An Interview with Hon. Kenneth M. Donohue, former HUD Inspector General

The following interview was conducted by Andrew Liput, CEO and President of Secure Insight, a New Jersey based vendor management firm specializing in identifying and monitoring settlement agent risk for mortgage lenders nationwide.  Mr. Liput sat down with Kenneth M. Donohue, former HUD Inspector General under Presidents George W. Bush and Barack Obama, to discuss how new vendor management rules help address consumer protection and loan quality assurance concerns of regulators and government agencies.

Liput:  As Inspector General at the US Department of Housing and Urban Development (HUD), you spent a good deal of time developing initiatives to combat mortgage fraud and loan quality issues which threatened high default rates for FHA insured mortgages.  What lapses in operational controls did you find when you looked at lenders who were subjects of investigation?

Donohue:  We found generally that lenders with high rates of defaults had very poor quality control platforms.  They were more concerned about closing any loan they could get rather than evaluating the risk of those loans defaulting due to the financial stability and other risk factors of the parties involved in the transaction.  Of course the prevalence of no documentation and low documentation loan programs gave some lenders the ability to look the other way when it came to loan quality assurance.  There were of course also some lenders who encouraged actual fraud.  In the end it comes down to greater risk management from origination through closing and transparency.  In addition to my time at HUD, I spent many years investigation fraud at RTC, TARP and as a member of the President’s Corporate Fraud Task Force where I learned that things hidden from view can often lead to bad conduct.

Liput:  The passage of Dodd-Frank initiated what appears to be a new era of accountability for mortgage lenders in consumer protection and loan quality assurance.  Is this a good thing for lenders or just another set of rules to make lending more difficult?

Donohue:  Ultimately I think it is good for everybody. Too many lenders started thinking less about the consumer as an individual and more about increasing volume, and so consumer protection rules and greater accountability helps to encourage better business decisions.  We saw what happened in an environment where anything goes: there is a brief period of large profits followed by a collapse caused by the consequences of poor lending decisions.  When I spoke at the MBA’s Annual Convention in Chicago in October 2011, I emphasized that the loss of public trust in the mortgage banking industry needed to be addressed, not by pointing fingers but by crafting proactive solutions including monitoring, accountability and transparency.  There may be some initial pain for some lenders however in the end consumer confidence can be restored and greater financial rewards will follow

Liput:  In April 2012, the Consumer Financial Protection Bureau (CFPB) published Bulletin 2012-3 establishing third party vendor management rules for non-bank entities.  The initial reaction was confusion, why?

Donohue:  I’m not sure, especially because there were vendor management guidelines and directives published by the Office of Comptroller of the Currency (OCC) since 2001, Fannie Mae (FNMA) since 2005 and the National Credit Union Administration (NCUA) since 2007. My guess is that lenders had not really focused on vendor management in the past, and the Bulletin did not really define who or what was a third party subject to scrutiny.  Today there should be no confusion or uncertainty as the CFPB, FDIC, OCC and others have been pretty clear about what lenders must do to manage third party service provider risk for consumer protection and establish greater transparency in all aspects of the loan process.

Liput:  And what would that be, for those still unsure about regulatory expectations?

Donohue:   Independent evaluation of risk, ongoing monitoring, real time reporting. Those are basics.  The key to me is the monitoring.  You cannot have proper risk management unless you continually monitor entities and individuals.  Behavior changes, risk changes, fraud can arise at any time.  Lenders need to keep track of professionals, especially those who have direct access to consumers and their private information, so that they can pull the plug on a relationship and even stop a loan from closing if there is a change in risk.

Liput:  With so many new regulations coming down from Washington, why should lenders consider vendor management a priority?

Donohue:  Because who you choose to do business with defines who you are as a company.  The CFPB and OCC have made it clear that lenders will be held accountable for the company they keep, and that no one can turn a blind eye to the quality of those business partnerships.  Whether it is appraisers, settlement agents, mortgage brokers, or anyone else who could cause harm to a consumer through fraud, theft, or some other criminal activity, lenders simply must take appropriate measures to screen and monitor those relationships and be ready to prove they have an adequate policy in place when audited.  We have not yet heard of a lender facing an enforcement action or fine for mismanaging a vendor relationship, but it is only a matter of time when it will occur.

Liput:  It’s not just regulatory concerns that lenders should be concerned about though right? Consumer litigation against mortgage banks has been aggressive in the last few years.

Donohue:  Good point.  The so called robo-signing scandals we saw with the foreclosure crisis over the past several years resulted in almost a cottage industry of lawsuits against lenders seeking mortgage cancellation, money awards and even punitive damages.  There is every reason to believe that poor vendor management that results in consumer harm, whether from identity theft, theft of mortgage proceeds and other fraud could result in a rash of civil litigation as well.  Litigation costs can cripple any business.

Liput:   Exactly how does vendor management improve loan quality assurance?

Donohue:  Wall Street investors, HUD and the GSEs are all much more focused on how a loan was originated, as well as the parties to the transaction than ever before.  Vetting and monitoring the appraiser, broker, settlement professionals and even real estate agents, all of whom have a critical role in the loan process, helps to establish a comfort level, or expectation, that the loan is less likely to later be found to have been a subject of mortgage fraud.  The most egregious fraud cases we investigated while I was at HUD nearly always involved one or more of those professionals in the conspiracy to commit the fraud.  If you define loan quality assurance as the expectation that a lender has managed the loan throughout the manufacturing process, at each step evaluating the quality of the property, the borrower and the parties supporting the transaction, then of course third party management of appraisers, brokers, attorneys and others is critically important.

Liput:  Some opponents of expanded vendor management rules are concerned about invasions of their privacy; that is being forced to open up their business and private lives to scrutiny simply to be approved to conduct business with a lender.  Is this a fair argument?

