About

Comment Policy

Disclaimer

Share or Subscribe

Add me to your TypePad People list

Search BLB


  • Google

Stats

Blog powered by TypePad
Member since 03/2004

Outsourcing

February 24, 2013

Vendor Management Is Still A Regulatory Hot Button

Hot ButtonAccording to the FDIC, a common theme in IT examination downgrades is poor vendor management by banks.

Last year, in 46% of the FDIC IT examinations in which bank ratings were downgraded, inadequate vendor management was cited as a causal factor, says Donald Saxinger, senior examination specialist in FDIC's Technology Supervision Branch.

"I'm not saying it was the primal causal factor, but, in 46% of the downgrades, vendor management was cited," Saxinger says. He spoke during the recent ABA Telephone Briefing "Vendor management: Unlocking the value beyond regulatory compliance."

Although the most common “error” that FDIC examiners discovered was the failure by banks to ask their vendors for copies of regulatory examinations, that wasn’t the only nugget contained in the linked article from the ABA Banking Journal. Among the others:

• Vendor management needs to consider all service providers that hold sensitive customer information, not just IT vendors. These include loan workout consulting, appraisal review companies, outside attorneys, and others.

• Make sure to get the proper exam reports about individual vendors. Some banks just obtain reports for the host data center, but not for the specific application that the banks were using.

• Even the proper reports don't cover everything that a bank must consider in its security risk management efforts. For example, one service provider with an otherwise clean report did not have an internal audit program and its business continuity planning was poorly documented.

This is all sound advice, of course, but knowing what you need to ask for is only half the battle. You also need to make certain that the agreement with your vendor gives the bank the right to ask for, and the vendor the obligation to deliver to the bank, copies of the necessary reports. Relying on the goodwill of the vendor in coughing up examination and audit reports, especially when they may contain results that are less than flattering to the vendor, is "unwise."

Here's one more tip: if the report reveals problems, the agreement with the vendor should require the vendor to notify the bank of what action the vendor intends to take to remedy the defects, and should also require the vendor to give the bank periodic progress reports on its progress in correcting those problems.

I'll be doing a webinar on March 6, 2013 on the topic "Technology Service Agreements: Meeting Regulator’s Expectations." It covers regulatory guidance applicable to credit unions, banks, and thrifts, although the same essential principles apply to each. The goal is to discuss the provisions of a technology service agreement that regulators expect (and that sound business judgment requires) be included, and to give financial institutions guidance on how to approach the issues covered by each of those provisions so that the institution meets its regulator's expectations while also meeting the institution's business needs.

09:42 PM in Banking Law-General, Compliance, Contracts, Credit Unions, Electronic Banking, FDIC, FFIEC, NCUA, OCC, Outsourcing, Risk Management, Web/Tech | | TrackBack (0)

February 03, 2013

Cyberheists: Big Banks Increase Small Banks' Losses

Cybercrime 4Internet security guru Brian Krebs had an excellent post a few weeks ago about much of the attention on cyberheists may be focused on the security vulnerabilities of small banks and their business customers, the large banks are playing a large role in small banks' losses.

A $170,000 cyberheist last month against an Illinois nursing home provider starkly illustrates how large financial institutions are being leveraged to target security weaknesses at small to regional banks and credit unions.

I have written about more than 80 organizations that were victims of cyberheists, and a few recurring themes have emerged from nearly all of these breaches. First, a majority of the victim organizations banked at smaller institutions. Second, virtually all of the money mules — willing or unwitting individuals recruited to help launder the stolen funds — used accounts at the top five largest U.S. banks.

Krebs responds to a question often asked of him, whether it's safer for a business to bank with a large bank rather than a small bank, by asserting that it's a difficult question to answer "because banking online remains a legally and financially risky affair for any business, regardless of which bank it uses"

Businesses do not enjoy the same fraud protections as consumers; if a Trojan lets the bad guys siphon an organization’s online accounts, that victim organization is legally responsible for the loss. The financial institution may decide to reimburse the victim for some or all of the costs of the fraud, but that is entirely up to the bank.

