REQUIRED READING: The utilization of third-party vendors has long been a common practice within the business of residential mortgage loan servicing. Vendors are often used at nearly every stage of the loan servicing timeline, from the front-end for due diligence, file review and data scrubbing, through the life of loan for tasks such as escrow administration, property insurance and real estate tax tracking, payment processing by lockbox vendors, and including more specialized tasks, such as default management, loss mitigation, foreclosure and bankruptcy representation, and real estate owned property management and brokering.
There are very few processes in loan servicing that are not touched by an external vendor. In fact, roughly 70% of all mortgages are serviced on technology that is developed, provided and supported by an information systems vendor.
There are multiple reasons why vendors have come to play such a prominent role in the loan servicing industry. First, imagine the financial investment required in hiring, training and supporting a staff of knowledgeable professionals in all areas of loan servicing, from new loan boarding to escrow administration to default management.
There is also the cost to develop the requisite loan servicing technology. This is not to say that some servicers have not thrived using their own proprietary system architecture – they have. And it is not to say that some servicers have not developed their own vendor subsidiaries by adopting a vertical-integration business model – they have.
But for the purposes of this analysis, we will focus on the external vendor, or "outsourcing" model. Suffice it to say, the investment required in developing all of the functionality in-house that vendors can provide is an investment that could make many loan servicing ventures insolvent long before profitability occurred, if ever. Simply stated, there are probably few functions that a vendor with a critical business mass cannot do more inexpensively than a traditional servicing shop.
Second, there is the brain-power requirement. Even if a servicing business is fortunate enough to be situated in a region with a pool of educated, talented applicants to be recruited, with or without loan servicing experience, they must be trained, which is a substantial time investment.
Vendors can provide a ready pool of employees that should be well-versed on the loan servicing function for which you have retained them to perform and should possess the requisite level of expertise to successfully meet the standards set forth in applicable service-level agreements (SLAs). Selecting a vendor means that you are relying on experience and knowledge that you have decided not to develop in-house. This should result in obtaining performance from the vendor that you could not readily establish internally without a significant time and financial investment.
Third, vendor outsourcing permits a servicing operation to maximize employee effectiveness in key risk areas. An outsourcing partner should employ effective staff planning and routinely evaluate excess capacity to effectively adjust to changing business needs and fluctuating volume. Load-balancing adjustments should be embedded in the vendor's business model and accompanying technology. Business factors, such as employee turnover and fluctuating servicing volume, make it challenging and costly for servicers to manage certain servicing functions, whereas a vendor should be able to effectively manage these challenges.
Fourth, relying on a vendor should provide a comfort level that the vendor has the expertise to fully comply with all local, state and federal mandates, rules and regulations with respect to the particular loan servicing function that the vendor is performing for you. In an industry that is under increasing scrutiny, confronted with a myriad of changes in local, state and federal laws governing loan servicing, along with more oversight on the horizon, a vendor should be a "specialist" in that particular function and possess the requisite prudent loan servicing methodologies and processes to ensure compliance with applicable statutes and investor requirements.
That is not to say that the servicer should not provide robust compliance oversight over the vendor. However, the vendor, as an outsource professional, should be able to ensure at least a minimum level of prudent risk management and statutory compliance, thereby minimizing headline and regulatory risk that would normally accrue to the servicer if the servicer were performing that function.
Decentralized vs. centralized
The oversight of outsourcing arrangements is an integral aspect of a successful servicer-vendor relationship. Historically, the servicer's front-line managers performed much of the oversight function. It was the responsibility of servicing management to ensure that the vendor was performing as required by the terms of the applicable SLAs. The SLAs govern, among other things, the servicer's expectations on how a vendor will perform and should specifically delineate what functions the vendor is performing. For instance, if the vendor is providing call-center duties, the SLAs may stipulate that the vendor must provide, on average, a 60-second average speed-to-answer time and a 5% abandonment rate. The SLAs may also stipulate a bonus for exceeding – or conversely, a penalty provision for failing to meet – stated standards or goals.
Historically, servicers have reviewed vendors based on some of the following criteria:
- Does the vendor's performance meet or exceed key performance indicators as set forth in the SLAs?
- Does the vendor provide daily performance reporting for the servicer to review?
- If call-center work is involved, does the servicer have the capability to monitor calls in real time or via recorded media?
- How frequently does the servicer meet with the vendor to review its performance?
- Does the servicer utilize a "scorecard" to assess and rate the vendor's performance?
It has been my experience over the years that after the initial request for proposals was received, reviewed and approved by the organization's legal or compliance group, there was little subsequent involvement or oversight of the vendor outside of servicing management. While servicing subsidiaries of large banks may have had the involvement of legal and compliance groups, due to regulatory necessity, midsize and smaller servicing organizations did not usually employ a formal vendor-oversight function. In recent years, that has changed somewhat, and the servicing industry overall has migrated to a more centralized vendor-management function.
This centralization cannot come at a more fortuitous time. There is mounting scrutiny and potential – as well as actual – oversight from regulators emerging in many areas of servicing. The recent scandal involving improper foreclosure affidavit and notarization processes, otherwise known as robo-signing, has been extensively covered by the media. The U.S. bankruptcy courts have expressed frustration at inaccurate proof of claims filed with the court and have issued sanctions in relation to said proof of claims.
