if the project does see the light of day, time and cost overruns can impact people’s careers.

In terms of career stability, the riskiest decision is for the company to build its own software. This exposes the decision maker to much more scrutiny than a “buy” scenario. When a company buys software, the vendor shoulders part of the risk and assigns additional resources if the implementation timeline slips (assuming a reputable vendor with a track record of success is chosen).

Narrow the Choices

The abundance of customizable software solutions now available has erased the hard dividing line between buy and build decisions. As technology matures and business models evolve, default modes for a funding model for buy versus build decision making need to be re-evaluated.

Increased competition, shorter time-to-value cycles, and the rapid pace of innovation are forcing organizations to look at the speed and agility of their software deployments. In fact, these factors can be parlayed into a competitive advantage, which means the project must be carefully planned so that advantage is not devoured or sacrificed to failure.

The decision-making process should entail estimating the TCO for the software. A good starting point is to create a list of criteria for each potential option that weighs factors such as time to value, solution functionality, the technical expertise required, and funding. The value proposition for the buy, build or customize options can help narrow the choices.

Considering the time to value, which is erroneously omitted from many financial business cases, helps make a more informed project decision. Including all costs, along with ROI and time-to-value evaluations, enables decision makers to reach the most informed conclusion.

Critical Decisions 

The proliferation of software vendors and solutions has greatly complicated the selection process. To make the best choices, organizations need to quantify options and approaches to determine the total costs and benefits. The right choice will deliver substantial value to the business and could launch a career. At the other end of the spectrum, the wrong choice can cost a lot of time and money—and put your job at risk.”

In a blog published by Rex Chekal of TableXI, he looked at the buy vs. build decision from this perspective. “Our software build vs. buy checklist: When we’re looking to make a buy or build software decision, we don’t rely on a complex matrix or framework. Instead, we ask four straightforward questions:

>>What are the must-have features for this software? Then we determine if an existing product can deliver enough of those features to get the job done. If yes, we move on.

>>What’s the timetable? The feature set will determine what’s going to be faster–off-the-shelf or custom. A super-tight timetable may make the decision for us.

>>What’s the build vs. buy cost analysis? Once we know the features we need and the time we have to build them, we can start scoping out what it will cost to buy vs. build.

>>What’s the ROI potential? This is the biggest question we need to answer: Will this product make enough money to justify its costs? Sometimes this answer will push us toward custom or off-the-shelf. Sometimes it will force us to return to step one and rethink our features until we have something we know will turn a profit.”

As you can see, there are many factors that need to be considered before making the decision to buy vs. build. One thing is clear though: the old way of throwing together a few spreadsheets for due diligence, business continuity planning, alert notifications and incident reporting and thinking it will meet auditors expectations for operational risk management is no longer true. The time to make the right decision about buying vs. building is now, before the auditors come knocking.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

The LOS That Does It All

website-pdf-download

When we were evaluating a mission critical application such as a loan origination system (LOS), it was important the LOS vendor could provide configurable and customizable functionality to fit our specific lending needs. I’ve been working with my current loan origination system for five years and we are extremely happy with the features and benefits that it provides for my institution.

Today, we offer standard conventional mortgage loans including fixed and adjustable mortgages and HELOC products.

Featured Sponsors:

 

 
One of the advantages of being a Community Bank is we don’t have to follow a standard “cookie cutter” process where “one size fits all” like many large lenders are forced to follow. Consequently, we configured our LOS platform to meet our lending policies and at the same time eliminated ALL manual processes. We don’t have to change our policies and procedures on the fly to get the loan through the system. In my experience, it is better when the “tail isn’t wagging the dog”.

From a lenders’ stand point, we value the ability to create our own customized workflow within the system. Our LOS software vendor asks us how do we process loans instead of them dictating to us “what to do” and ”how to do it.” Our goal was to find a LOS platform that allows us to conduct business “our way” but at the same time properly meet the state and federal lending guidelines. We also were looking for a LOS platform that helps us measure risk and address our internal policies and procedures. For example, when Real Estate owned schedules are generated, we want to calculate the schedules based on our internal underwriting policies.

150-quote

 

_______________________________________________________________________________________

 

Our LOS software vendor asks us how do we process loans instead of them dictating to us “what to do” and ”how to do it.”

One of the advantages of being a Community Bank is we don’t have to follow a standard “cookie cutter” process where “one size fits all” like many large lenders.

