As published in ABA Bank Compliance (now ABA Risk and Compliance) by Brad Templin and Jim Shankle, September/October 2020

As loan servicers face competitive challenges and increased regulatory and investor scrutiny, management must rely on internal systems to provide ongoing feedback on critical servicing components. Establishing internal monitoring systems should be an integral part of the management structure for all loan servicers. In addition to the regulatory and investor quality control requirements that mandate the ongoing monitoring of servicing activities, servicers are encouraged to avoid surprises by enhancing current processes to properly manage the various risks associated with servicing.

Quality Assurance vs. Quality Control

Quality Assurance (QA) functions are often embedded within the business line, the first line of defense. Ideally, the Quality Control (QC) program should be structured within the second line, typically within the risk management or the compliance function. A primary objective of these monitoring systems is to prevent the surprise element that can often result in significant operational, regulatory, reputational, and financial burdens if not detected on a timely basis.

A common misperception within the industry is to refer to the servicing QA and QC functions as one, when in fact, each should serve a unique and critical role in managing loan servicing. Servicers must ensure that all aspects of servicing are compliant not only with applicable regulatory and investor requirements, but also are monitored for inefficiencies and potential errors. By establishing both a QA and a QC function, the internal control structure is strengthened and can provide management with an effective early warning mechanism. The QA function, by its nature, is a preventive control whereas QC tends to be a detective control—identifying issues that have occurred after the fact.

There often are similarities in how QA and QC conduct the servicing reviews and report results of the ongoing monitoring each function performs. Both functions tend to rely on checklists to ensure that key controls and processes are reviewed with the results presented via charts and graphs, as well as reports detailing performance trends within the various processes under review. If structured properly, the QA results can significantly impact the depth of coverage for the QC scope and identify areas of concern requiring an increased focus.

When developing the criteria for QA monitoring, a common approach is to identify the key processes within the workflow of each servicing area to ensure those controls that directly impact regulatory compliance, financial, reputational, and information security risks are an integral part of the QA process.

Both QA and QC will address the same operations, however, the QA role tends to be more of a performance drill-down effort, again with the intent to prevent any systemic issues from occurring. If QA identifies significant issues, corrective actions will likely involve policy and procedure updates; operating system enhancements; or disciplinary actions. Coordinating the QA results with QC’s scheduled monitoring can alleviate any duplication of effort, which can allow QC reviews to concentrate on high-risk processes.

Not all QA reviews require specific account-level transactional testing. An effective QA control that is commonly implemented within the agency custodial accounts, accounting and investor reporting functions, is the creation of a reconciliation certification program. All general ledger and custodial and investor-related accounts requiring an ongoing reconciliation are identified and assigned to a responsible party, with required reconciliation frequency and dates last reconciled noted. Also noted are any reconciling differences as well as a listing of aged reconciling items, along with an indication that the reconciliations have been reviewed by a manager.

Another aspect of QA is the establishment of Key Performance Indicators (KPIs). KPIs provide management a benchmark to compare internal performance factors with peers in the servicing industry. The KPI comparisons can identify areas within servicing where efficiencies can be improved through process improvements, automation, restructuring, or organizational changes to control overall costs. There are numerous categories of KPIs for all aspects of both performing and nonperforming portfolios. There are several professional organizations that provide regularly updated peer data for comparison purposes. Common KPIs utilized in managing the business include:

• Number of loans serviced by employee—also can be segmented as desired to reflect location, product, or servicing function;
• Loan servicing unit cost—measures the average cost incurred to service a single mortgage loan over a defined time (total servicing cost divided by average number of loans in servicing portfolio over same period);
• Servicing portfolio by FICO score such that investors can analyze the distribution of FICO scores for loans in their servicing portfolio;
• Servicing profit per loan serviced;
• Default servicing can be segmented to analyze loss mitigation efforts, bankruptcy, deed-in-lieu, short sales, foreclosures (as a percentage of total servicing expense or a per unit cost);
• Law firm expenses as a percentage of total servicing expense; and
• Number and types of customer servicing complaints.

Servicing QC is generally a more structured process than QA primarily due to investor and regulatory requirements that have been in existence for some time. All pertinent investor requirements and relevant mortgage loan servicing laws must be addressed. In addition, internal policies and procedures that may not necessarily be required by investors, should be considered as part of the QC process as well. The types of loans serviced will impact the monitoring requirements of the QC program as products such as fixed rate mortgages, adjustable rate mortgages (ARMs), home equity lines of credit (HELOCs), reverse mortgages, and higher-priced mortgages will each have unique attributes that should be reviewed. Investor requirements may differ, requiring customized testing for each investor. For instance, FHA and VA loans have different servicing requirements from government-sponsored enterprises (GSEs )—such as Fannie Mae and Freddie Mac—and portfolio loans.

For reporting purposes, lenders segregate Federal Housing Administration (FHA) and Veterans Administration (VA) loans from GSEs and portfolio (non GSE & private investors) loans. This will ensure that each tranche, or segment of the portfolio is reviewed for adherence to the respective specific agency or investor requirements.