That's right. Regulation E does not apply to business customers. That's something that sometimes comes as a shock to small business customers, especially those who were too cheap to hire legal counsel to review the account and other online banking agreements before they were signed. "Forewarned is forearmed" is an old adage with a lot of wisdom behind it. It's not that banks will negotiate the terms of their agreements (most of them will not, especially with small customers), but that customers who understand their legal position going into the relationship are more likely to be concerned about doing due diligence on the bank's security procedures and track record and considering other methods to lessen and cover their risks (I've seen a few who suddenly realize that having a PC dedicated solely to online banking transactions and no other activities is not such a waste of money, after all).

Krebs also points out that since larger banks are more likely to have the resources to settle even large losses to avoid the reputational risk of cyberheists, it may be difficult to know how many instances of loss occur. However, it's reasonable to assume that the large banks spend a lot more money and person-power on security measures than do small banks.

Wearing my cyberthief glasses, if I’m looking at a huge pile of data stolen from thousands of victims, I’m probably more apt to target victims at smaller banks based on one simple assumption: Because I’m going to have a much higher success rate than I would targeting customers of larger institutions.

Krebs takes a shot at technology service providers who service many of the smaller banks for not doing more to secure online banking transactions.

Case in point: Optimumbank’s service provider is Fiserv, one of the largest banking industry service providers. According to Fiserv’s site, at least 52 percent of the nation’s $19 billion in ACH payments are processed using Fiserv software. If this is true, one might think that Fiserv’s systems handled about half of the mule transfers that were sent from Niles Nursing’s hacked bank account.

But according to Murray Walton, Fiserv’s chief risk officer, the software that most of its customer banks run — called PEP+ – is a client solution that does not interact with the company’s data centers. He said while Fiserv does offer an antifraud solution called FraudNet, that tool is designed for online bill pay services that banks can use to detect fraud patterns on consumer accounts.

“There are vendors who can knit it all together for banks, but that isn’t what we do,” Walton said in an interview. “For various and sundry reasons we don’t offer an engine that does the same thing as [an anti-fraud provider like] Guardian Analytics. Realistically, the client and end-user have responsibilities that they can’t abdicate to us. Everyone in this needs to take it seriously and not think that someone else has their back.”

I understand Walton's point, but on the other hand, a small bank's takeaway from those three paragraphs might be "Fiserv doesn't have your back, so look elsewhere." A competing core platform and processing vendor that "does have your back" might have a tag line to use.

Large banks are also lambasted for allowing so many "mule accounts" to be established.

As it stands, the big banks don’t have an incentive to police new accounts for mule activity, because it’s generally not their customers who are getting robbed from this activity, said Avivah Litan, a fraud analyst with Gartner Inc.

“The bad guys shouldn’t be able to set up these mule accounts in the first place,” Litan said. “The bigger banks are not doing a good job of screening for this activity because they’re not the ones eating the fraud on these attacks on smaller bank customers. [The bank service providers] should be spending more money. And the regulators should be coming down on them harder.”

Krebs suggests that, perhaps, "small, regional and local banks can pool their clout and resources to extract more from service providers than what those companies are currently offering." Fat chance. Several years ago, some of the largest users of technology services in the country made a concerted effort to get giant service providers to take more contractual responsibility for the performance, and vulnerabilities, of their technology. It fell flat. Unless the bank regulatory agencies intervene directly with the service providers, they'll continue to do what they do best: collect fees and deny liability.

As for watching your own back as it applies to business customers, Krebs offers some good suggestions, among them:

  • Shop around for banks until you find one that assures you that it uses layered security.
  • Use "Positive Pay" if your bank offers it because it not only deters check fraud but other unauthorized transfers, online and off (I heartily concur).
  • Use Live CD to temporarily covert your PC from Microsoft to Linux for doing online banking transactions.

Krebs also offers an online "best practices" guide for businesses. As with much of his material, it's good stuff.

09:34 PM in Banking Law-General, Compliance, Contracts, Crime, Deposits, Electronic Banking, FFIEC, Litigation, Outsourcing, Risk Management, Web/Tech | | TrackBack (0)

August 07, 2011

Vendor Management: Another Regulatory Pressure Point

Pressure Vendor management has been a topic this blog has been gassing about since its earliest days. You'd think that by now, the subject would be "old hat." Unfortunately for bankers who fell asleep at the vendor management wheel, it's an evergreen source of regulatory sanctions.

Bank Safety and Soundness Advisor's Aaron Steinberg (sorry, a paid subscription is required) recently pointed out that regulatory interest in vendor management is on the rise because "you can outsource a process – but you cannot outsource the risk."

