Why Vendor Due Diligence should be a Priority for Title Agents
Today’s residential mortgage industry scenarios are highly complex, dynamic and global. Lenders and title agents alike are using an entire chain of service providers across same geography, near-shore or off-shore. While they engage with a chain of service providers and reap significant benefits, title agents need to evaluate and mitigate the risk of using such third-party vendors.
Enterprises across mortgage-lending ecosystem, lenders, title agents, settlement agencies alike need to comply with a number of regulations. Let’s look at the impact of such regulations on title agents, and how they must look at vendor contracts and processes before they outsource work to service providers.
Challenges for Title Agents Using Third-party Vendors
Ensuring vendor due diligence has been a challenge ever since 2012, when the Consumer Financial Protection Bureau (CFPB) declared that all lenders must certify that their third-party vendor relationships do not pose any risk to the consumer. This basically means that the CFPB will hold lenders accountable for any negative impact on consumers caused by mistakes made by their vendors. So, demonstrating compliance with federal and state regulations and consumer financial laws is now a real challenge for title agencies who use multiple third-party agents for title clearance, escrow and closing services.
Inadequate processes of vendor management and lack of control over third-party relationships can result in not just financial penalties and legal disputes, but also loss of reputation, which can jeopardise the business. An enhanced process of due diligence of third-party vendors would require a well-defined and comprehensive outsourcing risk management process covering the following:
- Vendor risk assessment
- Vendor selection guidelines
- Review of contracts between title agents and their vendors
- Vetting of work processes used by vendors
- Ensuring protection of consumers’ NPI (non-public personal information) available with third-party vendors (such as social security numbers, bank account numbers, credit card numbers, etc.)
- Regular and ongoing monitoring of processes and performance of third-party vendors
ALTA Best Practices
The American Land Title Association (ALTA) has outlined a set of best practices to ensure protection of NPI data. Any service provider in the mortgage-lending ecosystem who has access to the consumer’s personal information needs to be assessed for risk as well as monitored for changes in risk on an ongoing basis. Checks and balances need to be put in place for data protection including:
- Written policy for privacy and information security
- Well-defined procedures for handling of escrow fund accounts
- Adoption of written procedures for handling customer complaints and queries.
- Adopting checklists for physical security and network security in premises where NPI data is handled.
ALTA best practices specify that in cases where NPI data is shared with a service provider, the title agency should be able to demonstrate that due diligence was conducted when selecting the vendor, including an assessment of the vendor’s information security protocols (for example, audit report reviews, security reviews, intrusion log reviews).
Other regulatory bodies simply require companies to demonstrate that written policies and procedures for risk management have been put in place and provide evidence that they are being operationalized. Overall, title agents should take care that they can prove that good-faith measures have been used to protect consumers from malpractices.
How Can Title Agencies Deal with This Challenge?
In order to meet these strict due diligence requirements, some title agents are asking their vendors to certify that they comply with ALTA best practices and some even ask for Service Organization Control (SOC) certification. These certifications, however, can prove expensive for many service providers. A good alternative option for title agents is to engage a qualified accounting firm to conduct regular audits and provide SOC reports, thereby demonstrating compliance to best practices.
Partnering with a qualified outsourcing service provider who has the necessary certifications and maintains the security protocols required by the regulatory authorities, is something that title agents must consider. In the final analysis, demonstrating compliance is in the best interest of the title agencies, as this will help them maintain good relationships with lenders and build a good reputation in order to attract new business from other lenders.
Visionet has been providing cutting edge technology and services in the mortgage domain for over 2 decades now and is well versed with all the compliance requirements. Through its title workflow platform, AtClose, Visionet also provides easy mechanisms for institutionalizing vendor scorecards and audits. Visionet is already certified by leading title agents and continues to deliver a variety of services in the title domain.