This message was posted by a user wishing to remain anonymous
As a financial institution who acquires Mortgage Servicing Rights from various entities such as another financial institution or a secondary marketing resource, do you consider these entities contracted under a Flow Servicing Rights Purchase and Sale Agreement to fall under your Third Party Risk Program?
If so, given that some of these are competitor financial institutions, what level of due diligence would you request?
Asking due to a recent incident where the entity we acquired an MSR was breached and the consumer data potentially compromised.
I appreciate you thoughts and insight into this situation.