Donohue:  I think it is to a degree.  Many people are understandably concerned about who has access to their private information. However the professionals who work in and around the mortgage industry must recognize that consumer protection is the real focus here.  That these professionals have the ability to cause significant harm to a borrower; some even have access to nearly every detail of a consumer’s life which is contained in the uniform loan application form that is at the closing table in every residential loan. It’s a balancing of rights and risks.  Certainly professionals deserve an expectation that whatever information they provide in connection with a vendor approval process is handled safely and securely, but the fear of providing the information in a professionally managed process does not outweigh the risk of harm to consumers who turn the handling of their own financial affairs to a group of people they have likely never even met before, let alone evaluated for risk.  Government seeks to protect the weakest among us.  In the mortgage process the consumer is at the greatest disadvantage dealing with a complex transaction involving many moving parts, voluminous documentation, and many different parties managing the transaction for them.  In the end lenders and vendors must place the rights and expectations of consumers first.

Liput:  Where do loan originators fit into the equation?

Donohue:  Most third party vendors are introduced because of referral relationships, and many referral relationships are controlled by loan originators.  MLOs need to understand the reason for vetting and monitoring because there can be a tendency to see it as interfering with the referral relationship, not enhancing it.  The truth is that a bad referral relationship, one that causes harm to a consumer, can have serious consequences for the originator…suspicion of involvement in fraud, financial losses from loan repurchases, and even damage to their professional reputation.  Everyone in a lender’s organization needs to be on board with supporting the issues of transparency and risk monitoring.

Liput:  So vendor management is here to stay?

Donohue:  Yes it is. This is an important issue for regulators and the CFPB will ensure that lenders understand the importance of how vendor management expectations should be managed. The issue is important for consumer protection and compliance is critical to overall loan quality assurance.

_______________________________________________

Kenneth M. Donohue served as HUD Inspector General under Presidents George w. Bush and Barack Obama.   In addition to his service as HUD IG, Mr. Donohue had a distinguished 21-year career with the U.S. Secret Service as a special agent, culminating with an assignment to the assistant director’s CIA Counter-Terrorism Center, and later was appointed as assistant director, Office of Investigations, within the Resolution Trust Corporation (RTC). His staff was successful in uncovering fraud and abuse among directors and officers of failed savings and loan institutions. After the RTC, Mr. Donohue served in the FDIC Office of Legal Counsel’s Criminal Fraud Unit. He has also served as a member of the President’s Corporate Fraud Task Force, as well as the Troubled Asset Relief Program Inspector General Council (TARP-IGC). He most recently served as director and senior advisor of CohnReznick LLP Advisory Group – Government Services and is now a retired, private business consultant.

Andrew Liput is president and CEO of Secure Insight, a company he founded in 2012 after 10 years studying the problem of escrow and closing fraud and the risks for lenders and consumers associated with mortgage closing transactions.

You Can’t Make This Stuff Up!  This month like every month we feature some of the latest news about mortgage and closing fraud affecting our industry.  These are real cases from around the country, only the names have been redacted to avoid threats of frivolous legal action…

• In Washington State, a vice-president, loan officer and loan processor at PC Bank Home were indicted by a grand jury in the U.S. District Court and charged with conspiracy to make false statements on loan applications and to commit bank fraud and bank fraud
• A Maryland accountant was sentenced to two years in prison, followed by three years of supervised release, for a mortgage fraud scheme involving the fraudulent purchase of seven properties in Baltimore using fraudulent loan documentation and straw buyers causing losses of more than $1.4 million dollars.
• A politician, a former state Senate and Assembly candidate in New Jersey and two of his family members were arraigned on a 27-count indictment for their alleged role in a sophisticated mortgage fraud scheme in Newark. They are charged with conspiring to file a false document with the county stating the mortgage held on a property had been paid off, even though an amount in excess of $75,000 was still owed on the mortgage.
• A sophisticated mortgage fraud scheme in New York resulted in an attorney and a group of his conspirators facing indictment in December 2016. The group told potential clients they could eliminate their mortgage debt in exchange for a fee. In reality, the lawyer drafted and filed fake discharges of mortgages at local county clerk’s offices in Westchester and Putnam Counties and in Connecticut.  To profit from their scheme, the group charged monthly fees that they said covered, among other things, audits of the clients’ properties that they often failed to perform.  They also encouraged their clients to take out second or reverse mortgages on the properties and they then retained substantial portions of these proceeds.  Losses exceeded $33 Million dollars.
• The publisher of a Spanish language newspaper in Florida who was also a licensed real estate sales associate and mortgage broker was sentenced to 18 months in federal prison for embezzlement and misapplication of funds. According to court records he was responsible for marketing and selling bank-owned properties to investors in order to remove these troubled assets from his bank’s balance sheet, and in connection with the fraud signed false HUD-1 settlement statements and other closing documents causing $10 Million in losses.
• A Chicago real estate lawyer recently pled guilty to bank fraud in Illinois federal court admitting his role in a $22.9 million mortgage fraud scheme centered on selling condos in a downtown high-rise to straw buyers. The attorney represented LLC sellers at closings while knowing the condo prices were inflated and signed off on sales documents sent to lenders that contained false information about the amount of money the purported buyers were putting into the deal. He faced up to 30 years in prison but was sentenced to 11 months in prison, two years of supervised release, and ordered to pay a fine of $10,000 and restitution of $83,000.

When the CFPB issued its Bulletin 2012-3 addressing third party service provider risk management, the industry largely responded with a blank stare.  Because most lenders had never developed risk management protocols and vetting processes for vendors, there was significant confusion about what they needed to do to satisfy regulators.

The Bulletin itself was somewhat vague and did not offer a specific list of tasks nor a roadmap or flow chart of detailed steps to ensure compliance and consumer confidence.  It did however indicate that ongoing monitoring was necessary, and that lenders were to “[t]ake prompt action to address fully any problems identified through the monitoring process, including terminating the relationship when appropriate.”

In the wake of the Bulletin the industry responded through private and public means, to provide appropriate tools to manage risk, including for example ALTA”s Best Practices initiative, and Secure Settlement’s third party vetting tool and nationwide risk database.  These efforts, and those by others, were designed to ensure minimum uniform standards of risk management and also provide critical data to allow a lender to assess whether or not a vendor posed a risk of harm prior to engaging in a business relationship.

