It did not take long after the Silicon Valley Bank failure for politicians in Washington to rush to the next available microphone and lament the “loosening of bank regulations”. Instinctively the finger pointing began, and in many quarters ended up in the direction of the prior administration’s policy to generally roll back stringent business regulations and allow free market decisions to govern various industries. Chief among the complainants (no pun intended) was Sen Elizabeth Warren, who emerged out of the 2008 crisis as an architect and advocate for the Wall Street Reform Act and the creation of the vaunted Consumer Financial Protection Bureau ( CFPB), which she briefly directed. Just yesterday in DC’s The Hill publication, Sen Warren was reported as blaming the the collapse of Silicon Valley Bank on Republicans in Congress, which in 2018 helped pass a law to ease bank regulations put in place following the 2008 financial crisis. “No one should be mistaken about what unfolded over the past few days in the U.S. banking system: These recent bank failures are the direct result of leaders in Washington weakening the financial rules,” Warren is quoted as saying. According to The Hill piece, Warren, who voted against the 2018 bank deregulation bill, said that the crises would have been avoided if the banks were required to hold more liquid assets because the bill exempted banks with less than $250 billion in assets from rigorous Fed stress tests. Warren and other Democrats say the old rules could have caught the issues at SVB sooner. Given that politicians generally “never let a crisis go to waste,” many now suspect that the banking industry is about to be slammed with heightened regulatory scrutiny, tighter operational rules, more audits and exams, and larger and very public fines, penalties and consent orders. What does this mean for independent mortgage bankers (IMBs)? It means that they have to get back to the compliance mindset they were frightened into adopting between 2008 and 2018, and before the bottoming out of interest rates led everyone to believe that easy money was here to stay and that self-regulation meant hiring more loan officers. Keep those risk management officers and compliance directors close by folks, we are all in for a bumpy ride on the regulatory

For years credit unions have sent mortgage proceeds and loan documents to non-vetted and unsupervised men and women acting as “settlement agents” who appeared at the closing table, interacted with members and were largely responsible for insuring a safe, secure and compliant mortgage closing.  Whether the professional was a lawyer, title agent, escrow agent or notary, the risk issues were the same: no uniform standards of care, no regulated best practices, inconsistent insurance and licensing requirements, and no real time supervision. The result: serious risk of fraud and potential harm to credit union financial assets and those of their members.

The National Credit Union Administration had issued guidance on the risk inherent in these third party professional relationships as far back as 2007: “NCUA acknowledges that third-party relationships are essential but “… inadequately managed and controlled third-party relationships can result in unanticipated costs, legal disputes, and financial loss…” The agency does not want to “stifle the innovative use of third-party relationships to meet member needs and strategic objectives,” but wants to reemphasize that credit unions “clearly understand risks they are undertaking and balance and control those risks…” NCUA Guidance Letter 07-CU-13, December 2007. The December 2007 Letter was only a guidance letter however, and there was no concerted effort to enforce compliance rules surrounding settlement agent vendor management.

Enter the Consumer Financial Protection Bureau (CFPB).

In April 2012, the CFPB issued Bulletin 2012-3 that has had a significant impact on how real estate closing professionals are conducting business and with the onset of TRID, how lenders including credit unions are managing closing table risk to their assets and to consumers generally.

Today all credit unions making residential mortgage loans must develop and implement a program to manage the risk of harm of fraud, theft of funds, and theft of non-public personal information by closing professionals.  This includes notaries who handle the witnessing and collection of important mortgage disclosures and other documents at a residential real estate closing.

The issuance of CFPB Bulletin 2012-3 essentially inaugurated a new era in third party service provider management to the extent that the federal government, through the CFPB, NCUA, HUD, OCC, FDIC and others agencies, now has an enforceable expectation that attorneys, title agents and other settlement professionals must be (a) vetted for risk, (b) monitored for changes in risk, (c) verified to be in compliance with consumer protection statutes, and (d) maintained in a database for examination in the event of an audit.  Failure to comply can result in fines, penalties and even injunctive action against banks.

It is not just the CFPB Bulletin that is making lenders and credit unions nervous about their settlement agents: It is also the realization that the Graham-Leach-Bliley Act (Pub.L. 106–102, 113 Stat. 1338), which addresses the need to manage access to consumers private information, is also looming over their heads because the CFPB is now in charge of enforcing that law as well.  Settlement agents who appear at the closing table routinely have access to a member’s complete personal and financial history, usually contained in the closing documents, especially the 1003 Loan Application, the Loan Estimate and the Closing Disclosure.  The 1003 sets forth a consumer’s identity information (including SSN), address, workplace history, bank, and asset information.  Other closing documents may detail family relationships, marriage and divorce information, and similar personal data.

After the initial April 2012 bulletin announcement there was a period of confusion surrounding who was included in the requirement to vet and monitor, but today any such confusion is replaced with certainty that regulators will request evidence of settlement agent risk management policies and procedures during audits and exams.  Consequently compliance-focused credit unions have been adopting vendor management policies and requesting that lawyer, title agents and notaries submit to vetting processes to meet regulatory expectations.  These processes may be internal to the bank, or they may be outsourced to third party vendor management firms which specialize in 24/7 risk monitoring and reporting.

A successful settlement agent risk management program will minimally require settlement agent s to submit information sufficient to verify (a) individual identity, (b) corporate or business status, (c) criminal and civil litigation history, (d) licensing and licensing disciplinary history, (e) internal operating controls regarding data privacy and security and consumer protection, and (f) insurance and bond coverage (as applicable by state requirement or lender requirement).  This information must then be evaluated for risk (i.e. derogatory findings) and be subject to ongoing monitoring requirements.

In the end, the old way of credit unions working with settlement agents is changing and changing fast.  There are good reasons for these changes, and credit unions are encouraged to study the applicable regulations so that they may better understand what is required of them.