SCA Speaks at May NSCCA Meeting
Mortgage Industry Insight: One of the great things about SCA is the range of issues we get to see, and the wealth of knowledge we get to tap into while working with dozens of clients on a monthly basis. Today, we'll share some information about SCA's presentation to NSCCA.
By Gregg Oberg:
Last week, I met with members of the local mortgage industry up in Saugus at Jimmy’s Steer House for a meeting of the North Shore Consumer Credit Association (NSCCA). I’d like to thank my friend Sue Dunbar for the invite, it was a blast. The event of the evening was NSCCA awarding scholarships to SEVEN worthy college students in the area. They’re coming for our jobs people, incredibly impressive young people. The steak was also excellent.
Before all that, I was honored to serve as the warm up act while covering the thrilling topic of Vendor Management, focusing on third party risk assessment and due diligence. This is a topic that’s been close to my heart since early in my legal education, but never has it been more front-of-mind than it is today.
Cyber Risk Takes Center Stage
I’ve given the talk a few times before, and usually the focus is on either the business function the third party performs (and by necessity how it impacts your business), or the prevention of knowing or intentional fraud in these relationships. But this time, Data Security concerns immediately rose to the front of the discussion. Rather than asking “how do I make sure the closing agent gets his job done on time,” people are now asking “how do I make sure my vendors don’t expose me to cyber risk?”
The answer to the latter is largely the same as the former---turn over every stone and have a suspicious mind towards third party relationships. After all, you’re entrusting them with your name and reputation, the very thing we trade on in this industry. It really is that simple in a big-picture sense; understand and quantify your risks to the extent possible; and make informed decisions. As we saw in the ATR case of Elliot, nobody expects us to predict the uncertainties of the future. If we could do that, we’d just bet the farm on Country House and head down to Martha’s Vineyard for the rest of the summer (or our lives, but it does get cold there…).
But I’ve Got 68 Vendors
Depending on your regulator, the “important” ones are defined differently. The common thread running through each definition is risk. Often times, regulation is an attempt to legislate prudence; just as you could say motorcycle helmet mandates are attempts to legislate intelligence. In a sense, a “critical” or “significant” vendor is anyone who can tank your reputation, your business operations, or the consumers’ interests. Michael Scott probably isn’t “critical,” but Encompass definitely is. At this point, anybody who can sniff consumer information should be considered “significant.”
My Best Advice (in a 500 word format)
First, I’d say join a trade group like NSCCA and you can get this advice first had. But second, I’ll leave you with a David Letterman style Top 10 (please try to read in Dave’s voice):
Written Service Level Agreements (SLA)
Consumer Complaints with/about Vendor
Gather Work Papers—examiners more and more are looking at underlying audit documentation
On-Site Visits—certain vendors will require enhanced initial and ongoing due diligence
Reduce # of Vendors When Possible/Reasonable
Centralize Vendor Management Role
ONE SIZE DOES NOT FIT ALL
Ensure Board Reporting, Training, and Involvement in Vendor Management
Treat 3rdParties Obtaining ANY Consumer Data as “Significant” or “High-risk” Vendors
Standardize Contractual Agreements and SLA Templates to Streamline Onboarding
Spillane Consulting Associates has served the residential mortgage lending business since 1991. We have specialized in mortgage banking consulting services and provided quality control reviews, risk management and process consulting and employee training to credit unions, community banks and non-depository institutions. We are a thought leader on the strategic growth of residential mortgage lending. You can learn more by visiting our website, or scheduling a meeting with me or one of my colleagues.
SCA Compliance Hotline: Need a question answered quick?
Thanks so much for reading our weekly newsletters. We're not always going to be perfect, but because we always do our best and try not to overpromise, we hope that we're always going to be trustworthy. Your calls and e-mails are very helpful - please keep contributing.