In most instances, loan servicing QC programs are not as prescriptive as the loan origination post-closing QC requirements, as the focus for servicing QC is geared more toward a risk-based approach. The GSEs have primarily focused on providing guidance on how lenders must construct their origination QC programs. Within Fannie Mae’s Servicing Guide, there are currently two pages devoted to mortgage loan servicing QC, as compared to thirty-five pages devoted to the originations post-closing QC requirements in Fannie Mae’s Selling Guide. The servicing and QC requirements for FHA and VA loans are much more stringent as specific expectations are clearly identified by the U.S. Department of Housing and Urban Development (HUD) and the VA.

Comprehensive servicing QC programs that encompass the entire life cycle of servicing generally include testing transactions that address the following characteristics or servicing events:

• Servicing transfers and loan boarding
• Billing statement disclosures
• Escrow processing
• ARM notifications
• Credit bureau reporting
• Fees and charges
• Mortgage insurance (PMI)
• Force-placed insurance
• Customer inquiries and disputes
• Servicemembers Civil Relief Act (SCRA)
• Monitoring call center and customer service communications
• Loan payoffs
• Successor in interest
• Deceased borrowers
• Collections
• Loss mitigation programs (forbearance; loan modifications; deed-in-lieu; reinstatements; short sales)
• Bankruptcy
• Foreclosure

The same emphasis should be afforded to QC reviews on performing loans as non-performing loans, which are loans in default generally for more than 90 days. However, FHA and VA portfolios are more heavily focused on the QC review of non-performing loans.

Evaluating the performance of servicing staff can assist in recognizing the root causes of identified deficiencies. Many servicers utilize performance scorecards that evaluate the potential severity, the probability and frequency of errors, along with an assessment of the effectiveness of established controls. The scorecard criteria should be based upon management’s expectations and include definitions of acceptable performance (i.e. pass/fail or specific grading criteria) as well as remediation plans, should the results of the risk-based monitoring be deemed unacceptable. Incorporating scorecards into the performance review process is a proven tool that helps management ensure quality and compliance are maintained, and errors are minimized.

For those servicing arrangements that involve subservicers, the owner of the mortgage servicing rights (MSRs) has the responsibility to ensure that the QC process is effective and compliant from both an investor and regulatory perspective. Service Level Agreements (SLAs) between the servicer and subservicer should permit the owner of the MSRs the ability to periodically audit the sub-servicer, via on-site visitations, on-going scorecard monitoring or both. An increased focus by regulators regarding third party vendor oversight and compliance with the servicer’s Compliance Management System requires the subservicer be reviewed frequently.

Considerations for Reporting Results and Exceptions

All QC programs developed should include a tracking mechanism to monitor the corrective actions implemented. Analyzing exception trends may result in revisions to existing policies and procedures and enhanced training of servicing personnel.

Many processes throughout the lifecycle of a mortgage loan are automated or semi-automated. Regular exception reporting will help ensure issues are identified timely, or that system enhancements do not cause unexpected issues that may require remediation. Some examples of reports include:

• Over funded Escrow Account Report—Evaluate the payoff refund of excess escrow funds and validate regulatory timing requirements;
• Escrow Accounts Due for Review—Capture when annual escrow analysis was not performed per regulatory or investor requirements;
• Tax Payments Report—Use to ensure all required payments are made on time; and
• Insurance Expiration Report—Use to identify accounts where forced-placed insurance may be required and ensure the required notices are sent within the timelines set by regulatory or investor requirements.

Regulatory Change Control Process

The regulatory and investor requirements for loan servicing change frequently. Servicers should manage this changing environment as an integral part of the ongoing operation. In order to avoid servicing interruptions and non-compliance risk, a defined role should be established within the servicing function for ensuring that any revisions from the regulators or investors are properly communicated. This can be accomplished when a designated point-person or centralized team reviews and forwards the changes to each business unit within the organization. The change is then reviewed by the subject matter experts to determine if the changes will impact departmental level policy and procedures.

A review of any regulatory updates that impact model disclosure forms or borrower communications should be included as well. Since the use of model forms can provide some degree of a “safe harbor,” it is an industry best practice to mirror the model templates if possible. Once the internal review process occurs, management can assess if system enhancements are needed, additional staff training is required, and how the changes will impact and require interaction across the numerous servicing functions. As the updates are provided for review throughout the internal distribution process, maintaining proper version control is of utmost importance.

Maintaining a comprehensive change management master library of all regulatory updates and model form revisions will help to ensure that each regulatory change has been thoroughly vetted and reviewed by the appropriate management of each servicing function. This function often resides in the second line of defense (risk or compliance). Items to consider tracking in the master library include:

• Date the regulatory update was received as well as the required implementation date;
• Departments within servicing that were provided the updates for review;
• Indication that each department impacted by the change signed off on the review;
• Next steps each department will execute to ensure the change is implemented (e.g. policy and procedure updates; date staff training is to be scheduled; system enhancements scheduled; etc.); and
• Impact of any third-party involvement in revisions to borrower disclosures and communications.