The immediate cause of this rising concern might be the loan servicing debacle that's made so many bad headlines for bumbling loan servicers, many of them the nation's largest too-big-to-fail banks. Unfortunately, it's raised a red flag with bank regulators, a flag that's likely to have examiners parsing the nuances of the vendor management programs of banks both large and small. As consultant Eric Holmquist warns, the topic is likely to be "one of the top items of focus this year when it comes to risk governance." Just what overburdened community bankers needed to hear, eh?

Other observers offer up the idea that community banks ought to take this increased scrutiny as an opportunity to save themselves some money.

Third party costs, separate from payroll, are among the heaviest for community banks, averaging 30% to 40% of non-interest expense. That presents opportunities for cost-cutting and improved efficiencies. With the economy still struggling, vendors may be willing to negotiate with you on price to hang on to your business as tough times continue.

“This is about taking the opportunity, which has been created by some regulatory requirements, to get back to some sound business practices,” says Paroon Chadha, co-founder and vice president of Passageways, an Indiana firm that provides vendor management and other services to credit unions and community banks. “If you can improve performance for 40% of your spending, that is easily the most underutilized opportunity you have in your playbook.”

“Most institutions are focused on ensuring that they meet regulatory guidelines. It boils down to a compliance activity,” says Rock Carter, chief executive of Credit Union Vendor Management, a Colorado-based firm that provides vendor management services to credit unions. “There is a hard dollar advantage to managing vendor relationships in a way that goes beyond the minimum to meet regulatory guidelines.”

“When you manage that vendor … you will often see these results in terms of enhanced service levels,” Carter says. “If you are on auto pilot, you are not going to see that the commitments made at sales time have gone unfulfilled.”

One of our clients is currently employing the services of a consulting firm to scour all of its third party vendor arrangements for cost savings and other areas of "improvement." Such consultants retain a percentage of the cost savings, so they're incentivized to maximize the reduction of expenses. Vendors hate to see those guys walking in the door, but life is tough all over these days, so they learn to live with it.

If you've got to live with the lemon of more regulatory scrutiny, you might as well use the occasion to try to make some lemonade.

09:48 PM in Compliance, Contracts, FFIEC, Outsourcing, Risk Management | | TrackBack (0)

December 09, 2010

Mortgage Brokers Are Checking Out

Time_is_running_out Last year, we detailed Colorado's "crisis" with respect to the "deactiviation" of mortgage brokerage licenses in that state because so many of the brokers couldn't pass a basic skills test. Colorado wasn't alone, inasmuch as previous posts over the last few years have related similar problems in Texas and Washington.

We learned yesterday that Florida is having its own mortgage broker fallout problem, but in the Sunshine State's case it's not due to dummies failing a test but because they haven't bothered to apply for a license under the new stringent licensing requirements mandated by the S.A.F.E. Act.

Less than 25 percent of mortgage industry professionals in Florida have submitted an application to the state to obtain licensing under new guidelines that will be implemented on January 1. With less than a month to go before more stringent requirements take effect, the state is now concerned that mortgage brokers throughout the state could find themselves ineligible to work.

[...]

The state said only 14 percent of the licensed mortgage companies and 23 percent of the licensed mortgage company branches in the state have submitted applications.

Those who submit applications after December 31 could be forced to wait up to three months to have new applications approved.

Maybe it's just me, but there appears to be a severe morale problem in the mortgage brokerage business. Perhaps that's due to the fact that since the subprime meltdown in 2007 and the general economic collapse in the fall of 2008, the mortgage business has...how shall we put it delicately..."sucked." We don't mean "sucked" in the sense that you might inhale somewhat more  vigorously after a brisk 10-minute walk to Starbucks. No, we mean "sucked" with force sufficient to draw a golf ball through six feet of garden hose.

The reason that mortgage brokers aren't re-taking educational tests or applying for a new license might just be that many of them have found other useful employment, such as asking me whether I'd like "fries with that" or "a blueberry scone to go with that latte."  Perhaps I'm wrong, but I think these phenomena are due more to mortgage brokers having left the mortgage business in droves so they can earn a steady income than they are to some total ignorance of regulatory requirements or space aliens shooting their heads full of pellets that cause a sudden onset of Asperger's syndrome. If it turns out that, all of a sudden, the mortgage lending needs of Joe and Jane Sixpack are not being adequately served, we can always find some folks offshore, like the very polite and efficient customer service representative I spoke to yesterday on a technology problem and who identified himself, without cracking up once, as "Brandon" (but who definitely sounded more like "Mujibar") to fill in the gaps until our home-grown mortgage brokers get their collective act together again. 

