Trended Credit Data - Pitfalls of Deeper Data Analysis in DU 10.0

As Fannie Mae rolls out DU 10.0, they point out the benefits included in the June 25, 2016 updates, such as the simplification of self-employment categorization and identification of multiple financed properties. But the introduction of trended credit data gets explained as an "improved analysis of risk."  In origination, the phase "improvement" normally means a curtailment of guidelines to the detriment of flexibility, and this update seems to confirm that.

Trended data simply means that the underwriter, live or automated, can evaluate the historical balance and payment amounts on revolving credit. Fannie Mae's position on the face of this is "we can see how much a borrower pays (beyond the minimum payment) to give additional risk flexibility to the borrower who pays more than the minimum regularly."  What Fannie Mae doesn't say, and what presenters don't seem to want to address, is the OTHER information revealed by this data, and its implications for approval and the processing of the application.

For instance, a borrower who pays off credit cards in anticipation of getting a mortgage in the months approaching a home purchase may have the source of those payoff funds questioned, throwing the whole 60 - 90 day seasoning of funds assumption into question. In addition, the underwriter may see a historically higher level of debt, and due to Ability to Repay concerns, apply that level of debt to current qualifying ratios reducing the amount the borrower can afford.

Certainly, a deeper look at a borrower's spending patterns gives a better idea of the risk profile, but opacity of guidelines for reviewing the other aspects and implications of this information means loan production will have more uncertainty - not less, as Fannie Mae posits - regarding underwriting outcomes. 

Time to Revisit Mortgage Vendor IT Security Reviews

A document management vendor spills files onto the street

It's an accident waiting to happen. Walking down the street through a busy downtown, I witnessed a reminder of the inadvertent problems you can encounter through exposure of customer information. A banker's box of loan files fell off a dolly and crashed into the street spewing customer information onto the roadway. Luckily, for this vendor, the wind was calm, and the driver picked up the materials and returned them to the box without further incident. For me, this highlighted one of the many concerns my clients deal with; information security plans.

Who's Touching Your Clients' Data?

In the image above, it's clear that the driver could have taken the opportunity to capture some information from those loan files. Why weren't the boxes sealed? These are some of the elements that a site inspection of a vendor can reveal. Always review your vendor's procedures.

Today most of our files are transmitted electronically. One client used this as a rationale for not having locked file cabinets in a shared office space. But the reality, upon inspection, revealed "relics" all over her office. Copies of documents she scanned were in shadow files. Other printed material was left in folders on desktops. We overlook that our landlords and cleaning crews have access to the physical space. Always lock your cabinets and leave a clean desk.

Nevada, New York, Pennsylvania and Other Picky Regulators

A slew of requests from Nevada and New York reveal that these regulators have identified the information security weaknesses in our offices. They demand companies have an information security plan, which includes a vendor approval process.

For brokers, particularly, this may seem like overkill, since they don't even have a chance to approve attorneys, appraisers and credit bureaus. They can only use companies previously approved by the investor or wholesaler. However, it makes sense in the context of the level of diligence the lender or broker uses in having the protection of customers' non-public information top-of-mind. Don't send customer information to anyone unless you have ascertained they have received screening from another regulated entity. Better yet, screen them yourself. 

A Vendor Management Information Security Self-Audit Example

You can combine these audits with other elements of your vendor review. For instance, if you have a credit bureau you are reviewing, in addition to their information security plan, you can access their Fair Lending and any other consumer protection policies. Remember that if your vendor is licensed in your state, you can rely on the state's examination of a particular element of the vendor approval.

If you would like a copy of the Vendor Self-Audit Checklist please e-mail me, or like our Facebook page. (Make sure you send me your e-mail address!)

4000.1 Revisions Making Your Teeth and Hair Hurt?

Please be calm - the changes are mostly cosmetic

As we reported earlier, there should be no real surprises in the 9/14/2015 4000.1 release. The only area that seemed to cause some alarm related to the pre-closing audit rigor. If you are a Quality Control Plan customer of ours, you know that we have ALWAYS recommended this as a standard process.

Then you have to parse the guidance to understand the percentages, To reiterate:

10% of all production gets audited
10% of all AUDITS must be pre-closing/in-process audited

If you originate 100 loans, you must audit 10 (in addition to ensuring that you capture all sources in an audit cycle). Of that 10, 1 may be a pre-closing/in-process random audit. It seems like chicken and egg, but you have to look back at your total audit percentages to make the determination that you have conducted enough pre-closing/in-process audits.