____________________________________________________________________________________________________
 
There are always many hesitations with implementing new technology. Our LOS vendor did an excellent job assisting us with transitioning from our prior LOS to our current LOS.

We actually killed two birds with one stone. Two of our goals were to eliminate duplicate data entry and improve data integrity. As a result of implementing our current LOS platform, we considerably minimized data entry mistakes and improved the quality of our borrower data because three or four people no longer have to enter the same piece of information at multiple data entry points. This greatly increased productivity and ensured accountability.

Featured Sponsors:

 

 
As a result, we are extremely confident our HMDA LAR is accurate because we eliminated double data entry and we use data integrity functionality (i.e. “required fields” feature) which forces end users to enter critical information required to process a loan. Borrower data is being pulled directly from the loan database and we can track who is responsible for data entry and track ownership. Ever since being able to do this, submitting the HMDA LAR is exactly as it should be; a non-event.

When we sell a loan, we can create a ULDD file directly out of our LOS or we can go into a secondary loan sale platform, type in the same information, make mistakes and not have the information match what’s in the loan origination system. We worked closely with our LOS vendor to create the ULDD files to get that properly configured for loans we sell to the secondary market. While doing this, there was another community bank, probably 2 or 3 weeks ahead of us in the ULDD implementation process for our LOS, so they paired us up so we could talk to each other about what our current challenges were, how we addressed them, and what we should have we done differently which was very helpful to both of us.

Over the past five years working with our current LOS, one of the greatest efficiencies is the “embedded” printing capability that is included in our LOS platform. This allows us to print ANY loan document at ANY time during the lending cycle phase without having to leave the LOS platform. I know other LOS platforms rely on 3rd party Doc Prep providers which adds additional costs and time. With our current LOS, all loan documents can be printed directly from our LOS platform without depending on a third-party document prep provider.

Another advantage of having an embedded printing capability is we don’t have to worry about using a 3.2 Fannie Mae Case file which many LOS depend on when creating documents. If your LOS depends on a third-party document prep system, the steps include exporting the 3.2 Fannie Mae Case file and then importing (transferring) the 3.2 Fannie Mae file into another system. However, you always worry if the mapping is accurate. If mapped incorrectly, this is a recipe for disaster. Instead, it is better to have all loan documents generated directly from the LOS.

150-quote

 

_______________________________________________________________________________________

 

There are always many hesitations with implementing new technology. Our LOS vendor did an excellent job assisting us with transitioning from our prior LOS to our current LOS.

If data elements are not properly mapped to third-party doc provider platforms, the final output will not be accurate.  This can lead to regulatory issues and/or costly fines.

____________________________________________________________________________________________________
 
It’s critical that your LOS creates the Loan Estimate (LE) and Closing Disclosure (CD), which are somewhat different than your typical loan documents. Generating an LE or CD from a third-party document provider exposes the bank to more risk. If data elements are not properly mapped to third-party doc provider platforms, the final output will not be accurate.  This can lead to regulatory issues and/or costly fines.

Regarding HMDA, we can easily pull a HMDA LAR directly from our loan origination system. Even though we don’t utilize the system to process our commercial loans, we worked with the LOS vendor to configure the ability to capture and report HMDA data points for Commercial Real Estate Loans. This is a very important capability especially with all the new HMDA changes coming in 2018.

Regarding reporting, we are fortunate our LOS has excellent standard and AD-HOC reporting capabilities. We can select, sort and print any field on a report. When I first started working for my bank, no one had a lead role in managing the system so the loan process took a long time to complete. When I stepped in, I worked with our LOS vendor to help us create turn time reports to show how long each step in the loan process was taking. We wanted to measure productivity and this report showed us how we could consolidate time to shorten the lending approval process. Once we produced this report, we gathered useful business intelligence, which helped us reduce timeframes and create better efficiencies from start to finish.

Featured Sponsors:

 

 
We have automatic reporting scheduling capabilities, which means we can generate and distribute reports automatically during off hours. In addition, we can convert ANY report into different 15 different formats including delimited file, Excel, .pdf, HTML, etc. It’s one of the most robust reporting systems we’ve ever used.