09:21 PM in Compliance, Employment, Federal Legislation, Lending, Life (In General), Mortgage Banking, Outsourcing, State Law, The Economy | | TrackBack (0)

January 05, 2010

Too Little, Too Late

Experts consulted by Atlanta Business Chronicle reporter J. Scott Trubey tell like it too often is: small banks often wait too long to deal with problem commercial loans and, by the time they do finally address the problem loans, they lack the internal skill set to deal with them properly. Georgia is ground zero for this issue, with 30 banks in the state having already failed and with over a third of the state's banks under regulatory enforcement orders of some sort.

Small lenders, with limited personnel, often do not have talent with the depth of experience to handle the complexity and sheer volume of problems the current financial crisis has thrown at them, experts say.

Some are turning instead to outside consultants who are resorting to creative measures to salvage value out of busted real estate bets.

[...]

“What you’ll find with lenders is they’ll drag their feet and drag their feet until their problems catch up to them,” said Joe Waites, a bank consultant and partner with Minerva Consulting LLC. “[Small banks] don’t have the talent and in most cases they don’t have the right resources.”

Small banks by their nature are deeply embedded in their communities. Often borrowers and bankers go to the same church or golf club and their children play on the same soccer team. They need independent, third parties to make the hard choices, while not breaking those bonds.

“You can’t convert lenders into workout experts,” Waites said. Lenders spend months and years building relationships with borrowers. When the loan starts to sour, the bank itself may not see that the loan is going south until it’s too late.

“Literally the losses get larger and larger,” Waites said.

As commercial real estate problems continue to worsen, the prospects are only going to get bleaker for those banks that play "wait and pray."

The next wave — commercial real estate — will also hit community banks that bet on retail centers and small office buildings.

With vacancy rising and property values falling, many underwater borrowers will need to inject equity to keep projects alive, Waites said.

According to industry sources, many banks have not been proactive and engaging their borrowers to find workout solutions before problems worsen.

This is one area where thinking you can handle whatever comes down the tracks may very well result in you being run over. Even if a community bank with problem commercial loans thinks it can weather the storm without hiring outside help, it might be worthwhile to talk to outside consultants who have a track record of dealing with troubled assets (there are a number of folks who gained much hard-earned expertise during the mid-60-late 1980s and early 1990s and who are still kicking) to see what they have to offer. At the very least, you will be able to say you considered hiring outside help to assist the bank in dealing with its problem loans and rejected that course of action for whatever logical business reasons might be relevant. That's better than facing your board and shareholders with the bank rapidly sliding down the hill into a bottomless pit and admitting (or being forced to admit) that you didn't explore all the alternatives.

Not every consultant will be able to add sufficient value, but it never hurts to turn over all the stones in sight.

09:38 PM in Commercial Lending, Lending, Outsourcing, Real Estate | | TrackBack (0)

July 23, 2009

Barney Ain't To Blame

A reader sent me a link to a video of an interview with Barney Frank in which Barney engages in rapid-fire rewriting of history, and asked me what I thought of it. I thought it was business as usual for a slug like Frank, who wouldn't know the truth if it ran up and bit him in the hind quarters. Revisionist history inside The Beltway is just politics as usual.

In Frank's case, he's been doing it for awhile. Larry Doyle at Sense on Cents fisked Frank's lies about home-ownership-versus-subsidized-rental-housing a few months ago. It's as if these clowns don't understand that there's this technology called "television," and when you stand in front of a TV camera and you're recorded saying one thing in 2003, 2004, or 2005, there's a record of it, so that when a few years later you tell a completely different story, your lies are rendered completely transparent.

It's likely that Frank feels comfortable in the fact that there's nothing he can do except not bring home the pork that would cost him his seat in Congress. The bottom line is that he doesn't care. Like Humpty Dumpty, a word means whatever he says it means. His constituents apparently deserve him, since they return him every two years, no matter what he says, does, or doesn't do.

Frank's not the only cynical sack of utter uselessness cluttering the corridors of the nation's capitol. He's just low-hanging fruit that's easy to pick off. When  your time to blog is limited, low-hanging fruit is attractive.

