It is evident that the mortgage industry is in transition as a result of new and more robust governmental regulations (i.e. Dodd Frank and subsequently, the Consumer Financial Protection Bureau (CFPB)). Such
Resources that enable servicers to comply with the regulatory standards imposed by government or other entities while providing strong quality assurance processes that assist in mitigating the risk of non-compliance are paramount. Today, choosing providers that promote best business practices, in addition to effective mechanisms to maintain current changes has become a challenge. Now the question is: what do third-party service providers need to do to satisfy servicers’ regulatory expectations?
Third-party service providers must review and become familiar with constantly changing industry requirements. Parties need to agree on any required changes and establish an effective means of communication as they are implemented. Collaboration with the servicer is important to ensure the effective use of resources, such as personnel and systems to guarantee business continuity.
At times, third-party service providers might need to make a technology investment or allocate human resources to adhere with new rules. A review of the provider’s current operations to include the volume of the files processed, the company size and the services/products offered will determine if further investments are warranted. Third-party service providers can use review models such as Enterprise Risk Assessments (ERA) and capacity planning as effective tools to evaluate the legal, operational and financial effect of new regulatory requirements.
Transparency across all departments is critical
To ensure success there are steps that third-party service providers must follow:
- Educate—clients (servicers) must know all of the provider’s efforts to ensure industry requirements compliance;
- Communicate—the compliance program, security/technology practices, recruiting techniques, employees/contractor training, trade associations’ membership, quality assurance or other related internal controls need to be verbalized;
- Share—has the company received any independent certifications (i.e. SOC2); explain why that is so important; and
- Identify—who is the team responsible for overseeing compliance—legal compliance and audit? Identify them so there will not be any confusion as to who is responsible.
Clients need to understand the controls and business practices implemented by the third-party provider to help create a solid business balance between the parties involved in loan maintenance. It is important that third-party service providers be attuned to the regulatory changes and be able to respond in a timely manner.