From a support perspective, I truly enjoy the online ticketing system that our LOS vendor utilizes. The system allows me to create a ticket, go back and search old and closed tickets, easily communicate back and forth regarding issues, and ensure all information is confidential and secure. In the ticketing portal, there is a community of users where we can share ideas and best practices based on our individual experiences. In the past I’ve seen this handled through email chains, which is tremendously inefficient. Our LOS vendor also provides online chat, which saves time. But of course, they also provide old fashioned “phone support” when the need arises to talk to a support representative.

Because of these efficiencies……….everyone on the residential lending team is able to work effectively and accountably. We are able to smoothly process, underwrite and close loans. The first year our LOS system was up and running we were able to have clear direction and tasks for each step of the loan process which resulted in a first year increase of over 200% in residential loan origination volume.

About The Author

Michelle Gately
Michelle Gately is Vice President – Lending at Middlesex Federal Savings, a full service community bank that understands the importance of local decision making. For more than 125 years, the bank has built strong, long-term personal and business relationships with neighbors throughout the great Boston community. Michelle has more than 30 years of industry experience including origination, underwriting and compliance. She manages the Bank’s residential lending origination, underwriting, closing and secondary market efforts.

Is Cybersecurity Part of Your Risk Management Plan?

In working with financial institutions across the country on their operational risk management programs one area that regulators and auditors have recently had a keen focus on is Cybersecurity. More and more states and regulators are going to enact similar rules to the one listed below by the New York Department of Financial Services.

Featured Sponsors:

 

 
“The New York Department of Financial Services yesterday issued final regulations that will require its state-chartered banks and affiliates to establish and maintain a cybersecurity program as part of an ongoing effort to protect consumers and the state’s financial system from cybercrime. The rules take effect March 1, and with limited exceptions, banks will have 180 days to comply.”

Featured Sponsors:

 
“The regulations — the first of this kind to be issued by a state regulator — require banks and other financial services providers to maintain a cybersecurity program based on the institution’s level of risk; maintain written cybersecurity policies and procedures; designate a chief information security officer; and maintain an audit trail for cybersecurity events. The rules also impose additional requirements related to annual certification, risk assessments, reporting, recordkeeping, and periodic reviews of access privileges, among other things.”

Featured Sponsors:

 
“The final rules were revised from an earlier NYDFS proposal, which received significant pushback from bankers and other industry stakeholders, including ABA. While the final rules take a risk-based approach, ABA remains concerned that they will add significant regulatory burden to banks of all sizes, and that the short compliance window does not give banks enough time to put the necessary systems and processes in place. In addition, the rules could come in conflict with existing federal regulations, and may not provide enough flexibility to address the constantly evolving nature of cyber threats, the association noted.” This article appeared in the ABA Daily Newsbytes.

This is another reminder of the importance of have a comprehensive operational risk management program in place before the auditors come knocking.

Specialized Data System’s RemoteComply is an all-in-one web based suite containing solutions for business continuity planning, vendor management, incident response, and alert notification. The suite creates one centralized area to easily update and maintain all operational risk management criteria to satisfy the regulators and effectively prepare IT and compliance personnel for an inevitable disruption.

As a leading software provider in the financial industry for over 25 years, Specialized Data Systems is known for developing quality solutions to better the industry. They have developed RemoteComply with the intentions of creating a system that will centralize all risk management in one log-in to easily maintain and present to regulators. The suite will drastically improve the process of operational risk management by saving countless man-hours, ensuring compliance, and alleviating the frustrations typically associated with operational risk management.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Gaps In Risk Management

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

Featured Sponsors:

 
It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Gaps In Risk Management

website-pdf-download

In talking to financial institutions across the United States about Operational Risk Management, I am amazed at how many continue to state that they have it covered. When we talk about operational risk we are referring to Third-party Due Diligence, Business Continuity Programs, Incident Reporting, and Alert Notifications. Just tracking some of this information in an excel spreadsheet is no longer going to cut it with the auditors.

Featured Sponsors:

 

 
In an article titled “FDIC Watchdog Highlights Gaps in Banks’ Vendor Contracts,” that appeared in ABA Daily Newsbytes written by Krista Shonk and Denyette DePierro, it states that “Few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties, according to a report issued yesterday by the FDIC’s independent inspector general. The report also found shortfalls in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.”

Featured Sponsors:

 
In response, “the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management. Anecdotal reports from banks indicate that examiners are increasingly focusing on technology provider risk management. The report expressed concern that some banks ‘may not be sufficiently knowledgeable about or engaged in contract management.’”

