Skip to main content

Vendor Assurance

Henry Bagdasarian
Apr 04, 2014

When a mortgage lender outsources services to a vendor, whether it is for account management, mortgage application processing, software development or system management, the lender expects and relies on the vendor to manage related risks. Those risks may center around privacy and the protection of sensitive customer data (i.e. Social Security Numbers), unauthorized employee access, outside intrusions or hacking, assurance of fully functioning systems (in the event of natural disaster or corruption to software during development), and finally, data backup and business continuity. Unfortunately, no single manual exists when it comes to ensuring vendors having all the right controls in place, or meeting regulators’ expectations. Though this brief column won’t be able to provide the full manual, we can certainly cover some essentials that lenders need to understand in regard to vendor assurance. Let us begin with how vendors can expose mortgage lenders to risks. Lenders are ultimately responsible for ensuring that the external services procured do not have an adverse impact on their operations. As such, any impact arising from unmanaged risks can have a variety of negative consequences, including lost revenues, lawsuits, negative publicity and penalties for non-compliance. How can lenders be assured that their vendors properly manage the risks associated with outsourced services? Lenders can request information regarding a vendor’s practices by asking vendors to complete and submit a Request for Information questionnaire (RFI), perform audits of their vendors themselves, and/or request independent audit reports such as the “SSAE 16” and “FISMA” compliance audits. RFIs are inherently less reliable, since the vendors attest to their own internal controls without the verification of an independent party. Audits conducted by the lender or an independent third-party are more reliable, but can be expensive. In order to be strategic in their vendor assurance efforts, lenders should assess the potential risks and identify vendors to be audited. Those insights should then be used to determine the type and frequency of the audits required. Some vendors may have previously participated in an independent audit and be able to furnish a recent audit report as an external source of validation. Lenders may be familiar with the term “SAS-70.” This term was replaced in 2011 with “Standards for Attestation Engagements No. 16,” or SSAE 16. SSAE 16 audits of service organizations exist in two forms: Type I provides limited assurance and is based on a single point in time, whereas Type II audits cover a range of time and provide the highest level of assurance that proper controls, procedures and process operating as management intends. Due to the increased regulatory oversight of the Sarbanes-Oxley Act, many lenders are taking the wise approach in requiring their vendors to demonstrate SSAE 16 compliance. With an understanding of the risks and vendor assurance practices, lenders can protect their business against lost revenue, system downtime, security threats and other issues resulting from non-compliance. As a final word of caution, lenders should be careful not to “set and forget.” It’s important to routinely evaluate compliance needs and ensure that vendors continue to live up to expectations over the life of the business relationship. Henry Bagdasarian is compliance and audit director at Veros Real Estate Solutions. For more information, call (714) 415-6300 or visit Veros.com.
Published
Apr 04, 2014
Planet Home Lending Reports Total Origination Volume Of $6.8B In Q2 2021

Planet Home Lending's total origination volume reached $6.8 billion in Q2 2021, up 77% from $3.9 billion in Q2 2020.

Industry News
Jul 22, 2021
FHFA Ends Controversial Refinance Fee

The FHFA announced that Fannie Mae and Freddie Mac will eliminate the Adverse Market Refinance Fee for loan deliveries, starting August 1, 2021.

Analysis and Data
Jul 19, 2021
Interfirst Mortgage Launches ONE, Backed By Non-Owner Occupied Properties

ONE is a unique product built on a single interest rate with no adjustments and qualifies off the cash flow of the rental property.

Industry News
Jul 16, 2021
Global Digital Lending Market Projected To Reach $27B By 2028

The Global Digital Lending Platform Market was valued at $7.14 billion in 2020 and is projected to reach $27.07 billion by 2028.

Analysis and Data
Jul 14, 2021
FOMC Discusses Raising Interest Rates

Inflationary pressures have finally forced the Federal Open Market Committee (FOMC) to discuss raising interest rates and tapering its bond-buying program.

Analysis and Data
Jul 14, 2021
Fathom Holdings Inc. Creates New Hispanic Division

Fathom Holdings Inc., a technology-driven real estate platform, announced the creation of their Hispanic Division to more adequately serve this fast-growing demographic. 

Industry News
Jul 07, 2021