Here is a sample policy that addresses 4000.1 Requirements for your QC Plan.

1-19-1 QC HUD 4000.1 Requirements

The requirements listed in Quality Control Plan requirements are referenced below as to how we comply in our procedures.

In general, the 9/14/2016 Update to the HUD/FHA Single Family Handbook re-organized standards into a new format referred to as the 4000.1 Revision. Although HUD’s requirements for quality control did not change substantively, the new policy manual opens QC reviews to a broader definition, by referring the examiner back to the Underwriting or Delivery requirements. Single elements no longer get addressed as minutiae, rather the entire guide is incorporated by reference.

A reiteration of HUD/FHA QC Review Area. This shows with some clarity that the scope and scale of "In-Process/Pre-Closing Review" is the same as the Post-Closing Review.

1-19-2 Referrals for Elements Specified in HUD 4000.1

We have located specific elements queried by examiners in the QC Plan for ease of reference.

4000.1 Section	Requirement	Location in QC Plan
A.3.a iv(A)	Sampling Methodology	1-22 QC DEL – Loan Selection Methodology and 1-23 QC DEL - Loan Sampling/Selection Procedure
A.3.a i(A)	Pre-closing reviews	1-20-1 In-Process Quality Control Audit 1-40 QC DEL – In Process Loan Level Quality Control Review Process
A.3.a i(C)	Early Payment Default (EPD) reviews	1-22-2 Early Payment Default

1-19-21 Terminology – Pre-Funding, Pre-Closing and In-Process Reviews

Please note that terminology may vary with all of the variation between industry standards regarding the Pre-Closing, Pre-Funding and In-Process reviews.

The terminology is so close as to cause confusion among lenders and reviewers.

·         Pre-Funding reviews refer to the review of Loan Quality Initiative and similar fraud detection elements conducted on EVERY loan before it closes.

·         Pre-Closing/In-Process reviews refer to the concealed selection of individual loans in process to identify potential fraud within the production process.

·         10% of ALL audited loans should be sampled. Example: If you fund 100 loans, 10 total loans should be audited and 1 should be pre-closing audited.

·         Loans PRE-CLOSING AUDITED do NOT have to be re-audited post-closing and count toward the 10% of ALL LOANS audited.

·         The ONLY DIFFERENCE between the pre-closing and post-closing audit is that the reviewer does NOT HAVE TO WAIT for re-verifications to come in. We still request third party verifications, but we do not have to wait to close the loan.

·         Post-Closing Audit is the full scope audit conducted by lenders and delegated correspondents. 

Unlike Pre-Closing/In-Process Audits, Post-Closing Audits MUST WAIT for Third Party Verifications before completing review.

MortgageManuals.com customers may download the update here.  If your numeration doesn't match the items shown here, you have missed the past updates and need to request a complete update

Mortgage Compliance Service Providers Using Scare Tactics

Why do they use Scare Tactics? They get the phone ringing.

But they also  create a lot of unnecessary disruption for companies that are trying to comply. For instance, one e-mail we saw recently, sent from a compliance company, warned Florida mortgage brokers over license suspension issues for non-compliance. As you know, we always try to shed light on issues that confuse participants, and there are some misleading problems with this solicitation. The first one is that the enforcement action WASN'T IN FLORIDA, it was in North Carolina, so Florida brokers can stop worrying about why they weren't aware they needed certain disclosures that don't exist in Florida.

Beyond this misleading alarm, there are other elements to consider.

First, let's just clarify one thing: you have to do something egregious to receive a cease and desist order. In the case of the broker who was the subject of this cautionary tale (whose name was redacted in the marketing piece), the egregious act involved charging borrowers fees which they did not agree to in writing. When a regulator cites you for this type of behavior, if it was unintentional and not systematic,  you can usually negotiate to correct the activity by making restitution for the unearned portion of fees. As we all know, most investors WON'T LET US collect more than we are legally entitled to, so one can conclude that this particular broker didn't have that type of oversight.

Second, in this case the broker surrendered his or her license, rather than deal with compliance. In this case, the broker likely didn't submit or negotiate any required policies and procedures. For regulators, this is standard procedure. If you cite an entity for one element, you cite them for everything that they lacked. Certainly, the lack of a compliance system was not the primary violation.

