Vendor Assurance – NMP Skip to main content

Vendor Assurance

Henry Bagdasarian
Apr 04, 2014

When a mortgage lender outsources services to a vendor, whether it is for account management, mortgage application processing, software development or system management, the lender expects and relies on the vendor to manage related risks. Those risks may center around privacy and the protection of sensitive customer data (i.e. Social Security Numbers), unauthorized employee access, outside intrusions or hacking, assurance of fully functioning systems (in the event of natural disaster or corruption to software during development), and finally, data backup and business continuity. Unfortunately, no single manual exists when it comes to ensuring vendors having all the right controls in place, or meeting regulators’ expectations. Though this brief column won’t be able to provide the full manual, we can certainly cover some essentials that lenders need to understand in regard to vendor assurance. Let us begin with how vendors can expose mortgage lenders to risks. Lenders are ultimately responsible for ensuring that the external services procured do not have an adverse impact on their operations. As such, any impact arising from unmanaged risks can have a variety of negative consequences, including lost revenues, lawsuits, negative publicity and penalties for non-compliance. How can lenders be assured that their vendors properly manage the risks associated with outsourced services? Lenders can request information regarding a vendor’s practices by asking vendors to complete and submit a Request for Information questionnaire (RFI), perform audits of their vendors themselves, and/or request independent audit reports such as the “SSAE 16” and “FISMA” compliance audits. RFIs are inherently less reliable, since the vendors attest to their own internal controls without the verification of an independent party. Audits conducted by the lender or an independent third-party are more reliable, but can be expensive. In order to be strategic in their vendor assurance efforts, lenders should assess the potential risks and identify vendors to be audited. Those insights should then be used to determine the type and frequency of the audits required. Some vendors may have previously participated in an independent audit and be able to furnish a recent audit report as an external source of validation. Lenders may be familiar with the term “SAS-70.” This term was replaced in 2011 with “Standards for Attestation Engagements No. 16,” or SSAE 16. SSAE 16 audits of service organizations exist in two forms: Type I provides limited assurance and is based on a single point in time, whereas Type II audits cover a range of time and provide the highest level of assurance that proper controls, procedures and process operating as management intends. Due to the increased regulatory oversight of the Sarbanes-Oxley Act, many lenders are taking the wise approach in requiring their vendors to demonstrate SSAE 16 compliance. With an understanding of the risks and vendor assurance practices, lenders can protect their business against lost revenue, system downtime, security threats and other issues resulting from non-compliance. As a final word of caution, lenders should be careful not to “set and forget.” It’s important to routinely evaluate compliance needs and ensure that vendors continue to live up to expectations over the life of the business relationship. Henry Bagdasarian is compliance and audit director at Veros Real Estate Solutions. For more information, call (714) 415-6300 or visit Veros.com.
Published
Apr 04, 2014
Better, Palantir Team To Launch Tinman Marketplace

Company says loan platform will revolutionize origination and mortgage portfolio management.

Tech
Aug 18, 2022
Blend Labs Has Cut 420 Jobs Since April

The 25% reduction of its workforce comes as it posts $478 million Q2 loss.

Industry News
Aug 17, 2022
UWM Now Offering Temporary Rate Buydowns

The temporary buydowns will lower borrowers’ interest rates by up to 2% for the first two years of a mortgage. 

Industry News
Aug 17, 2022
Rocket Mortgage Teams With Santander Bank

Rocket's mortgage services now available to Santander's U.S. banking clients

Industry News
Aug 16, 2022
Ameris Bank Commits $10M To Help 1st-Time Homebuyers

The Ameris Down Payment Grant Program will help eligible first-time buyers with down payments and closing costs.

Industry News
Aug 16, 2022
Competition Now Highest For Lowest-Priced Homes

In reverse of pandemic trend, competition for mid- and high-priced homes not as white hot among buyers.

Analysis and Data
Aug 16, 2022