What these efforts did not fully address was the continual evaluation of actual performance by vendors.  Beyond the licensing, insurance, internal controls, and background checks, there is more to the lender-vendor relationship and the impact the relationship might have on the consumer experience.  Is a licensed and insured vendor that has a solid business platform and clean business record competent at what they do?  Will the consumer experience be one that meets the reputation of the lender which has introduced the vendor into the lender-client relationship?  After all, someone can look great on paper but create a terrible consumer experience through their attitude, lack of experience, lack of professionalism, and overall incompetence.

Consequently lenders need to do more than just collect paperwork about vendors.  They need to actually measure their performance, both internally with operations and among their clients, to determine whether a vendor is doing their job competently.  This can easily be determined by periodic surveys of your staff and post-transaction surveys of your customers.  When poor performance is uncovered, a lender needs to address it with the vendor and determine whether the relationship should be adjusted or terminated.

However you choose to do it, performance evaluations are a critical component of vendor management and must be a part of your overall compliance toolbox.

Spring is in the air, and for sports enthusiasts like me that means one thing: Spring training and the start of yet another baseball season. As I check out the Florida box scores, I can’t help but find some parallels between the National Pastime and the current state of the mortgage industry.

• With the current down market many lenders have thrown in the towel and instead are saying “wait ‘til next year!” As the Brooklyn Dodgers found out time and time again (except for 1955) a team that is focused on the future and not the present usually ends up on the losing side of the scoreboard.  The Yankees beat the Dodgers nearly every year from 1947-1956 because their focus was “This IS next year!”  Lenders who are focused on growth and success despite a down market are finding it; those who are just waiting it out until next season may find that when the time comes they will not be fielding a team.
• Casey Stengel, who led the Yankees to 10 pennants and who was saddled with managing the famously inept 1962 Mets, was known for his muddled language. Reporters often scratched their heads trying to understand his point, and as a result Casey became the story which often took the heat off of his players.  The regulators in Washington appear to be speaking in “Stengelese” these days.  Thousands of pages of regulatory requirements that meander from topic to topic and leave lenders who now are responsible for implementing them thinking: “What in the world does that mean?”
• Attitude is everything in life. Cub star Ernie Banks loved baseball. He knew he was privileged to be paid doing something he really enjoyed, and when he arrived at Wrigley Field for a day game would often say “let’s play two!”  I’ve noticed that those MLOs who really love what they do, who see their role as consumer-oriented not just another way to make money, find success no matter how tight the market might be.  They show up for work every day and instead of saying “how am I going to get business “say “I’m going to close two!”
• Stan Musial was one of the most gifted and respected players of his time. When he arrived at the ballpark he would say “I think I’ll get three hits today,” however he was not a stat hog.  Near the end of his a career he had to be told by a fan that he was approaching 3000 hits.  Musial was a team player first. He had a notorious work out regime (rare for that time), supported his teammates, and encouraged preparation.   Today lenders need to encourage more teamwork and to take appropriate steps to prepare for a new consumer and compliance focused marketplace.

With the Spring season here and everyone thawed from Winter’s deep freeze, the industry is poised to see higher originations and closed loan volume. As volume increases in a risky purchase market, it will benefit forward-thinking lenders to incorporate more risk management and quality control steps to avoid the type of fraud and defective loans that marked the last purchase boom from 2002-2008.  As Yogi Berra reportedly said, “It’s like deja vu all over again!”

Play ball!

Immediately after Donald Trump was elected President in November 2016, the election the mortgage industry was buzzing with articles predicting that a Trump Presidency would mean the death knell for the Consumer Financial Protection bureau (CFPB).  It will never happen for several reasons.

First, Mr. Trump did not campaign on a platform to decrease consumer protections in financial transactions.  Commentary about less regulations and business growth might be a signal to reduce some of the industry’s regulatory morass to help reduce costs and increase lending opportunities.  However if Mr. Trump’s campaign taught us anything, he was not a typical conservative Republican, but rather a more nationalist/populist candidate.  His appeal went beyond typical business/corporate interests to working and middle class Americans concerned about the economy, about government expansion, and “ruling elites”, among other issues.  Eliminating an agency whose stated purpose is to protect consumers from unfair, unethical and self-serving finance industry practices is not a populist position.

Second, the jury is still out on whether a President Trump can legally remove CFPB Director Cordray and exert influence over how the CFPB will operate.  While the recent PHH decision signaled that at least one court considered the independent management structure of the Agency unconstitutional, in that it concentrated too much power into the hands of one person, unelected and without executive branch supervision, that decision is presently being appealed and an affirmation of the lower court ruling is not guaranteed.

Third, the CFPB actually does some really good work.  While we may not want thousands of pages of new regulations, and occasionally the Bureau has acted as if it has little practical understanding of how the mortgage industry operates, the truth is that consumers have been better off with the Bureau in place.  The CFPB has addressed real issues regarding lack of transparency, spotty accountability and quality lending practices that in a moment of honest reflection seasoned industry professionals must agree made sense.

From where we sit in the ivory tower of SSI, this also means that vendor management rules are unlikely to change.  Even the most recent “clarifications” regarding third party servicer provider risk management have not changed the basic premise that lenders who expose their funds and a consumer’s NPPI to strangers must be accountable for doing so.  This means knowing who your vendors are, monitoring them for risk and cutting off harmful relationships before a consumer suffers injury or loss.

While Trump Presidency will undoubtedly bring us many interesting and unexpected moments, the elimination of the CFPB and its focus on consume protection will not be one of them.  You heard it here first.

For years real estate closing work has been the “bread and butter” of many small law practices.  Representing buyers and sellers in sales and mortgage closing transactions can be a lucrative practice area, and because there are no significant rules and training or practice barriers as for example complex criminal defense or tax work, it has helped many an attorney pay off their law school loans.  That perception may be changing with the advent of the Consumer Financial Protection Bureau, established under The Dodd–Frank Wall Street Reform and Consumer Protection Act (Pub.L. 111–203, H.R. 4173); commonly referred to as “Dodd-Frank.”