As the truth commissions begin the arduous task of assigning blame for the current mess in strict accordance with political ideology, expect the duck-and-run-for-cover reprobates of both parties to all be singing the same basic song. Rome burns, Nero fiddles.

09:49 PM in Fannie Mae, Freddie Mac, Lending, Outsourcing | | TrackBack (0)

May 21, 2009

It's All About Leverage

Leverage The problems that many smaller (and even some bigger) banks have in obtaining meaningful protection in contracts with third-party technology service providers is one near to my heart. The Tech Law Guy, Tom Hall, put up a post yesterday that gives businesses of all types, including banks, useful tips to deal with the process of negotiating a contract with a technology vendor.

Tom's basic premise is that the purchaser's options may be limited by the "leverage" that it has or does not have entering into the negotiations, and that leverage is usually a matter of whether or not the business has the option to walk away from a vendor and find another vendor for the same or a similar service. Increased leverage could also result from the fact that a business does not need to engage in the activity with which the vendor is going to assist the business. If the business terms or legal terms of the contract imposed by the vendor are too unfavorable to the purchaser, the business can say "No Thanks."

As Tom notes, times have changed in the technology services business.

I can recall when, many years ago, “negotiating” with IBM for data services meant haggling over volume discounts and service hours. There were competitors in the market, but none of them rivaled IBM’s reputation for service and cutting edge technology. With little competition, IBM had no incentive to change its standard terms and conditions

Today there is vigorous competition in most sections of the IT market. Few companies dominate their fields, giving Customers room to negotiate.

That ought to be the case, but I find that many banks fall in love with the product or service, hash out the basic business terms with the vendor, then get their lawyer involved to review the contractual terms. At that point, there often exists an emotional commitment by the client's business people to "the deal" that results in the bank agreeing to knuckle under when the vendor digs in its heels. Often,  the bank rationalizes the granting of concessions in some fundamental contractual benefits or protections that it wouldn't have to give if it, too, "dug in its heels." In essence, the bank begins to negotiate with itself, a process that seldom ends well for the bank. Tom recognizes this danger and suggests a solution.

Once Customer has said “You’ve got the deal,” Vendor has no incentive to make concessions. Better to award the contract only after the competing vendors have made their best offer on price and terms and standards and service levels and warranties, etc. Also, consider requiring vendors to comment on your standard contract terms as part of RFP. Vendors who request unreasonable changes, or an unreasonable number of changes, may be weeded out early in the process. Time spent on needless negotiation will only delay project completion and a difficult negotiation may portend a difficult relationship.

Doing an RFP makes sense for most major technology transactions, but some banks either lack the attention span or the in-house expertise to manage this process and won't spring for the cost of a third-party consultant to manage the RFP process for them. At the very least, the bank should have at least one alternative vendor in mind, and senior management ought to sit down with  the bank's legal counsel, before the business negotiations start, decide upon the "have-to-have" risk allocation and other critical contract provisions, and make those contractual requirements available to both vendors at the outset. The reactions of the vendors to those requests can make (or, at least, SHOULD make) a difference in the overall evaluation of the ultimate "winner." I've been involved in a number of transactions where the resistance of the vendor to the bank's customary risk allocation provisions (or other standard terms and conditions) was the deciding factor, even trumping price. In one transaction, the CEO of the bank observed that it appeared to him that at one specific vendor, the "legal tail seems to wag the business dog and they've forgotten who's the customer and who's the service provider. I don't want to deal with an organization like that." Of course, that observation is also a lesson to all bank lawyers as to how savvy clients view the role of lawyers for the bank who unreasonably scrap over every phrase in a contract. They might find their telephone silent when the next deal rolls around.

Again, as Tom says, it's all about "leverage."

Legend has it Archimedes said “Give me a lever and I will move the world.” The business lawyer might well say “Give me more leverage and I’ll get you a better deal.”

A little bit of forethought and preparation in setting up the process to purchase technology services so that contractual terms are thrown into the mix early, not late, can often add more leverage and, in the end, result in a better deal for the bank.

09:42 PM in Outsourcing, Practice of Law, Risk Management, Web/Tech | | TrackBack (0)

January 07, 2009

Mad For Loan Mods

Brilliant Although often berated as a prime example of the "Liberal Main Stream Media" that conservative radio talk show hosts love to loathe, the latest issue of Time magazine sang the praises of a company that's often been labeled as one of the biggest of the bad boys when it comes to loan servicers who live solely to foreclose on widows, orphans, the halt and the lame: Ocwen.

