Managing Operational Risk in a New Era of Mortgage Lending

By:

If you've spent more than a few years working in the mortgage industry you are probably all too familiar with the term ‘silo’. Working in silos has long been the leading concern expressed by underwriting and operations teams. To the lay-person this means "in assembly line fashion".

The life of a mortgage loan takes on a number of stages, from the loan officer taking the original application, through the end of the line securtization sale and transfer. At each stage in between, all phases of the process come with their own identifiable areas of exposure to credit policy expertise, regulatory compliance and enterprise risk oversight. When managing risk falls under your primary area of responsibility, as it does with mortgage operations, having a global perspective on enterprise risk beyond underwriting and quality control is critical.

To take this statement a step further, enterprise risk can be understood to have an impact on all parties and policies of your organization. From the recruiting and hiring practices for the of front office receptionists, to the vetting of the cleaning crew and the security clearance for the messenger service, all areas, both physical and virtual, must all be taken into account when evaluating exposure to operational risk.

For example, I know first-hand of a messenger service delivering several cases of whole loan files, (original security and collateral documents included), who stopped for lunch and left the car unlocked. In the short time it took to grab a fast food lunch, millions of dollars of security instruments were stolen. Investigation into this issue uncovered a suspended driver’s license and a service that was not bonded or insured. This level of due diligence must be exercised with all third party relationships who have access to various areas of your business. This holds especially true for affiliates who have an interest in loan level transactions including mortgage brokers and appraisers. The Fannie Mae Loan Quality Initiative (LQI) rolled out in July 2010 is an example of policy directed at managing the third party originators, (TPOs). The LQI is a direct effort to hold mortgage bankers accountable for loan quality of each unit processed through their institutions regardless of vendor agreements.

Another familiar case from nearly two decades ago is that of Countrywide Home Loans being investigated for disposing of confidential borrower documentation in cubicle trash cans. This brought nationwide attention to the necessity for shredders and document disposal procedures for mortgage companies. A local news station went dumpster-diving behind several branches and found garbage bins full of credit reports, fully completed loan applications, tax returns, pay stubs and bank statements. This front page news was followed by subsequent class action lawsuits by consumers whose personal information had been compromised and had mortgage-related firms across the nation scrambling to institute document handling procedures.

A few years back there was an incident whereby the appraisal team for a Wall Street giant was traveling on assignment and had their laptops stolen. Data and information technology security in our virtual environment is imperative when being entrusted with personal borrower information such as social security and bank account numbers. Is your firm as hack-proof as necessary? If borrower information were stolen would you be able to account for the internal security of your network to ensure the theft did not come from the inside? Could you prove this in a court of law? These are vital factors to consider for all risk management personnel and must be detailed in the operational procedures for your firm.

Some years ago while managing quality control teams for a leading Wall Street mortgage backed securities investment firm, I rode the elevator up one morning with one of our sales managers. We frequently chatted about local businesses and industry news. The sales person whom I had known for a number of years asked if I had heard about a mortgage broker down the street who had been arrested by federal law enforcement officers the previous night for mortgage (wire) fraud. Immediately our team reached out to the Broker Approval department to conduct a special investigation. Within a few hours we notified senior management and proceeded to suspend funding for the broker’s pipeline, which was in excess of $80 million. If it were not for trusted communication between departments and strong policies and procedures to guide our responsibility in that situation our firm could have been exposed to excessive losses. These actions can be executed swiftly if silos are not present and the entire operation is working together as a team.

Another area of concern is trailing documentation. Assignment fraud is all over the news and industry experts remain on the fence over how far-reaching issue may ultimately be. With good reason! Another personal experience with this issue surrounds lost Promissory Notes and final title policy. Within the first year of business for an industry giant purchasing whole loans, a number of cases of original loan files were misplaced during a typical office relocation. Try calling hundreds of borrowers and asking them to resign Promissory Notes. Not likely to happen, less likely today than ever before because consumers are now more educated than ever.

During this same year an issue arose around an easement on a property. We were contacted by the borrower’s attorney requesting a copy of the final title policy for the property in question. It was at this time that the closing team became aware that, after nearly a year in business, no one was assigned to follow up on the receipt of the final title policies. The collateral documentation had been sent to the Custodian, as per policy, the only problem was receipt of final title was not part of
the established procedures.
Do a quick Google search for ‘robo-signing’ and you will see that what has long been a procedural oversight on the back end of the loan process is now a class-action suit in the making. The related Assignment issue that had Congress scrambling behind closed doors in November has become a national crisis rumored to have the potential to collapse the banking system.

Given the vulnerable state of the industry a startling observation recently became obvious to me. Several times a week we receive calls from due diligence underwriters, qualified, certified and exceptionally experienced. Underwriters representing nearly every remaining major bank and QC vendor are reaching out for help because they are being instructed to overlook egregious issues within loan files. This is the most basic and manageable risk factor: loan credit quality. As disturbing as this is each and every time it occurs, and it happens a lot, I cannot understand the whys and hows of this still occurring. One contract underwriter from a major mortgage bank, who is HUD certified, left her position because she was being instructed to condition for a letter of explanation on loans where the 4506-T came backfrom the IRS evidencing misrepresentation on tax returns. I can only scratch my head and continue the mission to help mortgage companies who want to be here tomorrow develop, implement and test their operational risk policies and procedures.

We still have a long way to go toward eliminating silos entirely, but the first step toward protecting the interests of our institution is open and honest communication. From within the company, senior leaders and front-line employees alike must share information openly. Corporate management must have honest communication with their vendors and other industry associations to stay ahead of threatening trends and risk related issues that may adversely expose the Company to avoidable risk. Talks about managing operational risk are no longer being held in back offices among risk managers. These conversations are now being held everywhere from law offices to the evening news. It is now more important than ever that we initiate this sharing of information and remove silos so we are working together to protect our consumers and our bottom line. Never before has the old adage held true: it is better to be safe than sorry.