The Dawn Of A New Regulator Has Brought Changes

The CFPB, which has been granted super-regulatory powers answerable only to the Federal Reserve and not Congress has been making headlines for the past few years with its plethora of new financial industry rules designed to prevent another mortgage and banking industry collapse while protecting consumers from financial harm and abusive practices.  Last year, the CFPB issued a bulletin in April 2012 (CFPB Bulletin 2012-3, or Bulletin) without much fanfare.  This Bulletin, which was the precursor for final rules that went into effect in January 2014 require all non-bank entities (read mortgage lenders and brokers) to “manage third party service provider relationships.”  This Bulletin has already had an impact on how real estate closing attorneys are conducting business and will only have a greater impact after the new year.

In relevant part, Bulletin 2012-3 states: “The CFPB recognizes that the use of service providers is often an appropriate business decision for supervised banks and nonbanks. Supervised banks and nonbanks may outsource certain functions to service providers due to resource constraints, use service providers to develop and market additional products or services, or rely on expertise from service providers that would not otherwise be available without significant investment….However, the mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with federal consumer financial law to avoid consumer harm…The CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships. The CFPB will apply these expectations consistently, regardless of whether it is a supervised bank or nonbank that has the relationship with a service provider.”

            What this has meant in the real estate closing industry, for title agents, escrow firms, lawyers and even notaries, is that all banks who are in the business of making mortgage loans must develop and implement a program to manage the risk of harm, to them and to consumers, by closing professionals.  This includes attorneys who handle the funds and documents at a residential real estate closing.

Resistance To These Changes Has Not Been Successful

When the Bulletin first came to light and the realization set in that a previously unsupervised profession would now be subject to intense scrutiny there was understandable push-back, mainly by professional associations such as the American Land Title Association, the Independent Escrow Association and the National Association of Independent Land Title Agents.  These organizations stepped up to give cover to their members and make the case that vetting closing professionals was unnecessary for reasons of economic, privacy and competitive disadvantage issues.  Their complaints fell largely on deaf ears as the statistics reflected in FBI reports on mortgage industry fraud showed that escrow and title defalcations were a growing segment of white collar criminal activity.  The FBI estimated that 15% of the $13 billion in mortgage fraud claims in 2012, or nearly $2 billion, were directly attributable to the bad acts of closing professionals (FBI Annual Mortgage Fraud Report, www.fbi.gov/stats-services ).  The potential for losses is much bigger.  In 2012, banks funded 8.4 million residential mortgage transactions, wiring more than $1.4 trillion into the trust accounts of more than 100,000 closing professionals (entities and individuals) nationwide (www.MortgageBankers.org; www.corelogic.com, www.realtor.org).

The CFPB Bulletin should not have been a surprise to anyone.  In fact when the author of this article met with the CFPB in 2012, just after the Bulletin was released, he was told that regulators were merely extending to non-bank lenders (not just those federally regulated) the same rules that had been in place for a decade under the OCC for supervised entities, albeit not often enforced.  Indeed, the OCC (and others) had adopted aggressive vendor management rules as far back as 2001 (OCC-2001-47, November 2001; see also Fannie Mae Customer Education Group, Report of December 2005, NCUA Guidance Letter 07-CU-13, December 2007), requiring closing professionals to be vetted.  In response, warehouse banks and some large retail lenders had adopted a modicum of pre-funding vetting requirements that included asking attorneys and other settlement agents to produce proof of insurance and evidence of a trust account, but the implementation was not uniform and neither was the result.  Indeed, the period 2007-2011 saw dozens of defalcations involving attorneys who stole mortgage proceeds or conspired with others to commit other forms of mortgage fraud.

Banks Must Comply or Face Stiff Penalties

The issuance of CFPB Bulletin 2012-3 essentially inaugurated a new era in third party service provider management to the extent that the federal government, through the CFPB, HUD, OCC, FDIC and others agencies, now has an enforceable expectation that attorneys and other settlement agents must be (a) vetted for risk, (b) monitored for changes in risk, (c) verified to be in compliance with consumer protection statutes, and (d) maintained in a database for examination in the event of an audit.  Failure to comply can result in fines, penalties and even injunctive action against banks.

But it is not just the CFPB Bulletin that is making banks nervous about their settlement agents: It is also the realization that the Graham-Leach-Bliley Act (Pub.L. 106–102, 113 Stat. 1338), which addresses the need to manage access to consumers private information, is also looming over their heads because the CFPB is now in charge of enforcing that law as well.  Lawyers who handle real estate closings may have access to a borrower’s complete personal and financial history, usually contained in the closing documents, especially the RESPA Form 1003 mortgage application.  The 1003 sets forth a consumer’s identity information (including SSN), address, workplace history, bank, and asset information.  Other closing documents may detail family relationships, marriage and divorce information, and similar personal data.

It is indisputable that attorneys, more than any other discipline that makes up the closing professional industry (the others being title agents, notaries, escrow firm and sometimes realtors), are generally the most educated, most trained, and most supervised group. However, even the state bar associations and the supervising disciplinary committees are largely reactionary to attorney malpractice and criminal behavior.  They simply do not have the technology, labor force and resources to engage in the type of ongoing risk evaluation and reporting that the government expects to ensure proper consumer protection.

Vetting Is Nothing More Than A Vendor Management Process

In an effort to fill the void, vendor management companies are thriving.  These entities specialize in conducting background checks, verifying credentials and experience, reviewing insurance and bond coverage, and generally assisting lenders in meeting these new regulatory requirements.  For years they have established the bar for many vendors to access business at large national and international corporations (the author’s company recently entered the second month of a grueling vendor approval process for a national bank). Lawyers who have previously never even thought about “vetting” are suddenly being told that they cannot handle a banks funds or documents unless they submit their own business and personal information to be screened and verified.  Some are complying, some are complaining and many have yet to experience this new process.  And while there are legitimate concerns about vetting firms, such as data security and privacy, fairness in risk evaluation, and expectations about what is required to be “approved,” the issue is not going away.

