In December 2007, New York-based GMAC Financial Services announced the creation of a new position called chief risk officer and appointed its newly hired treasurer, Samuel Ramsey, to switch jobs and take on the new role. It's going to be a busy time for Ramsey, as GMAC Financial's mortgage arm Residential Capital, suffered a $2.3 billion third-quarter loss last year.
GMAC Financial is not the only big lender attempting to shore up risk management. Earlier in 2007, crosstown rivals JP Morgan Chase & Co. and Citigroup Inc. made similar moves.
The irony in the decision by GMAC Financial and the other lenders to elevate risk management operations is not that it is a little like closing the barn door after the animals have left the barn, but the need for such an all-encompassing risk strategy was predicted before summer 2007's subprime devastation and the subsequent credit crisis.
In a January 2007 speech at the National Credit Union Administration Risk Management Summit, Susan Schmidt Bies, then a member of the Board of Governors of the Federal Reserve System, focused her comments on enterprise risk management (ERM) and mortgage lending.
Surprisingly prescient, she noted at the time that ‘mortgage lending can present many types of risk for the enterprise as a whole, including credit, market, reputational and compliance risks. Therefore, while mortgage lending has been a very profitable business for many financial institutions recently, they need to understand the full set of risk associated with their mortgage lending business, including the consequences of adverse outcomes. For this reason, mortgage lending should be folded into the broader ERM process at any organization.’
An ERM approach
Lenders are now moving to not only create risk management czars but to employ risk management techniques across the whole spectrum of lending, from origination to servicing. Generally, ERM's holistic or organizational approach is a process that enables management to deal effectively with uncertainty and its associated risk and opportunity, thus enhancing the organization's capacity to build stakeholder value.
‘In the mortgage industry, we live in an era that has been transformed by such things as designated underwriting and automated underwriting on the front-end, which has allowed the number of transactions and applications to explode, and accelerated securitization on the back end,’ observes Louis Pizante, CEO of Mavent Inc., a Irvine, Calif., provider of automated regulatory compliance solutions for the mortgage industry. ‘Profitability is highly correlated to the velocity of originating a loan and finally moving it off-balance sheet.’
{OPENADS=zone=15}But Pizante notes there is a bigger problem. ‘Risk management tools and the adoption of these tools has not kept pace with the acceleration the mortgage industry has experienced over the past several years,’ he says.
There is a trend today toward ERM, but Pizante warns it is still an amorphous term with different meanings for different people. In his view, ERM allows lenders to implement very high levels of risk management that can quickly drill down to lower levels so managers can understand exactly where the sources of risk lie.
All this might include such tasks as: aligning an organization's risk appetite to strategies; enhancing risk-response decisions; reducing the frequency and severity of operational surprises; managing cross-enterprise risks; and improving effectiveness of an organization's capital deployment.
Larger banks are pursuing ERM aggressively, says Tom Johnson, vice president of new product development at Zoot Enterprises, a Bozeman, Mont., firm that provides credit decisioning and loan origination solutions to financial institutions. ‘Small banks do ERM by default as they only have one risk person.’
Warren, Pa.-based Northwest Bancorp Inc. has employed ERM for the past five years, and for the company that means applying corporate policy and guidelines to risk. ‘Many of the practices that make up ERM we already had in placed, but they had not congealed,’ explains Richard Seibel, Northwest Bancorp's senior vice president of risk management.
One of the first things the bank did in employing ERM was to create a risk management committee of the board of directors and develop ways to scrutinize at least nine different risk factors and prioritize them. For example, says Seibel, at his bank, credit risk is number one, interest risk number two, market price risk number three, etc.
‘We align policy or guidelines to risk,’ he says. ‘I talk to senior executives, ask what their risk appetite is, where the controls are, then we monitor and mitigate.’
Spreading the risk
The problem for banks is that they tend to treat the mortgage space differently than the rest of the bank, even in the context of ERM.
{OPENADS=zone=7}’Banks perceive their mortgage risk is limited, because when the loan is booked the intent is to resell it,’ says Johnson. ‘So the question in the mortgage space has traditionally been not what is true risk, but what is the risk in the secondary market. It has only been very recently that banks realized in the period of time between the booking of a loan and the selling of it, there is in fact very significant risk exposure.’
