Enterprise Risk Management: What's in Your MROM?
Increasing regulatory pressures on banks and lenders to adopt greater risk management systems and processes are aimed at establishing a more uniform approach to quality control (QC) industry-wide. At the same time, these pressures seek to protect consumers from the type of non-managed business decisions that were at the root of the financial industry collapse several years ago. Consequently, federal regulators and the government-sponsored enterprises (GSEs) are requiring mortgage makers to demonstrate that they have adequate policies addressing full enterprise risk management, from stem to stern, and that these policies are more than just a window dressing. Audits are requiring that proof be provided that such policies are being used, adapted and modified as needed in response to threats and actual loss events. At Secure Settlements Inc. (SSI), we call this broad-based approach to total risk management the Mortgage Risk Operations Model, or MROM. An MROM implies that banks and lenders have conducted an internal audit and analysis of all of their procedures and operating systems throughout the mortgage manufacturing cycle. Lenders have then identified key touch points where regulatory, compliance, QC and risk management issues arise. Once these touch points are established, then appropriate controls are developed for each issue, backed by guidelines, overlays, training, technology, ongoing monitoring and management oversight. Testing, revisions and enhancements are conducted regularly in response to perceived and actual threats. An MROM committee or team meets weekly or monthly (depending upon the organizations size) to review issues and ensure the MROM is operating properly. Records and reports are maintained in the event of an audit to demonstrate commitment to managing enterprise risk. The key touch points in developing an MROM will likely involve the following stages of the mortgage cycle: Loan origination, processing, underwriting, pre-funding QC, closing, post-closing, third-party post-funding QC, and ongoing QC/QA training. At these stages, the evaluation may address such things as employment screening, best practices, employee performance valuations, QC plans, automated fraud tools, third-party service provider risk and company-wide training. It will also necessarily require ensuring a culture of accountability, self-evaluation, risk reporting and adequate response. At SSI we partner with banks, lenders and credit unions to provide an outsourced solution to evaluating risk, monitoring it on an ongoing basis, and issuing reports. Our services typically assist these entities in their MROM at the processing, underwriting and closing stages of the manufacturing cycle. Quality service provider risk management at these touch points ensures that, in the event of an audit, a bank may demonstrate that their approach is independent, comprehensive, includes ongoing monitoring, provides a method to respond to high risk individuals and events, and engages the proper technology to assure data security, data privacy and uniform regular reporting. Adopting an MROM fulfills the expectations of regulators that mortgage makers have an appropriate strategy to manage risk and changes in a volatile business environment, integrating a uniform but flexible approach to maximizing business success through quality production. Such an approach also fulfills expectations that internal company cultures will embrace accountability and consumer protection. What’s in your MROM? Within the next calendar year you and our staff will need to have an appropriate answer to this question. Andrew Liput is president and CEO of Secure Settlements Inc., a company he founded after nearly 10 years studying the problem of escrow and closing fraud and the uninsured risks associated with mortgage closing professionals. He may be reached by e-mail at [email protected]