With the recent rise in interest rates, the mortgage industry saw a steep drop off in rate and term refinance transactions that have largely fueled the mortgage lending market in the past three years.  It seems no one is left to refinance.  Now new home purchases are back in the unending cycle of the economy and that means one thing to regulators and lenders alike: higher risk. The national Mortgage Bankers Association opined recently that “At the end of 2013, we will see higher home prices, higher mortgage rates, and more existing home sales….”(Remarks of Hon. David Stevens, President MBA, MBA National Fraud Issues Conference, Ft Lauderdale, FL, April 2013). Mortgage financing for purchases is estimated to be 7-10 times riskier than refinances.  Why? Because most mortgage fraud schemes involve the transfer of funds and titles to real estate.

What About The CPL?

Historically those suffering losses from closing professional fraud have mainly relied upon the title industry’s “closing protection letter” also know in some states as an “insured closing letter.”  This form of warranty, which is not an insurance product, has been source of conflict with lenders and consumers for years because of its limits and the high costs frequently incurred to litigate coverage and claims issues.  Today the National Association of Insurance Commissioners, in conjunction with the title industry and banks, is seeking a better way to cover losses.  Vetting and vendor management just may be the type of underwriting foundation that could encourage property and casualty insurers to come up with a better product.  That may mean lower E&O and bond costs for attorneys         and better protections for consumers too.

What You Can Expect

There is no question that the CFPB Bulletin 2012-3 covers attorneys who handle mortgage proceeds and closing documents in connection with residential real estate transactions.  There is no exemption for lawyers performing these functions nor does state bar licensing requirements satisfy the CFPB mandate for banks.  Lenders must comply with these vendor management rules or face unacceptable risks.  Accordingly as the January 2014 final rule deadline approaches for CFPB regulations, more and more banks will be requesting that attorneys submit to vendor management or “vetting” processes to meet regulatory expectations.  These processes may be internal to the bank, or they may be outsourced to third party vendor management firms such as the one we operate.

Vendor risk management programs will likely require attorneys to submit information sufficient to verify (a) individual identity, (b) corporate or business status, (c) criminal and civil litigation history, (d) licensing and licensing disciplinary history, (e) internal operating controls regarding data privacy and security and consumer protection, (f) compliance with trust account rules, and (g) insurance and bond coverage (as applicable by state requirement or lender requirement).  Typically lenders require attorneys to demonstrate between $500,000 and $1 million in appropriate errors and omissions insurance coverage. This information will be evaluated for risk (i.e. derogatory findings) and are subject to ongoing monitoring requirements.

In the end, the old way of doing business as a real estate closing attorney is changing and changing fast.  There are good reasons for these changes, and attorneys are encouraged to study the applicable regulations and statutes so that they can better understand why they may be asked to become “vetted” before they close their next residential real estate transaction.

For years notaries have found a profitable source of recurring business handing the witnessing and collection of closing documents at residential mortgage closing transactions.  Whether affiliated with escrow and settlement firms, or hired by law firms and title agencies, notaries have found this work relatively easy and absent any significant supervision, oversight and regulation. That perception is changing with the advent of new third party service provider vetting rules established by the Consumer Financial Protection Bureau, created by The Dodd–Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111–203, H.R. 4173); commonly referred to as “Dodd-Frank.”

The Dawn Of A New Regulator Has Brought Changes

The CFPB, which has been granted super-regulatory powers answerable only to the Federal Reserve and not Congress has been making headlines for the past few years with its plethora of new financial industry rules designed to prevent another mortgage and banking industry collapse while protecting consumers from financial harm and abusive practices.  In April 2012, the CFPB issued a bulletin (CFPB Bulletin 2012-3, or Bulletin) without much fanfare.  This Bulletin was the precursor for final rules that went into effect in January 2014 requiring all non-bank entities (read mortgage lenders and brokers) to “manage third party service provider relationships.”  This Bulletin has had a significant impact on how real estate closing professionals, including notaries, are conducting business and will only have a greater impact this year.

In relevant part, Bulletin 2012-3 states: “The CFPB recognizes that the use of service providers is often an appropriate business decision for supervised banks and nonbanks. Supervised banks and nonbanks may outsource certain functions to service providers due to resource constraints, use service providers to develop and market additional products or services, or rely on expertise from service providers that would not otherwise be available without significant investment….However, the mere fact that a supervised bank or nonbank enters into a business relationship with a service provider does not absolve the supervised bank or nonbank of responsibility for complying with federal consumer financial law to avoid consumer harm…The CFPB expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships. The CFPB will apply these expectations consistently, regardless of whether it is a supervised bank or nonbank that has the relationship with a service provider.”

            What this has meant in the real estate closing industry, for title agents, escrow firms, lawyers and notaries, is that all banks who are in the business of making mortgage loans must develop and implement a program to manage the risk of harm, to them and to consumers, by closing professionals.  This includes notaries who handle the witnessing and collection of important mortgage disclosures and other documents at a residential real estate closing.

Resistance To These Changes Has Not Been Successful

When the Bulletin first came to light and the realization set in that a previously unsupervised profession would now be subject to intense scrutiny there was understandable push-back, mainly by some smaller regional professional associations, though not the National Notary Association.  These organizations stepped up to give cover to their members and make the case that vetting closing professionals was unnecessary for reasons of economic, privacy and competitive disadvantage issues.  Their complaints fell largely on deaf ears as the statistics reflected in FBI reports on mortgage industry fraud showed that escrow and title defalcations were a growing segment of white collar criminal activity.  The FBI estimated that 15% of the $13 billion in mortgage fraud claims in 2013, or nearly $2 billion, were directly attributable to the bad acts of closing professionals (FBI Annual Mortgage Fraud Report, www.fbi.gov/stats-services ).  The potential for losses is much bigger.  In 2013, banks funded 8.5 million residential mortgage transactions, wiring more than $1.4 trillion into the trust accounts of more than 100,000 closing professionals (entities and individuals) nationwide (www.MortgageBankers.org; www.corelogic.com, www.realtor.org).

