For years credit unions have sent mortgage proceeds and loan documents to non-vetted and unsupervised men and women acting as “settlement agents” who appeared at the closing table, interacted with members and were largely responsible for insuring a safe, secure and compliant mortgage closing. Whether the professional was a lawyer, title agent, escrow agent or notary, the risk issues were the same: no uniform standards of care, no regulated best practices, inconsistent insurance and licensing requirements, and no real time supervision. The result: serious risk of fraud and potential harm to credit union financial assets and those of their members.
The National Credit Union Administration had issued guidance on the risk inherent in these third party professional relationships as far back as 2007: “NCUA acknowledges that third-party relationships are essential but “… inadequately managed and controlled third-party relationships can result in unanticipated costs, legal disputes, and financial loss…” The agency does not want to “stifle the innovative use of third-party relationships to meet member needs and strategic objectives,” but wants to reemphasize that credit unions “clearly understand risks they are undertaking and balance and control those risks…” NCUA Guidance Letter 07-CU-13, December 2007. The December 2007 Letter was only a guidance letter however, and there was no concerted effort to enforce compliance rules surrounding settlement agent vendor management.
Enter the Consumer Financial Protection Bureau (CFPB).
In April 2012, the CFPB issued Bulletin 2012-3 that has had a significant impact on how real estate closing professionals are conducting business and with the onset of TRID, how lenders including credit unions are managing closing table risk to their assets and to consumers generally.
Today all credit unions making residential mortgage loans must develop and implement a program to manage the risk of harm of fraud, theft of funds, and theft of non-public personal information by closing professionals. This includes notaries who handle the witnessing and collection of important mortgage disclosures and other documents at a residential real estate closing.
The issuance of CFPB Bulletin 2012-3 essentially inaugurated a new era in third party service provider management to the extent that the federal government, through the CFPB, NCUA, HUD, OCC, FDIC and others agencies, now has an enforceable expectation that attorneys, title agents and other settlement professionals must be (a) vetted for risk, (b) monitored for changes in risk, (c) verified to be in compliance with consumer protection statutes, and (d) maintained in a database for examination in the event of an audit. Failure to comply can result in fines, penalties and even injunctive action against banks.
It is not just the CFPB Bulletin that is making lenders and credit unions nervous about their settlement agents: It is also the realization that the Graham-Leach-Bliley Act (Pub.L. 106–102, 113 Stat. 1338), which addresses the need to manage access to consumers private information, is also looming over their heads because the CFPB is now in charge of enforcing that law as well. Settlement agents who appear at the closing table routinely have access to a member’s complete personal and financial history, usually contained in the closing documents, especially the 1003 Loan Application, the Loan Estimate and the Closing Disclosure. The 1003 sets forth a consumer’s identity information (including SSN), address, workplace history, bank, and asset information. Other closing documents may detail family relationships, marriage and divorce information, and similar personal data.
After the initial April 2012 bulletin announcement there was a period of confusion surrounding who was included in the requirement to vet and monitor, but today any such confusion is replaced with certainty that regulators will request evidence of settlement agent risk management policies and procedures during audits and exams. Consequently compliance-focused credit unions have been adopting vendor management policies and requesting that lawyer, title agents and notaries submit to vetting processes to meet regulatory expectations. These processes may be internal to the bank, or they may be outsourced to third party vendor management firms which specialize in 24/7 risk monitoring and reporting.
A successful settlement agent risk management program will minimally require settlement agent s to submit information sufficient to verify (a) individual identity, (b) corporate or business status, (c) criminal and civil litigation history, (d) licensing and licensing disciplinary history, (e) internal operating controls regarding data privacy and security and consumer protection, and (f) insurance and bond coverage (as applicable by state requirement or lender requirement). This information must then be evaluated for risk (i.e. derogatory findings) and be subject to ongoing monitoring requirements.
In the end, the old way of credit unions working with settlement agents is changing and changing fast. There are good reasons for these changes, and credit unions are encouraged to study the applicable regulations so that they may better understand what is required of them.