It did not take long after the Silicon Valley Bank failure for politicians in Washington to rush to the next available microphone and lament the “loosening of bank regulations”. Instinctively the finger pointing began, and in many quarters ended up in the direction of the prior administration’s policy to generally roll back stringent business regulations and allow free market decisions to govern various industries. Chief among the complainants (no pun intended) was Sen Elizabeth Warren, who emerged out of the 2008 crisis as an architect and advocate for the Wall Street Reform Act and the creation of the vaunted Consumer Financial Protection Bureau ( CFPB), which she briefly directed. Just yesterday in DC’s The Hill publication, Sen Warren was reported as blaming the the collapse of Silicon Valley Bank on Republicans in Congress, which in 2018 helped pass a law to ease bank regulations put in place following the 2008 financial crisis. “No one should be mistaken about what unfolded over the past few days in the U.S. banking system: These recent bank failures are the direct result of leaders in Washington weakening the financial rules,” Warren is quoted as saying. According to The Hill piece, Warren, who voted against the 2018 bank deregulation bill, said that the crises would have been avoided if the banks were required to hold more liquid assets because the bill exempted banks with less than $250 billion in assets from rigorous Fed stress tests. Warren and other Democrats say the old rules could have caught the issues at SVB sooner. Given that politicians generally “never let a crisis go to waste,” many now suspect that the banking industry is about to be slammed with heightened regulatory scrutiny, tighter operational rules, more audits and exams, and larger and very public fines, penalties and consent orders. What does this mean for independent mortgage bankers (IMBs)? It means that they have to get back to the compliance mindset they were frightened into adopting between 2008 and 2018, and before the bottoming out of interest rates led everyone to believe that easy money was here to stay and that self-regulation meant hiring more loan officers. Keep those risk management officers and compliance directors close by folks, we are all in for a bumpy ride on the regulatory

Any organization seeking to adopt appropriate operational risk management policies and procedures must ensure that they have met the five step process to ensure success.  This process focuses on proper governance.  It is not enough to simply “check the box” and hope that wire fraud, mortgage fraud and closing fraud never reach the organization.

The first step is LEADERSHIP BUY-IN.  Unless the “C Suite” decides to make risk management a priority no effective tools or policies will succeed.  There must be top down leadership in this area.  If your chief risk officer (CRO) or chief security officer (CSO) have to “push” their agenda, then the organization is in trouble.  Effective leadership is not only embracing the issue though, it also means effectively communicating it throughout the organization so that even the receptionist and the part-time employees know where you stand on the issue.

The second step is DEFINED HEAD OF COMPLIANCE.  Someone must be placed in charge.  Studies show that management by committee on risk issues results in failure.  Decide who is in charge  and let them manage with minimal interference.

The third step is ORGANIZATIONAL CULTURE.  As mentioned above, everyone has to buy into the  importance of risk and the method chosen to manage the risk.  Frequently in the mortgage industry sales and operations staff push back on risk management and compliance rules and tools because they are viewed as “disruptive” to their departmental goals (more sales, quick closings).  Without the buy-in of these departments measures to address risk of fraud and cyber crimes will not be successful.  Attitudes and behaviors must fall into line with processes and procedures.

The fourth step is CLEAR PROCESSES AND PROCEDURES.  Putting a process into place or using a tool only works if you go beyond the simple framework itself and successfully implement them.  We have seen lenders engage a tool or service and then never use it or only use it occasionally, without any clear policy directives.  Beyond implementation is testing and oversight.  Someone must be regularly making sure that your risk management tools actually work.

The fifth and last step is having a RESPONSE PLAN.  This is important to understand: No risk management tool or policy is foolproof. When an event occurs, whether a cyber breach, wire fraud or other loss, how you react, how quickly you react, and how you learn from the event can be more important than the event itself.  More than one lender recently has found that reputation risk and litigation risk arise when an organization fails to properly react following an event.

The last point to make is that cyber risk and fraud risk must be an “untouchable” line item in your operating budget.  Addressing these issues cannot be the “last in, first out” business decision we see too often.  When business is down, the risk of harm is GREATER because you do not have the economic cushion to absorb a loss. Good leaders, who manage an effective top-down process and set the proper tone about operational risk will not sacrifice protective tools and policies at the first sign of a market slow down.

We spent 12 years studying closing table risk, including 5 years working with risk analysts at Lloyds. Our closing table risk management tool is designed to meet your operational needs, with little disruption, while providing effective management of the risk of loss from cyber crimes that evolve in wire fraud, and all manner of closing and title fraud.  If you are a business leader concerned about closing table risk, please reach out and ask us how we can provide a solution you and your risk team will embrace.