When the CFPB issued Bulletin 2102-3 (reaffirmed again in 2015), forever changing the way that banks and lenders nationwide look at third party relationships, they offered only a bare outline of detail regarding what that risk management should include. The general directive included: risk evaluation, ongoing monitoring, and verification of internal controls. Since then lenders have tended to interpret these requirements in ways that reflect their own risk appetite and compliance culture. Some seek to merely “check the box,” while others are intent on crossing every “t” and dotting every “i.”
Clearly not all vendors are alike, and while there has not been much detailed guidance on the matter, comments from the CFPB seem to imply that a company should address the risk of a third party vendor in relation to the level of potential harm they might cause to a consumer. Therefore it is logical to assume that there is a qualitative measurement of risk that a lender can perform and thereby place third parties in different risk buckets, applying different risk management standards to each bucket in relation to the risk level associated with the activity. For example a vendor who has no access to a lender’s consumer data and records should obviously be evaluated differently than one who did.
The highest risks are generally third parties who have access to consumer data as well as those who interact directly with consumers in the loan process. This group should include IT consultants, appraisers, mortgage brokers, and settlement agents, among others. The lowest risks should include very large, well-capitalized and highly managed entities such as investors, national title underwriters, and large accounting firms. Space does not permit me to expound further and discuss all the different risk levels and groups however it is worth noting that our research makes it clear to us that settlement agents are the highest risk third party vendor a lender will encounter. The reasons for this are logical and easy to enumerate.
Settlement professionals, including attorneys, escrow agents, title closers, notaries and others who handle funds disbursement and documents at a closing, have access to more sensitive data and documents than anyone else, while also having access to the mortgage proceeds. This places them in perhaps the most critical, and therefor the highest risk area in the loan process. The fact that most lenders have fraud technology which helps them identify bad actors and other risk factors at the front end of the manufacturing process (origination, processing and underwriting) and rarely any type of tool at the back end (closing and post-closing) makes the vetting and monitoring of settlement agents perhaps the highest priority for any lender today.
Need more proof? An independent study conducted by FinCEN, the Financial Crimes Enforcement Network, which is the official repository for industry SARS filings, found that over the past five years escrow and settlement services are the largest and fastest growing areas of mortgage fraud. Given the fact that the industry has embraced complex and effective front end fraud deterrence and prevention tools for years but is only now beginning to embrace closing and settlement fraud programs, the report is not surprising. However the good news remains the continued progression towards widespread settlement agent vetting, monitoring and reporting that is currently transforming the settlement industry. It is weeding out bad actors, encouraging best practices, and providing lenders with critical data to help them make better choices for closing services. Everyone wins in the end: lenders, agents and consumers.