Lender-placed insurance coverage is another servicing area that presents headline risk for servicers due to the elevated cost of the insurance coverage, absence of contents coverage for the borrower, and administrative fee-sharing arrangements between the vendor and servicer. These issues, as well as others, place the focus on servicer-vendor relationships.
As the servicing landscape becomes more complex from a compliance and regulatory perspective, the need for a new paradigm between the servicer and the outsourcer emerges. To be sure, servicing management must continue to monitor vendor performance, develop and utilize scorecards for meaningful vendor feedback, and frequently meet to exchange information, discuss emerging issues and technology, and provide training as needed. However, it is critical that the performance data, scorecards and servicer-vendor feedback generated by the loan servicing group be "looped" among quality control, audit, compliance and legal groups. Ultimately, the model for vendor management that is emerging is a centralized model.
Outsourcing often requires that a servicer relinquish a fair amount of borrower interaction, whether it be a lender-placed insurance or real estate tax tracking vendor, a call-center vendor providing supplemental or "overflow" customer-service capabilities, or a third-party loss mitigation outreach effort performed by a vendor. Where there is substantial customer contact, there is the potential for regulatory and headline risk.
Other outsourced functions that involve substantially less customer contact can also present operational risk, such as payment processing via a lockbox vendor; field-service inspections and property maintenance; and foreclosure and bankruptcy case file management and representation. Therefore, at the epicenter of the organizational loop among servicing, audit, quality control, compliance and legal should be a centralized vendor-management oversight function.
An effective vendor-management initiative should provide oversight by engaging in an annual recertification process that evaluates a vendor's ongoing business viability and financial stability by examining the following information related to the vendor:
- evidence of proper insurance coverage;
- organizational matrix and key bios of executive and senior management;
- turnover data for all levels of management and staff;
- a review of staffing needs, training programs, and policies and procedures;
- disaster recovery and business continuity plan;
- audit and quality-control reports;
- audited and pro forma financial statements (forms 10-K and 10-Q, where available);
- technology systems architecture and capacity for growth pursuant to the vendor's business strategy and growth projections;
- vendor's processes for compliance with contractual terms;
- vendor's processes regarding file security, network protection and safeguards of confidential borrower information pursuant to the Gramm-Leach-Bliley Act and any other relevant laws and regulations;
- review and certification of vendor's processes for sub-sourcing or outsourcing work to another vendor or contractor domestically or offshore; and
- telephony and fax capacity sufficient to handle customer volume.
The future of outsourcing
In the current era of unprecedented scrutiny of loan servicing practices and the very real potential for industry oversight at the federal level, the importance of effective vendor oversight is more critical than ever. During the past 24 months, the courts have opined on issues ranging from the validity of the Mortgage Electronic Registration Systems to the improper filing of inaccurate proof of claims in federal bankruptcy courts to the more recent issue of robo-signing.
Clearly, loan servicers must incorporate a robust audit and quality-control regimen to ensure that proof of claims, whether produced in-house or by external counsel, are subject to a 100% quality review prior to filing. Additionally, processes surrounding the production of foreclosure affidavits and the attestation process must be closely monitored and should have been on every servicer's audit scope. Going forward, these processes must be audited to ensure ongoing statutory compliance.
A recent investigative report of the servicing industry issued jointly by federal banking regulators and initially prompted by the robo-signing scandal was highly critical of the lack of detailed processes and controls over the foreclosure and loss mitigation areas. The report noted that some servicers charged inaccurate fees, though these inaccuracies were not "widespread."
The report also noted issues with physical evidence of original notes and mortgages, stating that lost-note affidavits were filed in cases where the proper documentation existed. The report further noted that there were "weaknesses" in audit and quality-control practices at all of the 14 major servicers that were reviewed.
A report of two third-party service providers conducted by the same interagency group discovered widespread issues with respect to one vendor, including inadequate financial support, staffing, training and legal resources. Both vendors were also found to have inadequate internal controls, policies and procedures, compliance risk management, and internal audit and reporting requirements.
The servicer-vendor business model will not be going away. It is cost-efficient and permits servicers to utilize expertise and technology that would be too expensive to develop internally.
However, just as loan servicers are under regulatory scrutiny, vendors, as an extension of loan servicers, will continue to be monitored by state and federal regulators with respect to fee structures, record-keeping ability, process compliance and overall effectiveness. For any servicer to have an effective risk-management structure, the servicer-vendor relationship must be more closely monitored and aligned as never before.
In fact, to mitigate risk and maximize operational performance, servicers should consider vendors a natural extension of their organization and treat them as such from a policy, process, technology and risk-management standpoint. In an era of unprecedented regulatory involvement, that is the paradigm that should be emerging.
Richard Koch is a senior vice president in Morningstar's operational risk assessment group. The opinions expressed herein are solely those of the author and do not necessarily represent the opinions of Morningstar. Koch can be contacted at richard.koch@morningstar.com.
