Third-Party Risk Issues in Mortgage Lending

Share

The concern with third-party risk management (TPRM) in the lending industry is based on the vast number of vendors who serve financial institutions to actually manufacture a loan. Each vendor accessing your database to review customer non-public personal information (NPPI) data or even company intellectual property does, in fact, open up additional penetration points of risk to your organization.

Outsourcing
Outsourcing a specific function has flourished since the financial crisis. Many lenders have taken a more open-minded approach to closing a loan more efficiently and cost-effectively. There is now a vendor type to fit into nearly every piece of the loan manufacturing process. Need help setting your loan files? Validating tax returns? Most likely there is a vendor who can do it. Regardless of the stage in the loan process, solutions have been created to allow lenders to offset costs by outsourcing some of the more administrative or labor-intensive functions. While there has been a lot of focus on the digital mortgage experience, the industry is in its infancy when it comes to automating the complete process and there are perhaps just a couple of outliers who are paving the way to leverage the available technology.

So far, 2022 has been an interesting year with housing inventory still near all-time lows, high demand for homes and a dramatic increase to interest rates with more on the horizon. For the lender who is looking at the tighter margins that may come about due to lower demand on refis, outsourcing has become a new norm.

  • For the lender who is looking at the tighter margins, outsourcing has become a new norm.

In lending, we seem to go through a feast or famine lifecycle. Regardless of the lending season, the role of the outsourced fulfilment vendor remains relevant both in terms of helping manage the spiraling cost of managing loan production costs or simply helping to manage through the peaks in volume. Now may be the perfect time to take a hard look at your vendor oversight process and start working to simplify your process and reduce your risks

Areas to focus on
For the vendor manager, it’s important to be aware of these peaks and troughs. After all, the primary role is to manage the risk that a third-party vendor presents to the organization. It is difficult to manage through this risk if you are not aware of how, why and when your lines of business need to leverage the third-party services. Understanding how the broader lending organization operates will allow the vendor manager to better serve their internal customers and become an effective second line of defense.

Other areas for the vendor manager to focus on will continue to be settlement agent and wire fraud exposure. While there are several worthy solutions available in the market, I am a huge supporter of working closely with the first line of defense to help raise awareness of the associated wire fraud risk and help implement best practices. Education and awareness are key.

The digital mortgage experience brings up the issue of cybersecurity, which is becoming more sophisticated. Inevitably, the resources often found with the chief information security officer (CISO) will need to be leveraged. This can become a great opportunity for the vendor manager to bridge the gap between production staff and the information technology team to protect all the core systems.

Working together
Third-party risk management is most effective when the lines of business work together in a multi-pronged approach. Regardless if the housing market is hot and origination volumes are high, an effective vendor manager will offer great value in assisting their business units in vetting and continuously monitoring the third-party vendors to help further grow their business. Being aware of the type of risks that the vendor exposes the organization to can be the deciding factor both in the selection and the ongoing relationship. For more information on how Vendorly can help you manage your vendor risk, contact us today.