Mortgage Subservicer Vendor Oversight Best Practices

Mortgage subservicers offer a unique challenge to third-party risk management. Unlike many fulfilment services engaged in the origination process, a subservicer interacts with the consumer for essentially the life of the loan or at least until run off occurs, be in from a home sale or a refinance transaction. 

Reminder, we’re talking about the vendors that service the loan, not the generic terminology for fourth parties.

Subservicers in Third-Party Risk Management

There is motivation for the subservicer to retain the borrower since the act of servicing a mortgage account can generate upwards of 50% of the total income for the owner of the asset.

At the very basic level, a subservicer may be classified as a third or fourth-party vendor.  The fourth party vendor classification is triggered if the subservicer is retained to manage a portfolio by a master servicer. We know that both the CFPB and OCC have made it quite clear regarding oversight responsibilities.

Because of the extensive amount of interaction that a subservicer may have with a consumer, there is in equal weight a tremendous amount of regulatory compliance requirements attached to this vendor type.

Focus on the Basics, Then Dig in Deeper to Mechanics of Subservicing

The oversight of a subservicer will require collaboration across multiple business channels. Because of the complexity of this vendor type, relying on a check box mentality of some basic questions which may seem reasonable for other vendor types will not make the grade.

If your vendor oversight department doesn’t have specific experience in this vendor category, then caution should be taken. The next steps you take could define if you have adequately performed the required oversight by both regulators and the GSE’s.

6 Subservice Vendor Oversight Best Practices

1. Monthly Ongoing Monitoring: Consumers make their payments monthly; therefore, it makes sense that performance oversight reflects this practice. Set up a monthly call to review loan onboarding processes: Were there any hiccups or consumer complaints submitted either to the sub-servicer or the lender directly?
   
   These responsibilities will typically fall under the line of business but a regular monthly recap meeting between the internal servicing department, compliance, risk and vendor oversight will result in a very healthy and productive ongoing monitoring program. In addition to the monthly practices, I also recommend having a quarterly recap. This report should be submitted to the board so that all parties are aware that this highly regulated and most critical vendor is performing within SLA requirements.
   
2. Annual Oversight: You should do annual assessments, an internal effort which can be assisted by the outsourced function. Subservicers are extremely experienced in holding annual assessments for their clients.
   
   The level of due diligence may vary based on the maturity of the internal oversight program or by the performance, or lack of, by the subservicer. Either way, sending an oversight team which lacks the servicing knowledge and regulatory compliance requirements will not garner much beneficial oversight other than perhaps the advantage that the lender went onsite. 
   
   Best practices here would be to build a multi-faceted team of different experience specific to the vendor type. Key players should include senior management employees who have extensive servicing knowledge along with compliance personnel and representation from third party risk. 
   
3. Appropriate Items Covered in a Review. There is a lot of prep work involved in reviews. Prior to visiting the vendor onsite, you should request copies of policy and procedures (P&P). If your organization has agreed with the service provider on 'Agreed Upon Policies' as part of your contract negotiations, then you should review all this material in advance and then test against it when onsite.
4. Know Physical Security. You have reviewed the P&P; now is the time to test. Review security and confirm if onsite data storage areas have increased levels of security. Video cameras are typically in servicing organizations but be mindful of where they are focused.
   
   If the subservicer receives checks as opposed to electronic payments, take a look if this area is monitored. Visitor and guest policy application should be tested by tailgating.  Most firms will have a clear desk and clear screen policy, however, take a walk on the floor and do a visual inspection. You may be in for a surprise of what you will find.
5. Stay Up to Date on Regulatory Compliance. The CFPB has extensive guidelines regarding servicing operations with the utmost attention aimed at protecting the consumer.
   
   Areas such as escrow analysis, periodic statements, single point of contact and force placed insurance are all areas which need to be reviewed. This is not an extensive list by any means, so take the time to map out each regulatory compliance requirement and link it to the associated operational procedure.
   
   The task is then to review documentation which proves the vendor is complying. Much of this type of oversight review can be performed offsite since even with a two day schedule, the time can go by quickly.
6. Don’t forget the basics:

• • Perform a financial analysis, is the servicer financially stable?
  • Business continuity
  • Disaster recovery
  • Hours of service. Can the servicer support a nationwide customer base?
  • Expertise with certain loan types, slow pay, non-performing assets
  • Location, if offshore - what level of oversight is performed on offshore operations
  • Retention model - ease of use
  • Internal vendor management framework.

The oversight of subservicer isn’t strictly limited to the regulatory or investor requirement. The servicer is an extension of your operation. Selecting the right subservicing operation can have an immediate impact on how your reputation is perceived. When a consumer calls into their loan servicer, the consumer will relate this experience to the lender they originated the loan with. Reputational risk, therefore, does present itself as a valid area of concern.

For more information on subservicing oversight, please review the following links:

• OCC Mortgage Banking, Comptroller's Handbook
• CFPB Bulletin on Subservicing and Consumer Finance
• Fannie Mae Subservicing Guide
• Freddie Mac Subservicing Guide
  

Download our guide to help manage your fourth parties.