This message was posted by a user wishing to remain anonymous
Thank you again.
Our Default Management (FC, BK, & REO Leaders) and Vendor Management team work very closely to effectively performance monitor and escalate concerns to offending firms in a timely and appropriate manner in conjunction with our contractual agreement.
It has, however, been a long time internal discussion to better understand that next level, reporting systemic or significant failures in performance or due diligence to the GSEs.
You have certainly provided us additional considerations and perspectives. It really comes down to an organizations' risk appetite however I appreciate the ThinkTank as a space to dialogue and gather these types of perspectives from others. As a risk analyst having more perspective and understanding typically leads to the best outcome for those involved.
Original Message:
Sent: 11-22-2024 02:42 PM
From: Anonymous Member
Subject: Non-Compliant to Audit Request - Report to Investors?
This message was posted by a user wishing to remain anonymous
A series of rhetorical questions:
Which is more costly: Backlash from the vendor or a regulatory event that potentially could become public (or intentionally be made public by the regulatory authority, depending upon their perception of the issue)?
That said: Are you in position to assess the regulator's perception of your oversight of the vendors? (Reports of their inspections (examinations), their conversations during inspections, etc. If so, you're also in position to relay those thoughts to the law firms. In this instance, you're a messenger, not the "instigator". )
Which leads to:
Have you had remedial (friendly) discussions (at any level of pushback) with the "offending" law firms? Meaning: Are they at least aware of your firm's dissatisfaction – and has that been communicated to them by the business people that own that relationship? Have you documented these discussions internally?
While there are business politics to delivering these messages (professional, right timing, tone, tenor, right messenger), an important part of vendor management is managing expectations. The vendor has to know they're not meeting expectations.
If the messages have been delivered, at and by the appropriate level of seniority, then you're back to the original question, which is a business decision that needs to be made by very senior people.
Personally, I'd rather go through the costly transition – which frankly seems like it, by design, could be handled in stages – than have a regulatory issue.
These considerations are separate from the "notify" investors considerations. The same train of thought applies, though - not handling these issues or communicating them always will prove more costly to your company than raising them.
Best of luck.
Original Message:
Sent: 11-22-2024 12:31 PM
From: Anonymous Member
Subject: Non-Compliant to Audit Request - Report to Investors?
This message was posted by a user wishing to remain anonymous
Thank you for taking time to respond.
We are a private financial institution, however we understand our Regulatory/Servicing Guidelines to be clear on how we are to monitor our vendors performance and as needed report accordingly.
Our concern is regarding any backlash from the vendor should we report them and their non-compliance to our oversight/audit program.
Thoughts?
Do we take the risk to remain compliant ourselves with our regulatory obligations and run the risk of our vendors retaliating and providing us subpar service? Should we take the risk and potentially prepare for a worse case scenario where they being performing poorly and we have to terminate? Replacing a operationally significantly impactful vendor can be burdensome and costly.
Original Message:
Sent: 11-18-2024 01:50 PM
From: Anonymous Member
Subject: Non-Compliant to Audit Request - Report to Investors?
This message was posted by a user wishing to remain anonymous
Answer depends upon a series of items not mentioned in the question; will try to address the more common issues.
Law firms: Typically answer what they answer. They tend to respond with "attorney client privilege doctrine precludes disclosure" and a SIG or equivalent report. That tends to be generally acceptable to all. No way to force them to do otherwise unless Legal supports their termination for failure to comply. (Good luck.)
Obligations to investors: Are you a public company or a private company? Public company disclosure depends on materiality of the issue; suggest raising with your legal department. Private company disclosure depends upon contractual obligations to your investors. Again, worth a stroll to your legal department.
Law Firm Meeting Servicer Obligations: Not sure the question is clear enough. A law firm typically doesn't serve as a classic "servicer" of loans (which GSE implies). Servicers collect and track payments. Seems odd to have a law firm undertaking that responsibility. If the law firm is reviewing your company's template loan documents, that review likely must meet GSE requirements, but I'm uncertain how that fits into information security. That particular oversight task should fall to your company's legal department.
Investor Forced Vendors: The Investors' money; their choices. If your company has accepted their money, and the conditions of its delivery, that result seems inexorable. If issues arise, those issues should be simplified, escalated to the right person with the Investor contact, and things sort out from a business perspective. All you can do is raise the issues with the decision makers.
Ultimately, it sounds like you're at a small shop that isn't following all the protocols that you would prefer. Seems like you might want to assess your own risks and make your own business decisions.
Original Message:
Sent: 11-18-2024 12:31 PM
From: Anonymous Member
Subject: Non-Compliant to Audit Request - Report to Investors?
This message was posted by a user wishing to remain anonymous
We have a few vendors, including some of our default legal law firms who continue to not effectively complete our annual due diligence. We have been seriously discussing our obligations to inform our investors when these deficiencies or non-compliance arise however, are concerned about possible retaliation from our vendors resulting in a reduction in their service performance.
What are others doing in this area?
Do you report default legal law firms who perform GSE related work but fail to meet servicer selection guidelines to the respective investors? Any feedback from GSE or Law Firm on this?
Do you have any experience with being "forced" to use 3rd parties as a result of an investor requirement, such as a specific overall allowable reporting portal? We have issues getting effective due diligence as well as User Access management controls which often result in an audit finding.
Appreciate any information from others perspectives on this and how you have handled those hard to get due diligence request.