It is becoming increasingly more difficult for financial institutions to keep up with and maintain the proper compliance requirements on their own. If financial institutions want to be better prepared for their next audit they need to partner with companies that specialize in operational risk management.

Featured Sponsors:

 
The right operational risk management solution combines dynamic technology, in-depth expertise and best practices on one common platform to meet and exceed the constantly changing expectations of the regulators. An All-In-One Operational Risk Management Suite allows financial institutions to easily manage all areas of operational risk management under one platform. The all in one suite needs to be easy to use, role dependent and web based. The common platform eliminates double data entry saving valuable time and resources.

Third Party Due Diligence

Upload and store your institution’s information pertaining to locations, departments, people, vendor program, and policies. Upload and store all vendors to the system and track vendor static data. Assign different managers to the specific vendor to upload and track data.

Utilize the qualifying questionnaire to determine whether or not a particular vendor needs to proceed to the risk assessment. The risk assessment is a questionnaire categorized by FFIEC and due diligence questions which prioritizes your vendors into a high, medium, or low risk category determining the level of due diligence to perform on each individual vendor. Upload and store all relevant due diligence criteria. Log and track all conversations exchanged between user and vendor as well as an evaluate vendor performance using the vendor report card.

Business Continuity Programs

Conduct risk assessments for locations and/or vendors. Assign probability and impact ratings to individual threats to automatically generate the threat’s overall rating and define the details of impact with mitigation steps for particular threats. Create your BIA based on departments located within a specific location with details of processes, resources, and people. Includes the ability to set BIA review dates with reminder email notifications. Build your comprehensive plan utilizing data associated in the system with our predefined template. Test a particular section of your business continuity plan by selecting a team and testing their associated tasks.

Incident Reporting

Review an executive overview of most current incident status and completion progress. Create teams and associate prioritized tasks. Store your incident response and escalation policies and define customized values. Track and record the incident while it occurs defining specific details and assigning teams to handle the incident. Upload and store necessary external documentation. Create follow up reports and memos using our template questionnaire and log lessons learned.

The right operational risk management solution can help find gaps in your operational risk management plan and help mitigate risk moving forward by implementing best practices and advanced technology all on one common platform.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Communication Is Key

When considering operational risk management and preparing for disaster recovery a proper communication median is commonly overlooked. It is something so simplistic yet too often do we resort to outdated call trees. Relying on one person to call another and having that person call the next not only complicates the process but also leaves unlimited room for human error. An alert notification system will easily replace these old-fashioned methods. Implementing this type of system will help your business build an overall stronger risk management program by allowing key personnel to be notified in minutes. In doing so, management will be able to focus on critical decision making while eliminating human error, misinformation, rumors, and/or heightened emotions from causing additional difficulties during an event.

Featured Sponsors:

 

 
It is important to look for an alert notification system that allows all types of communication including email, text message, and voice message. With all of today’s distractions, your alert notification system should allow you to cut through the noise and simply deliver the message. Always make sure to have back up contact information such as a second email address or second phone number to ensure that everyone is receiving the message at the same time. It is vital that your system allows you to easily create customized messages to be tailored to different target audiences based on roles within the organization and easily update your database with newly added and recently lost employee contact records.

Featured Sponsors:

 
In addition, your alert notification system should support two-way communication to account for read receipts and acknowledgements. Tracking the delivery of messages is just as important as sending them. The objective of alert notification is to get the correct message to the correct people. With two-way communication, not only is the system able to track when the message is opened, but it will also track when the recipient made physical interaction by responding to the message. All report logs should display time stamps and contact records for proper disaster recovery eradication. Tracking this information and organizing current communications will strengthen the process and allow your organization to recover faster.

Featured Sponsors:

 
For an all-encompassing operational risk management program, it is crucial for your alert notification system to integrate with your existing operational risk management systems. Company information such as employee contact information, associations to departments, locations, and even contact lists should only need to be updated in one system and automatically carry over to your other risk solutions. Whether you utilize the alert notification tool for operations closings, disaster notifications, or even to say “Happy Holidays,” a two-way communication tool will round out your recovery process and create an overall sufficient operational risk management solution.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

What To Look For In An LOS

website-pdf-download

It wasn’t that long ago when consumers were in the market for a new car, exciting options such as high quality audio systems, alloy wheel rims, sunroofs, leather seats were not standard features. Consumers were forced to purchase these special options aftermarket from a third party.

