Skip to main content

Third-Party Risk Levels: Not Every Vendor Should be Treated the Same

Jan 02, 2015

When the Consumer Financial Protection Bureau (CFPB) issued Bulletin 2102-03, forever changing the way that banks and lenders nationwide look at third-party relationships, they offered only a bare outline of detail regarding what that risk management should include. The general directive included: Risk evaluation, ongoing monitoring and verification of internal controls. Since then, lenders have tended to interpret these requirements in ways that reflect their own risk appetite and compliance culture. Some seek to merely “check the box,” while others are intent on crossing every “T” and dotting every “I.”

Clearly, not all vendors are alike, and while there has not been any written guidance on the matter, comments from the CFPB seem to imply that a company should address the risk of a third-party vendor in relation to the level of potential harm they might cause to a consumer. Therefore, it is logical to assume that there is a qualitative measurement of risk that a lender can perform and thereby place third parties in different risk buckets, applying different risk management standards to each bucket in relation to the risk level associated with the activity. For example, a vendor who has no access to a lender’s consumer data and records should obviously be evaluated differently than one who did.

The highest risks are generally third parties who have access to consumer data, as well as those who interact directly with consumers in the loan process. This group should include IT consultants, appraisers, mortgage brokers and settlement agents, among others. The lowest risks should include very large, well-capitalized and highly managed entities such as investors, national title underwriters and large accounting firms. Space does not permit me to expound further and discuss all the different risk levels and groups however it is worth noting that our research makes it clear to us that settlement agents are the highest risk third-party vendor a lender will encounter. The reasons for this are logical and easy to enumerate.

Settlement professionals, including attorneys, escrow agents, title closers, notaries and others who handle funds disbursement and documents at a closing, have access to more sensitive data and documents than anyone else, while also having access to the mortgage proceeds. This places them in perhaps the most critical, and therefor the highest risk area in the loan process. The fact that most lenders have fraud technology which helps them identify bad actors and other risk factors at the front end of the manufacturing process (origination, processing and underwriting) and rarely any type of tool at the back end (closing and post-closing) makes the vetting and monitoring of settlement agents perhaps the highest priority for any lender today.

Need more proof? An independent study conducted by the Financial Crimes Enforcement Network (FinCEN), which is the official repository for industry Suspicious Activity Reports (SARs) filings, found that over the past five years, escrow and settlement services are the largest and fastest growing areas of mortgage fraud. Given the fact that the industry has embraced complex and effective front end fraud deterrence and prevention tools for years but is only now beginning to embrace closing and settlement fraud programs, the report is not surprising. However, the good news remains the continued progression towards widespread settlement agent vetting, monitoring and reporting that is currently transforming the settlement industry. It is weeding out bad actors, encouraging best practices, and providing lenders with critical data to help them make better choices for closing services. Everyone wins in the end: Lenders, agents and consumers.

Andrew Liput has been a corporate, real estate and banking attorney for more than 25 years He is the founder, CEO and president of SSI, the first data intelligence and risk analytics firm to offer specialized vendor management services addressing settlement agent risk to mortgage lenders and banks nationwide. He can be reached by e-mail at [email protected].

This article originally appeared in the December 2014 print edition of National Mortgage Professional Magazine. 

About the author
Jan 02, 2015
CFPB Orders Freedom Mortgage To Pay $3.95M Over Housing Data Errors

CFPB proposed an order requiring Freedom Mortgage to pay a $3.95 million penalty

CFPB Proposes To Ban Medical Debt From Credit Reports

CFPB expects the rule would allow 22,000 additional mortgages to be approved every year.

Manufacturing Fair Lending

How data defines a modern theory of redlining

A Watershed Moment For Trigger Leads

Pending legislation collars controversial data sharing practice

CFPB Unveils Lender Naughty List For Repeat Offenders

CFPB calls out nonbanks that have broken consumer protection laws

Is It A Deal Or Chicanery?

Negotiating EPOs with lenders