That said, brokers do need to have a compliance system in place. Regulators generally require policies to cover the elements for which they cited the broker:

1. Lack of control and supervision over its operations and staff; (a quality control plan should provide supervisory guidelines for staff - part of our broker pack)
2. Failure to have a written information security plan;  (Information Security is a requirement of FACTA - part of our broker pack)
3. Failure to have a written Anti-Money Laundering Program and policies and procedures for reporting and maintaining Suspicious Activity Reports; (AML required by FinCEN, is a fraud detection plan - your Quality Control plan doesn't have legs if there isn't a reporting structure - we provide a plug-in)
4. Good Faith Estimates that did not comport with state and federal laws and regulations pertaining to mortgage lending; (Compliance policies and procedures address how to properly disclose - clearly this action is also pre-10/3, due to the GFE reference)
5. Improper charging or collecting of third party fees for loan-related goods, products, and services; (A quality control plan should address the completion of a loan agreement, retention of documents and financial audit to avoid these types of findings)
6. Failure to maintain required records; (you should conduct a Quality Control Compliance audit on each loan you close. This procedure, which is part of Quality Control, identifies documents you must keep and any deficiencies)
7. Failure to provide required disclosures to borrowers (Your production quality control should include a checklist that identifies all required disclosures - this way you can prove you sent and checked for them, even if the borrower doesn't return a signed copy)

Laundry Lists Don't Help you Identify What's Needed

Regulators and investors often provide lists of specific policies or procedures they want to see. Complying with the laundry list creates a false impression that you have satisfied all concerns when in reality much risk remains in the uncertainty of how your procedure gets implemented. The individual responsibility for compliance starts at the function level; the person who actually does the work. If you map out a person's job duties, and provide a detailed rubric for how it gets completed, you ensure compliance. 

There exists a panoply of policy solutions for mortgage industry participants, but only those which specifically spell out HOW you comply will eliminate the risk of non-compliance. 

TRID - Process Management - From Scratch

GFE/HUD-1 Are NOT Extinct - merely deprecated

Of the many TRID change challenges, one curve ball that continues to confuse: GFE and HUD-1 still remain in use! TRID doesn't apply to all transaction - some retain the the GFE/HUD-1 process. Ensuring the correct disclosures at the right part of the process is an important component of compliance.

2010 GFE Process REMAINS IN PLACE

Your old GFE Process doesn't get deleted, it gets denigrated from a primary to a secondary process (depending on your business model). If your business focuses primarily on reverse mortgages, home equity lines of credit or mobile homes, your business continues as usual; the TRID process applies as secondary in the event you pick up a customer to which it applies. Also, business loans, farm loans, temporary financing, such as construction only loans, lot loans and conversions remain exempt.

Loan Estimate Process and Closing Disclosure Process

The procedures remain relatively unchanged. The major difference causing concern among the industry, revolves around the idea that any changes to the Closing Disclosure result in a 3 day closing delay. This will only happen if 

1. The APR (annual percentage rate) increases by more than 1/8 of a percent for fixed-rate loans or 1/4 of a percent for adjustable loans. A decrease in APR will not require a new 3-day review if it is based on changes to interest rate or other fees.
2. A prepayment penalty is added, making it expensive to refinance or sell.
3. The basic loan product changes, such as a switch from fixed rate to adjustable interest rate or to a loan with interest-only payments.

Theoretically, if we strip out all of the day-to-day processing time frames for documents, appraisals, title work and other time-consuming verification, a loan could still close within 7 Precise Regulatory days of application (because the customer must receive the initial disclosure at least 7 Precise Regulatory business days - in lieu of Actual Business Days - prior to closing.) 

Don't Forget the Home Loan Toolkit!!

The Home Loan Tool Kit replaces the "Settlement Costs Booklet" that we have been busy not giving to customers for the last 40 years. This is a foundational piece of the Know Before You Owe process. We have some problems with the information disseminated within the Tool Kit - specifically some mis-information with regard to locking in, but it generally represents a more customer friendly read and it references all of the other TRID material.

Your FREE Know Before You Owe Policy

Of course, remember we have been providing you with a FREE TRID policy since the beginning of the year. Now is the time to examine the easy way to manage your compliance policies and procedures with our Compliance VP Document Management System.