Due Diligence and Ongoing Monitoring

Good afternoon.  I am with a non-traditional bank and we are looking into beginning to work with Brokers to help send business to one of our loan departments.  The Broker will know our parameters and advise customers that we could be an option for their lending needs.  They would have the potential customer fill out an application and forward to us for reviewing and determination.  We would then do all the mortgage work and the Broker would get paid on points if the loan closes.  It seems very similar to a lead generator relationship.

For those that already do this type of relationship, what type of due diligence to you collect and review before accepting the Broker?  How often do you do ongoing monitoring of these Brokers?

Hi there,

When dealing with a mortgage broker, it is important to perform robust due diligence checks, even if they are acting primarily as a lead generator. The first step is to conduct an inherent risk assessment to identify any specific financial, operational, information security, legal, compliance, or reputational risks associated with the relationship. This will help you determine the due diligence information and documentation required to validate the broker's credentials.

Based on the information provided in your question, you would need to review:

Cybersecurity and information protection

·         Assess the company's IT systems, databases, and security protocols.

·         Understand data storage, encryption, and vulnerability management.

Financial health and stability

·         Review financial statements, cash flow, and profitability.

·         Assess any outstanding debts, liabilities, or financial risks.

Compliance:

You should also verify the broker's compliance with various data protection laws (such as the GDPR and CCPA, etc.), assess how the company collects, stores, and shares consumer data, and understand its consent mechanisms and opt-in practices.

There are various laws that apply to mortgage brokers. Even if you are only using the broker for leads, it is essential to ensure that they comply with laws such as the Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA). These laws impose several disclosure and compliance obligations on mortgage lenders.

Other laws and regulations that the broker should comply with include the Fair Housing Act (FHA), Equal Credit Opportunity Act (ECOA), Fair Credit Reporting Act (FCRA), Servicemembers Civil Relief Act (SCRA), Electronic Fund Transfer Act (EFTA), Home Mortgage Disclosure Act (HMDA), Home Ownership and Equity Protection Act (HOEPA), Flood Insurance, SAFE Act, False Claims Act, Appraiser Independence Requirement (AIR), and Anti-Money Laundering (AML).

It is also important to check for complaints, licensure status, and past/current lawsuits involving the broker.

The Federal Housing Finance Agency (FHFA) provides guidance to Fannie Mae, Freddie Mac, Federal Home Loan Banks (FHLBanks), and the Office of Finance (OF) on assessing and managing risks associated with third-party provider relationships which can be found here. FHFA Advisory Bulletin AB 2018-08

I hope this information is helpful, but of course I'd love to hear from other members on this topic.

Hi there, 

By "Bank", it is correct to assume sub-prime mortgage bankers/lender is what you mean by "non-traditional bank"?

I managed a web-based inter-business hosted lead and application tracking solution (in 1996, we didn't call it a SaaS offering yet).  We had many brokers who signed up for a service where they needed to be sponsored by each Bank to submit to that bank for each state of the application. We had a lot of legal documents for the sponsoring bank to be fully accountable for due diligence of any mortgage broker they sponsored. This was done only after interviews with many State Attorney Generals, Banking departments (then there were 1st and 2nd mortgage banking departments and examiners), and even regional FBI offices.  Brokers completed the subscription agreement tied to each lender, and were able to see their applications, etc. We later successful migrated the Wholesale Lead and Compliance tracking system to Retail for our largest sub-prime lender who transitioned to only regional retail sales teams and centralized lead management (do not call (state,then federal) and other due diligence to increase loans from 100s to 1000s per month once they used our systems. 

Each State has specific due diligence for the lender to complete to be able to meet that state examiner's requirements for sufficient due diligence and documentation.   

As the service bureau, we still had to do our own financial review and deposits (advances) against services to be used to prevent accounts receivables issues like any other business. 

I am no longer affiliated with the service bureau for many years, but it is interesting to think we maintained all the due diligence evidence -- as we started with a database of all 60,000 plus mortgage brokers and had each lender go through a vetting process to 'activate' a broker for each state the lender was licensed to do business in. Their underwriters and compliance teams had sections to fill out and re-authorization (including copies of the lenders and the brokers licenses) to do business in each state. We were proactive to assist and send reminders to brokers and lenders to maintain license renewals, etc. based on state laws, etc.

It was fairly successful, and for its prime years of operations, Experian informed us we had the most online credit reports entered of all their vendors.  But that is another story.

This above is my own personal opinion/recall and does not imply knowledge or awareness by my current employer. 

Larry