The CFPB Bulletin should not have been a surprise to anyone.  In fact when the author of this article met with the CFPB in 2012, just after the Bulletin was released, he was told that regulators were merely extending to non-bank lenders (not just those federally regulated) the same rules that had been in place for a decade under the OCC for supervised entities, albeit not often enforced.  Indeed, the OCC (and others) had adopted aggressive vendor management rules as far back as 2001 (OCC-2001-47, November 2001; see also Fannie Mae Customer Education Group, Report of December 2005, NCUA Guidance Letter 07-CU-13, December 2007), requiring closing professionals to be vetted.  In response, warehouse banks and some large retail lenders had adopted a modicum of pre-funding vetting requirements that included asking attorneys and other settlement agents to produce proof of insurance and evidence of a trust account, but the implementation was not uniform and neither was the result.  Indeed, the period 2007-2012 saw dozens of defalcations involving escrow agents, title agents, attorneys and notaries who stole mortgage proceeds, falsified documents, hid undisclosed intervening flip transactions, or conspired with others to commit other forms of mortgage fraud.

Banks Must Comply or Face Stiff Penalties

The issuance of CFPB Bulletin 2012-3 essentially inaugurated a new era in third party service provider management to the extent that the federal government, through the CFPB, HUD, OCC, FDIC and others agencies, now has an enforceable expectation that attorneys and other settlement agents must be (a) vetted for risk, (b) monitored for changes in risk, (c) verified to be in compliance with consumer protection statutes, and (d) maintained in a database for examination in the event of an audit.  Failure to comply can result in fines, penalties and even injunctive action against banks.

But it is not just the CFPB Bulletin that is making banks nervous about their settlement agents: It is also the realization that the Graham-Leach-Bliley Act (Pub.L. 106–102, 113 Stat. 1338), which addresses the need to manage access to consumers private information, is also looming over their heads because the CFPB is now in charge of enforcing that law as well.  Notaries who appear at the closing table routinely have access to a borrower’s complete personal and financial history, usually contained in the closing documents, especially the RESPA Form 1003 mortgage application.  The 1003 sets forth a consumer’s identity information (including SSN), address, workplace history, bank, and asset information.  Other closing documents may detail family relationships, marriage and divorce information, and similar personal data.

It is indisputable that, when compared to attorneys and title agents, notaries are generally the least educated, trained, and supervised group. Even with the best intentions, state notary licensing bodies are largely reactionary to notary malpractice and criminal behavior.  They simply do not have the technology, labor force and resources to engage in the type of ongoing risk evaluation and reporting that the government expects to ensure proper consumer protection.  Likewise the National Notary Association has the desire but not the resources to manage the actions of thousands of closing notaries nationwide.

Vetting Is Nothing More Than A Vendor Management Process

In an effort to fill the void, vendor management companies are thriving.  These entities specialize in conducting background checks, verifying credentials and experience, reviewing insurance and bond coverage, and generally assisting lenders in meeting these new regulatory requirements.  For years they have established the bar for many vendors to access business at large national and international corporations (the author’s company recently entered the second month of a grueling vendor approval process for a national bank). Notaries who have previously never even thought about “vetting” are suddenly being told that they cannot attend a closing and handle a bank’s documents unless they submit their business and personal information to be screened and verified.  Some are complying, some are complaining and many have yet to experience this new process.  And while there are legitimate concerns about vetting firms, such as data security and privacy, fairness in risk evaluation, and expectations about what is required to be “approved,” the issue is not going away.

What About The CPL?

Historically those suffering losses from closing professional fraud have mainly relied upon the title industry’s “closing protection letter” also know in some states as an “insured closing letter.”  This form of warranty, which is not an insurance product, has been source of conflict with lenders and consumers for years because of its limits and the high costs frequently incurred to litigate coverage and claims issues.  Unfortunately even this limited protection is generally not extended to document witnessing professionals as they are usually not considered the “settlement agent” handling mortgage proceeds.  In any event the National Association of Insurance Commissioners, in conjunction with the title industry and banks, is seeking a better method than the CPL to cover banks and consumers for escrow and closing losses.  Vetting and vendor management just may be the type of underwriting foundation that could encourage property and casualty insurers to come up with a better product.  That may mean lower E&O and bond costs for notaries and better protections for consumers too.

What You Can Expect

There is no question that the CFPB Bulletin 2012-3 covers notaries who witness documents, attend the closing and interact with consumers, and have access to sensitive and personal financial closing documents in connection with residential real estate transactions.  There is no exemption for notaries performing these functions nor does state licensing satisfy the CFPB mandate for banks to act on their own to verify third party risk to consumers.  Lenders must comply with these vendor management rules or face unacceptable risks.  Accordingly since the January 2014 CFPB final rule deadline, more and more banks have been adopting vendor management policies and requesting that notaries submit to vetting processes to meet regulatory expectations.  These processes may be internal to the bank, or they may be outsourced to third party vendor management firms such as the one we operate.

Vendor risk management programs will likely require notaries to submit information sufficient to verify (a) individual identity, (b) corporate or business status, (c) criminal and civil litigation history, (d) licensing and licensing disciplinary history, (e) internal operating controls regarding data privacy and security and consumer protection, and (f) insurance and bond coverage (as applicable by state requirement or lender requirement).  This information will be evaluated for risk (i.e. derogatory findings) and be subject to ongoing monitoring requirements.

In the end, the old way of doing business as a mortgage closing notary is changing and changing fast.  There are good reasons for these changes, and notaries are encouraged to study the applicable regulations and statutes so that they can better understand why they may be asked to become “vetted” before they attend their next residential real estate closing.

