The Future of Oversight and Vendor Management

MAR 18, 2013 12:42pm ET
Comments (6)

Over the last few years, GSE’s, the CFPB and the OCC have issued new vendor management requirements placing increased scrutiny on how banks and nonbanks are managing third-party risk.

It is clear that the regulators and government agencies expect more oversight.

In the servicing business, it has always been critical to have a strong vendor management and oversight program for any outsourced functions or third-party services purchased on the behalf of others. However, depending on the function or company size, the focus may have been more on performance management and less on due diligence and vendor risk.

According to a bulletin published last year by the CFPB, the bureau wants to ensure that consumers are protected from irresponsible service providers and that servicers are contracting with ethical third parties. The CFPB expects banks and nonbanks to have an effective process in place to manage the risk of outsourcing. Specifically, a supervised entity, at minimum, must thoroughly review the service provider’s policy and procedures, internal controls and training materials.

Both Freddie Mac and Fannie Mae have published new rules requiring servicers to change the way they manage and leverage attorneys for default and bankruptcy work, and have created specific requirements for diligence and approval. As a result, servicers have developed a new process to approve, manage and audit their legal networks. Traditionally, the servicers had to use the counsel approved by the GSEs. This new rule has placed a significant amount of vendor management expertise back on the servicers.

The OCC consent order specifically mandates certain vendor management requirements and timelines associated with implementing appropriate third-party oversight. The OCC is especially concerned about record management as well as monitoring how the third parties comply with the law.

With this additional scrutiny, guidance and regulation coming from many different supervisory bodies, a servicer has more complexity than ever to deal with and implement during this time of reform.

A servicer is typically both a service provider as well as a responsible party engaging other service providers. The downstream vendors may also have a network of partners they use to perform the services purchased. Naturally, there is a great amount of risk involved. To properly address the requirements in today’s environment and to ensure risks are mitigated and performance is maximized, there are a few suggestions that can assist in the tedious process.

First, a servicer should provide the appropriate level of transparency to its clients. A servicer in today’s world should provide integrated tools and technology as well as options for a more thorough oversight into its activities. This may require pushing data through new interfaces as well as engaging outside third-party experts to conduct occasional reviews and detailed analyses.

Secondly, a servicer must have a strong internal vendor management program to ensure any service provider they engage with is not causing harm to consumers and is managing any operational and performance risks. This structure may include many components, depending on the size and complexity of your organization, including:

  • Vendor management office and executive oversight
  • Continuous improvement resources and process implementation team
  • Outside surveillance and audit support
  • Internal QA audits and compliance resources
  • Additional operational resources
  • New technology and tools
  • Robust scorecard capabilities
  • Change management team and process

Servicers must have multiple controls and check points for successful vendor management today and cannot rely on a single data point or person/function to manage all third parties. These components do cost money and will only continue to increase the cost of servicing over time. However, during a time when a servicer has to manage more change and requirements than ever before, the risks of not having the appropriate oversight level are much too high.

Dave Vida is president of LenderLive’s loan servicing division.

Comments (6)
I work with an investigative company providing due diligence services and many major corporations utilize our services to provide an investigation on the companies that they currently do busienss with and in some cases we do the investigation on the officer of the compnay.
In any case they are protecting their reputation by knowing who they are dooing business with.
Posted by | Monday, March 18 2013 at 4:55PM ET
Very well done article and hopefully will be able to hit home in some fashion.
Posted by | Tuesday, March 19 2013 at 9:14PM ET
In my humble view as one such default counsel, the movement to require oversight of default attorneys could arguably be viewed as a smokescreen and/or subterfuge to deflect attention away from the following: (a) federal regulators were generally lax for most of the last decade in enforcement of lenders and servicers; (b) lenders themselves were lax in underwriting loans; and (c) Fannie and Freddie along with the feds created the environment for, and encouraged, subprime mortgages.

Most (if not all) of us had absolutely no involvement in the foregoing.

Some of us even feel that the heightened federal regulatory oversight is tantamount to a proverbial "witch hunt" in that our colleagues in other practice areas (personal injury, insurance defense, workers' compensation, estate planning, etc.) are not subject to any such oversight.

However, the "new normal" requires us to adapt and evolve; accept the changes as BAU; upgrade our computer systems and technology; and continue to adhere to the policies, procedures, and timelines of our clients, regulators, administrative bodies, and the courts.
Posted by | Thursday, March 21 2013 at 12:13PM ET
thanks for sharing this article with us...
Posted by | Monday, February 03 2014 at 6:38AM ET
very informative article...
Posted by | Monday, February 03 2014 at 6:41AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
MultimediaSee All »