Featured Sponsors:

 

 
Consumers purchasing a new car today expect their vehicles to include digital entertainment systems that include everything from your basic AM/FM plus Sirius XM satellite radio service with Bluetooth/Wi-Fi integration with their smartphones, GPS, cruise control, leather seats, alloy wheels, moon roof, etc. What we find more interesting is the car manufacturers don’t produce most of these exciting options, but rather integrate these components so they are “built-in” to their total vehicle “package.” The key is they provide tight integration and support.

Featured Sponsors:

 
To a certain extent, the loan origination software space has evolved in the same way. Looking back the past ten to 15 years, if a lender was using a LOS platform that only supported mortgages, lenders would acquire a second lending platform for HELOC’s, Consumer Loans or Commercial Loans. Often Lenders would subscribe to a separate Point-of-Sale platform for their loan officers or branches. HMDA reporting tools would be licensed to generate the .dat file or a Doc Prep solution was licensed to print documents like closing documents or disclosures.

Featured Sponsors:

 
Lenders are looking for their LOS to handle more functionality than your “Father’s” LOS. Today, we recognize that electronic signatures, MISMO standards and other exciting functionality is high on lenders’ wish lists. But sometimes we need to go back to the basics.

Lenders, like consumers purchasing new cars, are looking for basic innovative technology that is included in the “package,” which will help streamline their operations, keep them compliant and ease the vendor management process by doing business with ONE vendor.

Vendors are constantly developing new functionality and/or successfully integrating their lending platforms to deliver “expected” functionality. Those vendors that deliver a fully integrated, data-driven loan origination system (LOS) will be the winners in the LOS space.

So you might ask, what is “expected” functionality that Lenders expect in the “basic” package? Read on to learn what Lenders are expecting …

The LOS Platform Should Supports ALL Loan Types

Due to the forthcoming regulatory changes, the advantages of a multi-functional LOS platform that supports more than one loan type greatly outweighs the idea of having multiple LOS system. This makes it easier to extract loan level data for reporting purposes ESPECIALLY with the new HMDA reporting requirements expected in just over 12 months. This approach will ultimately gain efficiencies and offer a better experience for Lenders.

Those Lenders that implement a LOS that can originate, process, underwrite, close and fund Mortgages, Equity Loans, HELOC, Construction Loans and Consumer loans are provided a competitive advantage, convenience and cost savings since they only have to manage a single system for all loan products.

Built-in Doc Prep and Reporting

The fact of the matter is … LOS platforms are supposed to generate documents. Whether those documents are hard copy or generated electronically, Lenders still has to generate critical lending documents. Lenders can expect cost savings are increased productivity when the LOS can generate all loan documents (including Loan Estimate and Closing Disclosures) directly from the LOS platform versus using a Third party “doc prep” service. Advantages include:

>> Security – Lender does not expose Borrower data outside their lending platform just to print documents.

>> Quicker document generation – documents are printed “on-demand” and no import or export process is required. Plus, it’s another link in the chain that can break if the Doc Prep provider is down.

>> Reporting – The reporting system should be internal with the LOS and users should be able to select any field in the database. Automated report scheduling should be supported and reports should be able to run dynamically. Besides generating hard copy reports, the reporting system should allow users to save reports in various formats including .pdf, .csv, excel, SQL, HTML and other popular formats. A data dictionary must be provided for quality report development and creating reports with graphical representation should be supported.

Since many legacy systems supported Crystal Reports templates, the ideal reporting system should be able to convert existing Crystal Report templates to your internal report writer environment.

>> Configuration control – flexibility of mapping fields.

Integrated Compliance Automation

This feature allows Lenders to validate or test compliance within your LOS platform such as QM/ATR, HOEPA, HPML (High Price Mortgage Loan), HMDA, Net Tangible Benefits. The LOS should also test for RESPA violations automatically and provide Forms compliance support without having to transfer data to a third-party compliance system. This results in…

>> Testing the compliance in your LOS, Lenders find there is a direct correlation in the reduction of regulatory errors.

>> Consistent Pass/Fail criteria will isolate specific violations that need to be addressed.

>> Live, real time results can be used for validating compliance.

