One of our favorite newsletters, published by mortgage industry veterans of 30+ years’ standing, is the Garrett McAuley Report, a no-nonsense look at some of the issues percolating in the industry. The latest edition mentions the relevance to our industry of the recent ransomware attacks that affected most major countries in the world . Here’s their take. How are you positioned for this eventuality?
For more along the same lines, check out their Articles page.
May 21, 2017
To Our Clients, Colleagues, and Friends:
- Everyone has heard about the ransomware attacks last week, and our impression is that very few independent mortgage companies are prepared for this sort of thing. About 70-75% of our clients use Ellie Mae’s Encompass, and when we ask about the security of their loan files, the answer is usually along the lines of, “Not a problem. Encompass is hosted.” True but irrelevant if cyber-attacks take down Ellie Mae and you don’t have back-up. Do yourself a big favor and start thinking through all the ways you need to protect yourself.
- Think about all the vendors you do business with, and think about how their sudden failure would affect you. As improbable as it seems, what if Ellie Mae failed, or your hedge advisor, or your biggest investor? I asked one mortgage executive how his company would be affected if Encompass made an announcement that they were immediately ceasing all operations. He laughed and said that could never happen, but people also said that about Lehman, Bear Stearns, New Century, and WaMu. I once met a fellow from Chicago, his last name was Kelly, who owned a bunch of banks. Back around 2005 or so, they bought preferred stock issued by Fannie Mae, and that was when Fannie Mae was considered A+ solid. When Fannie Mae was placed into conservatorship, the securities plunged in value, and the FDIC seized all 5 or 6 of his banks.Anyway, I’d say that 90% of our clients don’t do adequate due diligence on their counterparties, and there’s real risk there. Here’s a 13-page guide, Outsourcing Risk, put out by the Federal Reserve on managing counterparty risk, with an emphasis on outsourcing.