The crisis in mortgage lending and the anger that followed the robo-signing scandal has become a crisis of paper. There are lots of new laws and government guidance that all say some version of the same thing - mortgage lenders have to be wary of how their third-party service providers are following rules designed to protect consumers, or the lender may find itself in non-compliance.
"Complying with multiple regulations in multiple states is an issue for all credit products, not just mortgages. Dodd-Frank and the CFPB [Consumer Financial Protection Bureau] are directly involved here as consumers are affected," says Christine Pratt, a senior analyst at Aite Group.
The new rules call for better documentation, with clearer disclosures and improved archiving. Lenders seek to automate this work.
"We provide loans in five different states in the southeast. Each state can have different real estate regulations and their documents can vary. We have to produce initial loan disclosures for each loan, and these disclosures not only apply to the state we're doing business with and the type of loan, it can also apply to the documents [used by mortgage investors]," says Kathy Weber, a vice president in charge of origination support for United Community Mortgage Services, the mortgage lending arm of United Community Bank (UCBI), a $7 billion-asset bank based in Blairsville, Ga.
Tech firms that aid in document management smell cash in the water. "There's an opportunity here for tech firms that do any kind of due diligence," says Craig Focardi, a research director for CEB TowerGroup.
United Community, for example, has hired DocuTech, a document preparation and automation firm, to help ensure the documents it uses to accumulate and disclose information to borrowers are up to date with regulatory changes on both federal and state levels. "We want to feel confident in our providers that they are up to date...we want to produce compliant and accurate documentation in a format that's easy for us to use," Weber says.
DocuTech deploys a team of paralegals to track updates to regulations, and executes changes to document templates and disclosure forms on behalf of lenders. The lenders then use those forms to obtain information about borrowers from third party sources, and communicate loan status and make disclosures to borrowers and investors. The challenge for banks - particularly smaller banks that do business in multiple states - is to keep abreast of minute yet important changes to rules that often fall through the cracks at the local service providers that supply data used in credit and pricing decisions. "Many of the providers [of the third party services] are small and don't provide the proper controls in the way that their services are delivered and deployed," says Scott Stucky, COO of DocuTech.
Mortgage lending disclosure rules are covered by state regulations, federal statues such as the Real Estate Settlement and Procedures Act (RESPA) and the Truth in Lending Act (TILA). Under the Dodd-Frank law, these mortgage regulations are being updated to mandate more disclosure and to integrate the two rules into a single disclosure standard, which would impact the forms and documents used by lenders and third parties. The process is complex, with numerous drafts and proposals, making it difficult for banks to keep abreast of individual changes or updates.
"The Consumer Financial Protection Bureau is going to put lenders a bit more on the hook to ensure their providers are complying with the law," Focardi says.
Other providers of technology and services that help mortgage lenders manage third party compliance include Wolters Kluwer, Harland and the large core banking vendors. Another provider is CSI (CSVI), which sells managed compliance services through its ATTUS subsidiary. ATTUS recently released a new Dodd-Frank planning module to help institutions identity and understand the impact of pending reforms such as the new third-party document guidance from the CFPB.
The ATTUS Dodd-Frank suite includes online content, software downloads and access to subject matter experts. Part of the service includes self-assessment software for internal exams and a strategic planning tool. The strategic planning tool includes descriptions of each mortgage reform section within Dodd-Frank, with an implementation date on each key section - giving lenders the chance to assign staff for upcoming items and create timelines for compliance plans. The ATTUS service can integrate with CSI's core banking platform or operate as a standalone. ATTUS says its services can also be used to inform service level agreements between lenders and third-party providers.
"A lot of the services that third parties are providing touch on other regulatory requirements and banks may be leaving that compliance process up to that provider. For example, there are many regulatory or consumer protections that apply to mortgage servicers, and if there isn't oversight by the financial institution, there could be a violation that the financial institution would be responsible for," says Lori Moore, director of compliance for ATTUS.
Harland's flagship product, LaserPro, has been updated to include connectivity for lenders to seamlessly import data from other service providers, such as access to credit bureaus and flood determination services. Its monitoring service includes an in-house legal team monitoring the Dodd-Frank Act driven compliance changes.
The Treasury Department is aggressively examining processing shortfalls that led to sketchy foreclosures based on incomplete documentation.
"I think a lot of this focus has to do with third parties in the robo-signing area, with the law firms considering foreclosures on behalf of financial institutions, whether they were maintaining and making sure that there was appropriate documentation and oversight," says Tim Burniston, vice president and senior director of Wolters Kluwer's risk and compliance consulting practice. A Treasury department examiner has contended that the Office of the Comptroller of the Currency, a Treasury Department bureau, failed to spot improper foreclosures, a move that's likely to spur even more scrutiny of how lenders use externally-provided information to foreclose on distressed residential properties.
"Since the Treasury report and the news accounts we've seen an interest in the topic from clients, particularly those looking at vendor management products and looking to assess where there strengths and weaknesses are. They need to figure out the best practices," Burniston says.
The scandal surrounding incomplete or inaccurate foreclosures first came to light a couple of years ago, when it was found that some banks had engaged in what's commonly called "robo-signing," or non-compliant foreclosures executed by fraudulent or incomplete documents designed to shorten the lengthy, document-heavy foreclosure process. The nation's five largest banks paid the government $25 billion to settle robo-signing claims, but didn't admit wrongdoing.
"The information revealed in this new study makes the job of third party compliance vendors more difficult and puts greater responsibility on them. At the same time, there is a limit to how much legal and operational risk emanating from bank errors and regulatory failure can be transferred to third party services and software vendors," Focardi says.
Foccardi says market reforms could include OCC examiners doing more audits, or given budget constraints there, it is likely that regulators could further require banks to hire "independent" third party compliance firms. "The success of this approach requires these third parties to be truly independent, because as we saw with subprime mortgage-backed securities, the work of third-party quality control firms was either ignored or compromised by bank pressure to certify a different level of loan quality than was actually present," he says.
Of interest to document management firms and bank compliance departments is the new Treasury report, which says the OCC did not initially identify foreclosure documentation as a significant risk, instead focusing on lender compliance with federal laws. That shortcoming signals an increase in focus on documentation and third parties in the future. The OCC says it plans to review foreclosure-related complaints as part of a 2013 update to the Mortgage Banking Handbook, a document that hasn't been updated in 14 years.
"The instances of robo-signing are a problem for loan servicers because they could not retrieve original documents signed off on by a borrower such as the mortgage contract," Pratt says.
Neither the OCC nor the CFPB have issued actual regulations. But the momentum is toward more government scrutiny.
"Financial institutions need to treat third parties as if they are part of the organization rather than a black box, making them responsible and accountable," says Todd Cooper, an executive vice president and general manager in Wolters Kluwer's enterprise risk compliance line.
In addition to automating as much of the document prep and delivery as possible, Cooper suggests lenders actively query their vendor suppliers, asking about the supplier's risk assessments, controls and how the vendors plan to abide by those controls. He also suggests independent testing of vendor controls.
"You have to tell vendors what you expect to see changed," says Cooper, who says new software can formalize document updates and use the web to push those updates from the lender out to the vendor's document delivery systems. "[Documentation] is an area where it's been tough for vendors to keep up."
The robo-signing scandal has heightened focus on third-party compliance strategies.