Are you frustrated with quality control, compliance management system (CMS), mortgage risk assessment, and the internal audit process? Do you find it difficult to identify all these types of follow-up activities? Not sure if Fannie Mae and the Consumer Financial Protection Bureau (CFPB) have similar expectations? If that describes you, you are not alone. There has been a lot of ground in recent years. As the mortgage industry developed through the compliance process, it was difficult to determine how all the pieces came together.
Prior to the Dodd-Frank policy, most homeowners felt comfortable with all aspects of their business following the rules because they followed Fannie Mae’s guidelines. And/or Freddie Mac also has a quality control program. They conducted in-depth reviews of quality management policies and procedures, tested loans and management and personnel issues. They have included assessments for individual loans and have recently begun the review process for repayment. But having a strong quality control program is only part of the game in a row, as many learn.
The first challenge after Dodd-Frank went into effect was the realization that CFPB requires consumer financial companies (which all mortgage lenders now know to include) to establish and maintain an effective CMS. In 2014, most mortgage lenders climbed to absorb what it means to have an effective CMS. As they have learned, an effective CMS usually has four “pillars” or interdependent management components: 1) supervision of advice and management, 2) compliance programs, 3) responses to consumer complaints, and 4) compliance checks. Effective risk management is likely when each of these four “pillars” is strong and in harmony with each other.
On several occasions, lenders initially implemented a CMS process by purchasing off-the-shelf policies and procedures but found that these generic documents did not adequately reflect their business model and required extensive revision. When borrowers realize the importance of establishing an effective compliance unit and how all the CMS pillars work, they focus on strengthening their CMS to comply with the CFPB. Many lenders have taken further steps to develop and maintain an organized and well-managed CMS to ensure that all business units within the company comply with legal requirements.
In addition to the CFPB, mortgage companies must also meet investor requirements. For example, Fannie Mae conducted a MORA assessment. 3 The specific areas evaluated by Fannie Mae include organizational structure and governance, initiation channels, acceptance and review, settlement / post-settlement / financing, quality control, internal compliance/audit, secondary marketing, Technology, and business continuity. Each of these nine areas will be assessed as part of the process assessment, and Fannie Mae will conduct the assessment. These classifications are based on all information contained in the general classification. This includes document testing, process evaluation, and interviews. About 45 days after the interview with the counterpart, Fannie Mae released its final MORA report. The final assessment can identify problems, appropriate corrective actions, suggestions for improvement, and classification of functional areas. Assign one of three ratings: acceptable, needs improvement, or unsatisfactory. The general assessment of the functional area is consistent with the severity of the problems identified (i.e., high, medium, or low).
Once the lender has received your final report, they will analyze the results and take corrective action. Fannie Mae expects to receive a proposed action plan from the lender within 30 days of the final evaluation date. The lender sends its action plan to the Accounting Risk Manager (CARM). Fannie Mae recommends that the lender review the original plan and its CARM before the due date. Inappropriate action plans will be returned to the lender for correction. The timeline will remain the same in these cases. Several creditors received MORA analyzes to identify internal compliance/audit as an issue. While a creditor may have an operational compliance unit, as well as a robust quality control plan, this does not mean that it also has an internal audit unit operation that meets Fannie Mae’s requirements. Many creditors have been confused about what it means to have an internal audit function. It is believed that a compliance director or quality control plan can be considered an internal audit. The structure, nature, or purpose of the internal audit operation are not known. And, perhaps most importantly, they do not meet the essential requirements of independence in their internal audit functions. The internal audit function must be completely free from the influence of other business entities. This is true whether it is internally based or uses a third-party provider as an internal auditor.
You may ask, “How does the lender achieve this? What options do I have here?” One option to consider is outsourcing the internal audit function. The external auditors should be involved by the management as the appointed chief for chief audit as the board of directors. Some creditors consider it inappropriate to link their internal control functions to the chief financial officer, the chief executive officer, or, to a lesser extent, the business unit. Whether the internal control function is fully performed by a household department or by a third party, it should only perform internal control tasks, which should be reflected in the structure of the report. Are there other options outside of outsourcing internal control than the organization? Yes, there are other options – and variations of the options. In many cases, it can be a combination of both. Larger mortgage bankers may need an internal auditor and be able to set up an internal function. Others may ask for help in the process. This may initially involve the use of a third party to carry out the results of the internal audit evaluation, which will result in an annual audit plan and strategic plan that is gradually implemented as a separate entity in the creditors’ organization. Younger debtors may be involved in the designation of all internal control functions and the appointment of an internal control contact to assist in planning and administrative work.
If the smaller borrower chooses to perform the internal audit function, it should be ensured that the function is structured so that no operational tasks are involved in the role. Internal audit functions typically coordinate federal / state investigations and investor investigations and monitor the progress of corrective action against deficiencies noted in relevant audit reports. Even very large financial institutions with well-established internal units may need special help from an external source. This may be due to a lack of staff, or it may be due to a lack of expertise in a particular area. For example, the internal control unit does not consider that it has full competence to carry out an internal control of service delivery as secondary marketing as another unit. Sometimes the internal control unit decides to hire a third party for a specific project that requires a large staff for a short time.
For information on foreclosure defense call us at (877) 399 2995. We offer litigation document review support, mortgage audit reports, securitization audit reports, affidavit of expert witness notarized, and more.