>> Improved data transparency, which results in a smoother regulatory exam process. In other words, borrower data utilized during the regulatory testing process can easily be identified.

Smart Logic Equals Lender Definable Workflow

If you get 10 lenders in a room, I guarantee you will find 10 different ways to originate, process, underwrite and/or close loans. When the LOS allows lenders to dictate the “flow” (or logic) of data entry screens, required fields and which forms are generated by loan type/plan, lenders obtain a powerful LOS tool that will increase productivity and eliminate end-user errors.

The LOS should support smart logic design and a lender definable workflow. his capability allows lenders to identify specific loan requirements and characteristics to ensure all required data elements and proper documentation (i.e. disclosures) are provided to the borrower. This capability will increase productivity and definitely reduce errors.

Processing or underwriting screens should be grouped together using smart logic or “staging.” Required fields should be dictated by regulatory requirements and/or the lender. If required fields are missing, a visual indicator should be turned immediately on so end-users are alerted immediately that required information is missing.

Other examples of Smart Logic include:

When originating a 5-1 ARM, the LOS identifies the product and only prints the 5-1 ARM disclosure that is specific for that product.

Another area impacted by this logic is the generation of Closing Documents. Similar to the 5-1 ARM example, the system can identify key characteristics and state system requirements so that ALL documents are accurately provided.

Integration and New Account Opening

You would think the days of manually re-keying data to order basic services like credit, title, flood, appraisals, insurance, DU or LP are over. NOT. Many lenders still have manual processes when it comes to ordering 3rd party services.

Today, LOS platforms can deliver two-way, real time integration with service providers at time of application. Look for those vendors that follow MISMO standards.

This also leads to New Account Opening. The LOS should capture enough applicant information to open a new deposit account or at least cross sell other products. It is important to support OFAC at time of application. Two-way integration with the bank’s or credit union’s core system is very popular and supported by LOS vendors. Two-way integration means populating the loan application with CIF data at time of taking a loan application and uploading (also referred to as boarding a loan) closing and accounting information to the core system once the loan has closed.

There you have it, the five basic “features” that should be included in your LOS “package”. So get those keys out and start driving those loans home!

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Here’s What The Future Of Mortgage Technology Innovation Will Look Like …

For the sixth consecutive year, PROGRESS in Lending Association hosted its groundbreaking ENGAGE Event designed to engage the mortgage industry to discuss and find solutions to so many pressing  industry issues. This was a frank and thorough exchange of ideas and tips about how to solve the problems that face the mortgage industry.  Yesterday we reported on what the speakers said about the future of mortgage regulatory compliance. Here’s what they had to say about the future of mortgage technology innovation:

Featured Sponsors:

 

 

“Looking back, the industry under estimated the amount of effort required to comply with TRID,” said Roger Gudobba, vice president, mortgage markets at CSi. “The industry is always reactive instead of being proactive. The new buzzword going around now is the digital mortgage. I hope it’s more then a buzzword. We as an industry need to focus on the data, which is what we always needed to do.”

Featured Sponsors:

 

So, what will define a truly forward-looking and innovative mortgage company in the years ahead? “Burdens in many areas continue,” answered Paul Wetzel, product management lead for Mortgage Cadence. “You need an open platform with a modern interface. Ease of use is critical. The innovative technology firms will be adding quality development staff. The innovative system of the future will be scalable, compliant and include all of the fun stuff, too.”

Featured Sponsors:

 

Case in point, let’s look at Fannie Mae’s launch of Collateral Underwriter. The GSE has invested a lot in development to roll out new tools to both digitize the process and ensure compliance, but is it working? “People are accepting of CU,” pointed out Lisa Binkley, senior vice president business development and mortgage services at Platinum Data Solutions. “However, people say that it is too manual. The UI is easy, but many feel like they need to know what’s underlying the decision of CU so they can address the findings. CU is an advance, but it has to be improved.”

The key to innovating is getting as many lenders to embrace smart automation. If lenders won’t automate at all, innovation just can’t happen. One way to get lenders to move faster is to offer more automation in one platform that is either all-in-one or tightly integrated to best-in-class players.

“It is an expansive and timely process for lenders to vet so many technology vendors,” explained Marc Riccio, president at Specialized Data Systems. “Vendors have to offer both lenders and borrowers a truly better process. You can’t just automate an old process, you have to automate to improve the process. For example, if you are working with someone on a mortgage, you should be able to offer them other products like a credit card, a boat loan, or something else, all from one system. Innovative technology allows lenders to work smarter.”

