Increasing regulatory pressures on banks and lenders to adopt greater risk management systems and processes are aimed at establishing a more uniform approach to quality control industry-wide. At the same time these pressures seek to protect consumers from the type of non-managed business decisions that were at the root of the financial industry collapse several years ago. Consequently federal regulators and the GSEs are requiring mortgage makers to demonstrate that they have adequate policies addressing full enterprise risk management, stem to stern, and that these policies are more than just window dressing. Audits are requiring that proof be provided that such policies are being used, adapted and modified as needed in response to threats and actual loss events.
At SSI we call this broad-based approach to total risk management the Mortgage Risk Operations Model, or MROM. An MROM implies that banks and lenders have conducted an internal audit and analysis of all of their procedures and operating systems throughout the mortgage manufacturing cycle. Lenders have then identified key touch points where regulatory, compliance, quality control and risk management issues arise. Once these touch points are establish, then appropriate controls were developed for each issue, backed by guidelines, overlays, training, technology, ongoing monitoring and management oversight. Testing, revisions and enhancements are conducted regularly in response to perceived and actual threats. An MROM committee or team meets weekly or monthly (depending upon an organizations size) to review issues and ensure the MROM is operating properly. Records and reports are maintained in the event of an audit to demonstrate commitment to managing enterprise risk.
The key touch points in developing an MROM will likely involve the following stages of the mortgage cycle: loan origination, processing, underwriting, pre-funding QC, closing, post-closing, 3rd party post funding QC, and ongoing QC/QA training. At these stages the evaluation may address such things as employment screening, best practices, employee performance valuations, quality control plans, automated fraud tools, third party service provider risk and company-wide training. It will also necessarily require ensuring a culture of accountability, self-evaluation, risk reporting, and adequate response.
At SSI of course is on third part service provider risk management. We partner with banks, lenders and credit unions to provide an outsourced solution to evaluating risk, monitoring it on an ongoing basis, and issuing reports. Our services typically assist these entities in their MROM at the processing, underwriting, and closing stages of the manufacturing cycle. Quality service provider risk management at these touch points ensures that in the event of an audit a bank may demonstrate that their approach is Independent, comprehensive, includes ongoing monitoring, provides a method to respond to high risk individuals and events, and engages the proper technology to assure data security, data privacy and uniform regular reporting.
Adopting an MROM fulfills the expectations of regulators that mortgage makers have an appropriate strategy to manage risk and changes in a volatile business environment, integrating a uniform but flexible approach to maximizing business success through quality production. Such an approach also fulfills expectations that internal company cultures will embrace accountability and consumer protection.
What’s in your MROM? Within the next calendar year you and our staff will need to have an appropriate answer to this question.