Now that 2017 has ended, many lenders are breathing a strong sigh of relief.  In the past few years regulatory and compliance directives from Washington have fueled increased loan costs, spurred the development of new compliance-related industries, and have caused audits to evolve from rather tame file reviews to multiple week om-site visits by well-trained auditors out on a mission.  In a few words, the industry was forced from a sale-driven business model to a compliance driven model really fast.  So with TRID implemented everyone can take a well-deserved break right?  Well, no actually because more is coming.

But before we look ahead, it is useful to take a quick look backwards and see how far we have come since last January.

Last year, fears of Consumer Financial Protection Bureau (CFPB) audits created a cottage industry of compliance consultants.  Mock CFPB audits at a cost of $10,000-$50,000 became commonplace as lenders sought a heads-up on internal policy and procedure adjustments to ensure a potential audit might be less painful.  Lenders must have either on-staff legal and compliance experts or, at a hefty cost, outsource the responsibility to a qualified third party professional.

Vendor management came of age as lenders and vendors both realized that the CFPB was serious when it enacted Bulletin 20I2-3 requiring risk evaluation, monitoring and reporting of third party service providers as a measure of consumer protection. Whether lenders are trying to manage this risk themselves or outsourcing the evaluation and monitoring to others, it is safe to say that doing business with a bank is now considered a privilege and not a right.

Section 8 kick-back penalty threats caused many folks to divest themselves of affiliated title, appraisal and settlement service business, and others swiftly exited real estate joint marketing arrangements.  Wells Fargo and Prospect Mortgage were the first to publicly announce their exit, in July 2015, but soon others followed.  Those who remain are faced with significant ambiguities regarding a compliant manner to engage in mutually beneficial marketing arrangements with companies seen by regulators as possible RESPA violation targets.

Managing consumer non-public private information under data privacy rules added additional burdens, and fears, for lenders nationwide. Controlling who has access to such information both internally and externally has proven to be a major task. Many lenders have adopted confidential email delivery rules and have stepped up evaluation of their technology platforms and data process flow procedures.  In addition, several hacking scams rocked the industry when lenders and settlement agents were unwittingly duped into wiring funds to criminals after email addresses were hacked, duplicated and misused.  Once again Wells Fargo took the lead, issuing a fraud alert bulletin to their industry partners after noticing scammers trying to intercept their mortgage wires through the use of these fake email addresses.

Perhaps no new regulatory scheme in recent memory created as much anxiety, anger, confusion, comedy memes and general anticipation as TRID: the TILA, RESPA Integrated Disclosure Rule.  Designed to reduce paperwork, increase transparency, and slow down the closing process a bit to provide consumers with more time to study and understand loan costs, the implementation was delayed from August to October and has so far failed to trigger the Apocalypse.

As the year unfolds the CFPB has given a hint at where it is focused, beyond supervision and audits.  Discriminatory lending practices appear to be of paramount concern, and data privacy and integrity another.

In October 2015 the CFPB finalized a rule requiring all lenders to collect more data from borrowers and thereby provide more details to analyze and uncover potential discriminatory pending practices and patterns.  Regulators have always been concerned about discrimination in lending, particularly practices that may not be designed to discriminate but rather have unintended discriminatory consequences freezing out homeownership opportunities for minorities and other protected classes.  The big issue for lenders is that if you must report it, then you must track the data and evaluate your own information so that you can take steps to correct illegal practices.  Many lenders view HMDA reporting as a nuisance and rarely consider that the information they are certifying might come back to bite them.

These changes to HMDA reporting requirements should be a warning to lenders that they can expect the nature and practice of whom they lend to and whom they decline will be under heightened scrutiny.  The CFPB seems laser focused on rooting-out any practices that by design or consequence limit lending efforts and home-buying opportunities in under-served communities.  Expect new rules, aggressive audit questions, and fines and penalties where disparate treatment and disparate impact in discriminatory lending practices are uncovered.

As for data privacy and integrity, the industry began to look more closely at this last year but this year will see even more pressure to get things right.

When one considers the breadth of personal information provided to lenders, stored onsite, exposed to employees and third parties, the responsibility to manage this effectively seems quite daunting.  The typical loan application eventually contains a borrower’s name, home address, place of business, social security number, date of birth, phone numbers, income, bank accounts, personal and real property, and family relationships.  Credit reports contained within a loan file provide even more non-public, private financial data.

The concern is that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals.  Recall what happened to corporate giants like Target, Home Depot, Ebay, JP Morgan and Anthem. What does this mean for regional and mid-sized lenders, let alone small broker shops, who now must demonstrate they have developed, implemented and monitor internal data privacy and data integrity policies? It means that anyone and everyone with access to consumer NPPI must make  a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring and visibility into every access point and with insurance back-up.

These past few years have been watershed moments for many mortgage lenders.  Hard decisions have had to be made about whether one can still be profitable in an industry of increasing regulatory complexity, scrutiny, costs and penalties.  Some have closed the doors, while others have consolidated, finding strength in numbers.  Many more are viewing the current environment as a golden opportunity.  These lenders see regulation as inevitable and therefore instead of complaining about it, have embraced it.  While the short-term costs may be heavy, they are betting that the long-term benefits will bear rich fruit.

While 2018 may not bring much relief from regulatory pressures, hopefully we are all getting used to the idea that a successful business today requires serious attention to risk management, quality control and consumer protection.  If we forget however, you can be sure that there are plenty of state and federal regulators poised to remind us.

For years credit unions have sent mortgage proceeds and loan documents to non-vetted and unsupervised men and women acting as “settlement agents” who appeared at the closing table, interacted with members and were largely responsible for insuring a safe, secure and compliant mortgage closing.  Whether the professional was a lawyer, title agent, escrow agent or notary, the risk issues were the same: no uniform standards of care, no regulated best practices, inconsistent insurance and licensing requirements, and no real time supervision. The result: serious risk of fraud and potential harm to credit union financial assets and those of their members.