About The Author

Tony Garritano
Tony Garritano is chairman and founder at PROGRESS in Lending Association. As a speaker Tony has worked hard to inform executives about how technology should be a tool used to further business objectives. For over 10 years he has worked as a journalist, researcher and speaker in the mortgage technology space. Starting this association was the next step for someone like Tony, who has dedicated his career to providing mortgage executives with the information needed to make informed technology decisions. He can be reached via e-mail at tony@progressinlending.com.

Don’t Forget To Manage Operational Risk

A major issue in the financial industry is due to institutions maintaining a narrow scope on operational risk management programs resulting in miscommunication and gaps in the process. In the past, the biggest focus of operational risk management was on business continuity, which became a job task for one particular employee. As the market place evolved, vendor management regulations became more prevalent and another person was designated into the responsibility of maintaining the vendors.

Featured Sponsors:

 

More recently, incident response regulations due to an escalation of cyber security threats increased resulting in another person taking on the task of maintaining incident response. Instead of consolidating all operational risk management tasks and looking at it as a bigger picture, the different areas of risk were delegated amongst a large span of people. Because of this, people don’t communicate and products don’t communicate with each other. As a result, these individuals rarely maintain a large focus on these operational risk management tasks and when they do they only focus on a small aspect of the larger picture.

Featured Sponsors:

Another issue in the financial industry is that operational risk management is often over looked if the institution isn’t under an auditor’s microscope. Their approach to operational risk management is reactive and defensive rather than proactive and going on the offensive to auditors and regulations. They look for systems after it is too late and they don’t have the resources to devote someone entirely to managing all areas of risk. They often panic and purchase one system covering a small part of the bigger problem. They devote the time and money into the system and then never use it to its full capabilities. The minimal amount of information input is just good enough to get that check mark from the auditor but will leave them scrambling when an actual event occurs due to an inefficient process.

Featured Sponsors:

RemoteComply is the solution for these industry frustrations. Our suite allows the financial industry to easily manage all areas of operational risk management under one platform. Instead of spreading the job tasks across departments, the suite allows complete communication throughout the risk management process. The suite will put institutions ahead of the game due to best practices and complete compliance built into the system. RemoteComply is cost effective and will eliminate the need to delegate different job tasks based on each area of operational risk management. These functionalities save valuable time and resources.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.

Managing Operational Risk

website-pdf-download

A major issue in the financial industry is due to institutions maintaining a narrow scope on operational risk management programs resulting in miscommunication and gaps in the process. In the past, the biggest focus of operational risk management was on business continuity, which became a job task for one particular employee. As the market place evolved, vendor management regulations became more prevalent and another person was designated into the responsibility of maintaining the vendors.

Featured Sponsors:

 

 
More recently, incident response regulations due to an escalation of cyber security threats increased resulting in another person taking on the task of maintaining incident response. Instead of consolidating all operational risk management tasks and looking at it as a bigger picture, the different areas of risk were delegated amongst a large span of people. Because of this, people don’t communicate and products don’t communicate with each other. As a result, these individuals rarely maintain a large focus on these operational risk management tasks and when they do they only focus on a small aspect of the larger picture.

Featured Sponsors:

 
Another issue in the financial industry is that operational risk management is often over looked if the institution isn’t under an auditor’s microscope. Their approach to operational risk management is reactive and defensive rather than proactive and going on the offensive to auditors and regulations. They look for systems after it is too late and they don’t have the resources to devote someone entirely to managing all areas of risk. They often panic and purchase one system covering a small part of the bigger problem. They devote the time and money into the system and then never use it to its full capabilities. The minimal amount of information input is just good enough to get that check mark from the auditor but will leave them scrambling when an actual event occurs due to an inefficient process.

Featured Sponsors:

 
RemoteComply is the solution for these industry frustrations. Our suite allows the financial industry to easily manage all areas of operational risk management under one platform. Instead of spreading the job tasks across departments, the suite allows complete communication throughout the risk management process. The suite will put institutions ahead of the game due to best practices and complete compliance built into the system. RemoteComply is cost effective and will eliminate the need to delegate different job tasks based on each area of operational risk management. These functionalities save valuable time and resources.

About The Author

Marc Riccio
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.