Any organization seeking to adopt appropriate operational risk management policies and procedures must ensure that they have met the five step process to ensure success. This process focuses on proper governance. It is not enough to simply “check the box” and hope that wire fraud, mortgage fraud and closing fraud never reach the organization.
The first step is LEADERSHIP BUY-IN. Unless the “C Suite” decides to make risk management a priority no effective tools or policies will succeed. There must be top down leadership in this area. If your chief risk officer (CRO) or chief security officer (CSO) have to “push” their agenda, then the organization is in trouble. Effective leadership is not only embracing the issue though, it also means effectively communicating it throughout the organization so that even the receptionist and the part-time employees know where you stand on the issue.
The second step is DEFINED HEAD OF COMPLIANCE. Someone must be placed in charge. Studies show that management by committee on risk issues results in failure. Decide who is in charge and let them manage with minimal interference.
The third step is ORGANIZATIONAL CULTURE. As mentioned above, everyone has to buy into the importance of risk and the method chosen to manage the risk. Frequently in the mortgage industry sales and operations staff push back on risk management and compliance rules and tools because they are viewed as “disruptive” to their departmental goals (more sales, quick closings). Without the buy-in of these departments measures to address risk of fraud and cyber crimes will not be successful. Attitudes and behaviors must fall into line with processes and procedures.
The fourth step is CLEAR PROCESSES AND PROCEDURES. Putting a process into place or using a tool only works if you go beyond the simple framework itself and successfully implement them. We have seen lenders engage a tool or service and then never use it or only use it occasionally, without any clear policy directives. Beyond implementation is testing and oversight. Someone must be regularly making sure that your risk management tools actually work.
The fifth and last step is having a RESPONSE PLAN. This is important to understand: No risk management tool or policy is foolproof. When an event occurs, whether a cyber breach, wire fraud or other loss, how you react, how quickly you react, and how you learn from the event can be more important than the event itself. More than one lender recently has found that reputation risk and litigation risk arise when an organization fails to properly react following an event.
The last point to make is that cyber risk and fraud risk must be an “untouchable” line item in your operating budget. Addressing these issues cannot be the “last in, first out” business decision we see too often. When business is down, the risk of harm is GREATER because you do not have the economic cushion to absorb a loss. Good leaders, who manage an effective top-down process and set the proper tone about operational risk will not sacrifice protective tools and policies at the first sign of a market slow down.
We spent 12 years studying closing table risk, including 5 years working with risk analysts at Lloyds. Our closing table risk management tool is designed to meet your operational needs, with little disruption, while providing effective management of the risk of loss from cyber crimes that evolve in wire fraud, and all manner of closing and title fraud. If you are a business leader concerned about closing table risk, please reach out and ask us how we can provide a solution you and your risk team will embrace.