In the past 12 months, lenders have realized they need to do risk management earlier in the process, says Scott Jeffries, executive vice president of mortgage practice for Visionet Systems Inc. in Cranbury, N.J. ‘There was a propensity to assign risk in a quick way and then sell the loans to the secondary market. Reviews were done close to the sale.’
Jeffries notes that ERM is gaining rapidly in industry acceptance. ‘Process and document/data integrity are the root of validating the investment-grade quality of an asset and its risk,’ he says. ‘The mortgage industry has refocused on that fact, and many are making changes to ascertain this through earlier, more consolidated data reviews. They are taking a more enterprise view that crosses channels and asset classes. The goal is to ensure that what you originated or acquired and paid for is what you sold and delivered into the secondary market.’
Companies are going to spend more money on the management and oversight of risk today than they did over the last 10-year period, predicts Don ‘Dusty’ Lashbrook, executive practice director in the U.S. for ISGN Technologies Ltd., an India-based provider of end-to-end technology solutions and services for the U.S. mortgage industry. With all that capital coming into risk management practices, Lashbrook sees a realignment of practices.
‘In the last 10 years, most of the focus within the industry in terms of risk management has been in regard to interest rate and prepayment risk,’ he says. ‘There has been very little emphasis on credit risk and risk of default because delinquencies were low and the economy was good. Now, boards of directors and investors are all wanting to understand what kind of risk their company is taking on and they want to know it across every potential aspect of risk, whether it is interest rate risk, which has always been there, or credit risk.’
Credit risk
The long-neglected concern about credit risk is certainly part of any ERM program, mostly because it appears that a considerable amount of fraud has laced the origination process.
{OPENADS=zone=13}’There was some loosened standards with respect to risk mitigation, but frankly, if there was someone going to buy the loan, then somebody was going to originate it – one way or the other,’ says Brian Fitzpatrick, executive vice president of Lydian Data Services, the Jacksonville, Fla., provider of end-to-end outsourcing services for all aspects of the mortgage operation. ‘There is a lot more scrutiny now as there should be, and that scrutiny is being caused by regulatory issues and concerns, rising event issues and prevalence of fraudulent practices.’
Fitzpatrick points to fraud statistics that state 39% of fraud cases are credit related, 31% property related and 23% involve misrepresentation of income. ‘We are going back to the originators and their actual reports for quality control and due diligence audits to ensure the originators are really doing what they are supposed to be doing on the front end,’ he says. ‘There is a whole lot more scrutiny in the entire mortgage chain because risk mitigation is more important than it has ever been before in the industry.’
Recently, LexisNexis in New York and NYLX, the Arlington, N.J., provider of a real-time database for mortgage programs, teamed up to deliver the former's data technology to the mortgage marketplace.
‘LexisNexis has had a lot of success in using alternative data sets to accurately assess someone's creditworthiness,’ explains Paul DeSaulniers, LexisNexis' director of credit decisioning. ‘These methodologies and the data sets (assessments are based not on credit history but public records footprint) are not utilized in the mortgage sector at all. Until recently, we have focused our energy and effort to the credit card and auto segment. Now we are moving into the mortgage sector.’
A huge volume of mortgage loans is going to start coming through the system for refinancing, and they will need be to be addressed, adds John Alexander, president of NYLX. ‘Are we going to relive the past or are we going to start looking at alternative methodologies that enhance risk management? Old methodologies actually exposed the investor and lending community to undue risk. If you use more current information that is provided through different solutions, you get more up-to-date data, and that will allow for better risk management.’
The employment of technology is crucial to effective ERM, and there are obviously a number of companies that offer products in the mortgage space, as Northwest Bancorp's Seibel says, to mitigate risk through automation and ensure better practices.
Steve Bergsman is a freelance writer in Mesa, Ariz., and the author of the upcoming book "Passport to Exotic Real Estate: Buying U.S. and Foreign Property in Breath-Taking, Beautiful, Faraway Lands" (published by John Wiley & Sons).