Servicing Transfers and Loan Boarding

The servicing transfer and loan-boarding processes should be carefully reviewed by all servicers. This has been a significant issue in which the regulators have identified multiple instances of borrower harm as a result of incorrect data transfer between servicers. Several different types of situations are considered as servicing transfers in the Consumer Financial Protection Bureau (CFPB) Mortgage Servicing Transfer Bulletin 2014-01 (issued August 19, 2014):

• The mortgage owner may sell the rights to service the loan, called the Mortgage Servicing Rights (MSR), separately from the note ownership;
• The owner of the loan or MSR may, rather than servicing the loan itself, hire a vendor—typically called a sub-servicer— to take on the servicing duties;
• Servicing transfers may also occur through whole loan or whole loan portfolio transfers, rather than through sales of MSR; and
• Servicing responsibility is transferred within a company from the origination platform to the servicing platform.

Comprehensive policies and procedures should be implemented for the various scenarios that can occur in the transfer of servicing. The ultimate objective should be to eliminate any servicing interruptions to the borrower as well as ensure transparency occurs from the servicer’s perspective.

This is essential to many aspects of Regulation X-RESPA. The process should include having follow-up procedures and practices to obtain missing documents and loan data from the seller. Once a servicing transfer is completed, there may be little or no leverage to compel the seller to search for the missing documents; particularly in those situations in which the servicing acquired may have been sold or transferred multiple times prior to the current transfer. Future potential problems that will likely arise from a faulty loan-boarding process can easily outweigh the time and cost of getting it done right initially.

Of utmost importance is ensuring that the review process for transferring pending loss mitigation applications as well as foreclosures in process (commonly referred to as “in flight”) prior to the effective date of the transfer is properly controlled.

Successful transfers occur when the process is communicated and properly coordinated with both entities involved. Best practices within the industry typically include:

• Establishing internal planning meetings with representatives from each servicing function involved in the transfer process, commonly referred to as the Conversion Team (personnel from IT, payment processing, escrow, foreclosure, loss mitigation, bankruptcy, legal, etc.);
• Ensuring contracts and service level agreements between the transferor and the new servicer specify key requirements for data and documents to be transferred and delivery timelines;
• Performing pre-transfer scrubs of data and supporting documents to identify any discrepancies requiring corrective action prior to the transfer. The data involved in servicing transfers can often exceed 275 data fields per loan;
• Maintaining ongoing communication between the transferor and new servicer during pre- and post-conversion phases. Identifying responsible parties for all transfer processes is critical to the success of the transfer;
• Escalation procedures should be clarified to ensure that appropriate parties have been identified to resolve any critical pending issues impacting a successful transfer; and
• Ensuring that the transferor properly notifies all third parties utilized for various roles related to the loans to be transferred. These include:
  • Default services providers including, for example, foreclosure attorneys, bankruptcy attorneys, and trustees;
  • Realtors engaged to sell properties where titles are transferred to the institution as a result of foreclosures and management companies hired to manage the bank owned properties; and
  • Other third-party vendors including all homeowner and flood insurance providers, private mortgage providers, MERS, flood tracking companies, tax collection agencies and tax service providers.

Establishing a post-conversion review process is important to ensure any outstanding issues continue to receive the highest priority in order to mitigate any borrower impact (e.g. incorrect loan data converted; pending documents not yet received). Additional attention should be given to ensure there is a process to determine if proper credit reporting and late fee recognition is in place post-conversion.

Conducting a “post-mortem” review at the conclusion of each servicing transfer is highly recommended, to identify key successes of the transfer as well as any required revisions to the transfer process that could result in updating existing procedures or enhanced training opportunities.

Consumer Complaints

Complaint themes and root causes identified in complaints received from borrowers can be considered a treasure to management seeking to understand the pulse of the bank’s current servicing performance. Analyzing the complaint trends and root causes should lead the business to a more comprehensive assessment of changes required to solve diagnosed issues quickly and to meet required regulatory timelines and expectations.

The common themes noted can help identify where the main pain points are or where processes are breaking down which could result in customer harm or lead to more manual processes that can negatively impact efficiencies. The bank’s complaint policy and procedures should include a requirement to identify the root cause of each complaint; determine whether remediation is required; as well as assess whether the complaint has any indication of being caused by a systemic issue.

There are usually a good number of complaints regarding disagreement for credit reporting, escrow shortages, or forced-placed notices. Often, these types of complaints could be linked to a lack of customer knowledge. If complaint trends point to areas that reflect a need to educate borrowers, there may be an opportunity to review current notices provided to the borrower or provide call center staffing with helpful tips when speaking with the borrower. Updating the website with FAQs might also help consumers find answers to their questions or concerns.

Conclusion

There are various practices that management can implement to monitor the on-going loan servicing performance. Eliminating the surprise element related to regulatory, legal, financial, and reputational risks benefits the bank and demonstrates a strong commitment for maintaining an effective internal control system.