The National Credit Union Administration had issued guidance on the risk inherent in these third party professional relationships as far back as 2007: “NCUA acknowledges that third-party relationships are essential but “… inadequately managed and controlled third-party relationships can result in unanticipated costs, legal disputes, and financial loss…” The agency does not want to “stifle the innovative use of third-party relationships to meet member needs and strategic objectives,” but wants to reemphasize that credit unions “clearly understand risks they are undertaking and balance and control those risks…” NCUA Guidance Letter 07-CU-13, December 2007. The December 2007 Letter was only a guidance letter however, and there was no concerted effort to enforce compliance rules surrounding settlement agent vendor management.

Enter the Consumer Financial Protection Bureau (CFPB).

In April 2012, the CFPB issued Bulletin 2012-3 that has had a significant impact on how real estate closing professionals are conducting business and with the onset of TRID, how lenders including credit unions are managing closing table risk to their assets and to consumers generally.

Today all credit unions making residential mortgage loans must develop and implement a program to manage the risk of harm of fraud, theft of funds, and theft of non-public personal information by closing professionals.  This includes notaries who handle the witnessing and collection of important mortgage disclosures and other documents at a residential real estate closing.

The issuance of CFPB Bulletin 2012-3 essentially inaugurated a new era in third party service provider management to the extent that the federal government, through the CFPB, NCUA, HUD, OCC, FDIC and others agencies, now has an enforceable expectation that attorneys, title agents and other settlement professionals must be (a) vetted for risk, (b) monitored for changes in risk, (c) verified to be in compliance with consumer protection statutes, and (d) maintained in a database for examination in the event of an audit.  Failure to comply can result in fines, penalties and even injunctive action against banks.

It is not just the CFPB Bulletin that is making lenders and credit unions nervous about their settlement agents: It is also the realization that the Graham-Leach-Bliley Act (Pub.L. 106–102, 113 Stat. 1338), which addresses the need to manage access to consumers private information, is also looming over their heads because the CFPB is now in charge of enforcing that law as well.  Settlement agents who appear at the closing table routinely have access to a member’s complete personal and financial history, usually contained in the closing documents, especially the 1003 Loan Application, the Loan Estimate and the Closing Disclosure.  The 1003 sets forth a consumer’s identity information (including SSN), address, workplace history, bank, and asset information.  Other closing documents may detail family relationships, marriage and divorce information, and similar personal data.

After the initial April 2012 bulletin announcement there was a period of confusion surrounding who was included in the requirement to vet and monitor, but today any such confusion is replaced with certainty that regulators will request evidence of settlement agent risk management policies and procedures during audits and exams.  Consequently compliance-focused credit unions have been adopting vendor management policies and requesting that lawyer, title agents and notaries submit to vetting processes to meet regulatory expectations.  These processes may be internal to the bank, or they may be outsourced to third party vendor management firms which specialize in 24/7 risk monitoring and reporting.

A successful settlement agent risk management program will minimally require settlement agent s to submit information sufficient to verify (a) individual identity, (b) corporate or business status, (c) criminal and civil litigation history, (d) licensing and licensing disciplinary history, (e) internal operating controls regarding data privacy and security and consumer protection, and (f) insurance and bond coverage (as applicable by state requirement or lender requirement).  This information must then be evaluated for risk (i.e. derogatory findings) and be subject to ongoing monitoring requirements.

In the end, the old way of credit unions working with settlement agents is changing and changing fast.  There are good reasons for these changes, and credit unions are encouraged to study the applicable regulations so that they may better understand what is required of them.

Using data mining and intelligence for predictive behavior analysis can stop potential losses from mortgage fraud.  Today the technology, the analytics and the processes exist to deter bad acts and to uncover bad actors BEFORE they commit a crime that can cost you and your customers tens of thousands of dollars in actual fraud losses.

Although you’ve probably heard many times that predictive analytics (like those employed by Google© and other high tech marketing firms) will optimize your marketing campaigns, it’s hard to envision, in more concrete terms, what it will do with risk management. How can you get a handle on the functional value of data mining, analysis and reporting as a tool for originating and selling higher quality loans less likely to default or worse, less likely to be a loan file rife with mortgage fraud?  The answer lies in knowing what to look for.

Predictive analytics rely upon certain key factors, the central building block being the predictors, which are values ascribed to the type of behavior you wish to predict.  In the case of mortgage fraud the predictors can include: years of experience; existence of a license and insurance; business and professional history (i.e. litigation and regulatory discipline); liens and judgments. These and other factors can give a comprehensive picture of the potential for a professional to cut corners, make mistakes, engage in self-dealing, and be open to participating in conspiracies to commit fraud in return for financial rewards.

There are several companies in the mortgage space selling tools implying predictive behavior analytics, however not all of them engage in the complex analytical analysis and reporting that provides true value for deterring and detecting fraud.  This may be why a decade after so much loan origination fraud tool technology entered the marketplace fraud is increasing, not decreasing.

It is not enough to simply gather such data and to spit it out for general consumption.  The real value to the data mining that results in collecting predictors is the risk analysis that takes place, some of which may be accomplished through automation but still requires human evaluation.  The trick is to find the best predictive model.

At SSI, we built a system that used fraud statistics from the past decade to build a predictive model specialized for the mortgage industry. The process learns from the data’s collective values.  It also involves not just automation but trained vetting specialists who review key data points to discount false positives, provide more insight into derogatory public data, and thereby provide more reliable risk ratings for the agents.  At the same time it offers a fair and reasonable process for the agents themselves, who may appeal negative findings and work with SSI staff to clear misleading data that emanates from sometimes unreliable public data sources.

The most immediate value to subscribing to a risk analytics tool for your business is the deterrent factor.  Before SSI launched, it conducted two years of beta testing with large and small lenders nationwide.  During that time we found a 23% high risk knock-out rate among approved and active agents on lender lists.  Since SSI began vetting the high risk rate is 2%.  Quite frankly when bad actors know they are being subjected to a comprehensive data mining and intelligence process, they stay away, far away.  And that is good news for the mortgage industry.