You could carve out law firms in policy. They have a different handling and due diligence process.
That's what I do.
I have them listed under an exemption clause in Policy as "Exempt Professional Services and Agreements."
Procedurally, I have a short form and attestation process that is signed off on by the Legal department.
I also bucket, in the same exemption clause...
Interbank Agreements where both entities are governed by a common regulatory body.
Loan Sales to regulated institutions or Government Agencies
Governmental entity or agency, GSEs (i.e. FNMA, Freddie Mac, FHLB, FRB, FDIC, US Postal Service)
Law Firm Retainer Agreements/Engagement Letters
Loan Broker and Escrow services
Broker Services for Bank Treasury
Hope that helps.
------------------------------
Bradley Martin
------------------------------
Original Message:
Sent: 11-04-2022 11:35 AM
From: Anonymous Member
Subject: NPPI
This message was posted by a user wishing to remain anonymous
Thank you, Bradley.
The reason I ask this question is that in our TPRM program, if a vendor has access to NPI or NPPI, that vendor is automatically considered at least a moderate risk.
So, I want to be very careful how we answer this question, since most law firms will not be able to provide many of the documents that we require.
Any input will be greatly appreciated.
Original Message:
Sent: 11-01-2022 01:25 PM
From: Anonymous Member
Subject: NPPI
This message was posted by a user wishing to remain anonymous
Hello,
Just wanted to get the communities opinion on an NPPI issue:
If a law firm has access to our clients - note, deed, deed of trust, assignment or transfer of lien and release of liens, does that mean they have access to NPPI? I personally think information contain within these documents does not constitute NPPI, but I am not sure.
Also, if it is NPPI, then what level of due diligence do we have to do on a law firm?
Thanks