A biologist, a chemist, and a statistician are out hunting. The biologist shoots at a deer and misses five feet to the left. The chemist takes a shot and misses five feet to the right. The statistician yells “We got ’em!”
Controversy at the Consumer Financial Protection Bureau
In an extraordinary turn of events, “the leadership of the Consumer Financial Protection Bureau has been in controversy since last Friday when outgoing Director, Richard Cordray, and President Trump designated dueling individuals to serve as acting Director of the Bureau following Cordray’s resignation”, to quote Mitch Kider of the law firm Weiner, Brodsky and Kider. This situation presents some interesting dilemmas for compliance and quality control professionals, many of which are described by Mr. Kider in a Special Alert. The Alert provides a synopsis of the situation and its implications and is well worth reading in full right here. The industry is watching closely as the drama unfolds!
Are Your Data and Operations Safe?
One of our favorite newsletters, published by mortgage industry veterans of 30+ years’ standing, is the Garrett McAuley Report, a no-nonsense look at some of the issues percolating in the industry. The latest edition mentions the relevance to our industry of the recent ransomware attacks that affected most major countries in the world . Here’s their take. How are you positioned for this eventuality?
For more along the same lines, check out their Articles page.
May 21, 2017
To Our Clients, Colleagues, and Friends:
- Everyone has heard about the ransomware attacks last week, and our impression is that very few independent mortgage companies are prepared for this sort of thing. About 70-75% of our clients use Ellie Mae’s Encompass, and when we ask about the security of their loan files, the answer is usually along the lines of, “Not a problem. Encompass is hosted.” True but irrelevant if cyber-attacks take down Ellie Mae and you don’t have back-up. Do yourself a big favor and start thinking through all the ways you need to protect yourself.
- Think about all the vendors you do business with, and think about how their sudden failure would affect you. As improbable as it seems, what if Ellie Mae failed, or your hedge advisor, or your biggest investor? I asked one mortgage executive how his company would be affected if Encompass made an announcement that they were immediately ceasing all operations. He laughed and said that could never happen, but people also said that about Lehman, Bear Stearns, New Century, and WaMu. I once met a fellow from Chicago, his last name was Kelly, who owned a bunch of banks. Back around 2005 or so, they bought preferred stock issued by Fannie Mae, and that was when Fannie Mae was considered A+ solid. When Fannie Mae was placed into conservatorship, the securities plunged in value, and the FDIC seized all 5 or 6 of his banks.Anyway, I’d say that 90% of our clients don’t do adequate due diligence on their counterparties, and there’s real risk there. Here’s a 13-page guide, Outsourcing Risk, put out by the Federal Reserve on managing counterparty risk, with an emphasis on outsourcing.
Lines of Defense
Here’s a good description of the ‘lines of defense’ approach that many financial institutions are taking to quality control, operational risk management and compliance risk management. Without a framework like this, it becomes much more difficult to meet today’s enhanced regulatory scrutiny, increasingly complex regulatory requirements and rapid pace of regulatory change.
HUD Introduces Defect Taxonomy for FHA Lending
In a growing trend towards streamlining and standardization of quality control and compliance methodologies, HUD has introduced a Defect Taxonomy in its “FHA’s Single Family Housing Loan Quality Assessment Methodology“. This document lays out the methodology that the FHA plans to adopt to improve its own QA efforts.
Knowing how FHA will be evaluating loans is helpful in designing your own QA program. Particularly useful is the definition of nine defect categories, numerous sources/causes for the defects, and four levels of defect severity. These can be roughly translated in ‘Cogentspeak’ to audit question categories, preset comments, and findings levels respectively.
For those configuring their Cogent FHA audit shells: your work has just become easier and more complex at the same time.