Time's inamorata is praised for its aggressive loan modification program, one, surprisingly, not sprung form the fruitful loins of Mother Bair. In fact, compared to Ocwen's loan modification, the FDIC's so-called "systematic" approach is found distressingly flawed.

The big problem is that no one has figured out a systematic way to stop the rot. Federal agencies and private lenders have rolled out one loan-modification program after another--scattershot and largely timid attempts to make existing mortgages more affordable and keep neighborhoods intact.

Then there is Ocwen, which has already revised 16% of its 340,000 mortgages, in many cases cutting monthly payments 20% to 40%. Based in West Palm Beach, Fla., the company handles some of the worst loans Wall Street kicked up during the housing boom and isn't about to win any popularity contests among consumers--in the past, it's been the target of complaints about unresponsiveness and excessive fees. Nevertheless, good ideas can come from unlikely places, and as more borrowers--including a growing number with prime loans--fall behind on payments, there are lessons to be learned from the firm that has done more than almost anyone else to keep struggling homeowners in their houses.

The secret to Ocwen's success is all in the computer modeling. When home prices began dropping below the amount of the loan balance in some areas of the country, Ocwen called in its programmers.

So the company reprogrammed its computer models, which determine how to extract the most value from each loan, to allow much more substantial changes--lowering a mortgage's interest rate, docking its principal balance, converting an adjustable rate to a fixed one, stretching out the life of a loan. With many mortgages "upside down" (when the loan is larger than the home's current value) and the economy sagging, changes often have to be drastic to make the math work, but Ocwen has largely found a way, devising an affordable payment plan 90% of the time.

More importantly,however, Ocwen apparently doses itself with loan servicer Viagra.

What really sets Ocwen apart, though, is its vigor. From doing just a couple of hundred modifications a month in the first half of 2007, Ocwen was up to 4,000 a month by the beginning of 2008, with 77% involving a reduction of the interest rate and 20% including a permanent write-down of the principal balance. Is it working? Six months after receiving an Ocwen modification, 21% of homeowners have again fallen behind on their payments by 60 days or more. That compares with a 37% redefault rate nationally, according to data from federal regulators--a figure that also includes much more stable prime loans.

How is Ocwen avoiding the dreaded "loan investor lawsuit" risk? Because, unlike the Blair plan, which involves a simplified "one-size-fits-all" modification scheme, Ocwen actually has the sophistication to prove, by virtue of its computer modeling, that the loan modification (or no foreclosure) option selected for the particular borrower is likely to yield the most financial return to the investor, given the specific set of facts applicable to the specific borrower and the specific collateral.

Ocwen has also answered a key question for other would-be modifiers: whether it's possible to pass major losses to investors without getting sued. Paul Koches, Ocwen's general counsel, holds that the company is not only permitted to take such steps but obligated to--if that's what it takes to squeeze the most money out of a loan for the long term. That's the case executives make when angry investors call--and they do call, especially when a principal reduction chokes off cash flow in a particular month.

Make no mistake: Ocwen has a nearly messianic focus on the goal of maximizing returns for investors. "In most cases, that means keeping people in their homes and getting them to pay their mortgages," says Ocwen CEO Bill Erbey. In foreclosure, investors typically recoup only 60¢ on the dollar.

In a way, Ocwen was uniquely situated to jump ahead on modifications. Erbey, who used to run General Electric's mortgage-insurance operation, started buying nonperforming loans with his partners in the early 1990s. Ever since, Ocwen has been refining its computer models--we're talking sophisticated stuff, like vectors and artificial intelligence--to better whip delinquent loans into shape. When the housing slump hit and defaults started to rise, Ocwen wasn't some afterthought unit of a mortgage originator caught with its pants down; it was in its element, in a position to immediately scale up.

That's why, unlike a lot of loan-modification programs, such as those rolled out by Citigroup and IndyMac Bank, Ocwen's doesn't use broad guidelines--for instance, assuming that homeowners should be able to contribute 38% of their income to paying their mortgage. When Ocwen rewrites a loan, it starts from scratch, with an agent at one of its four call centers--two in Florida, two in India--following an adaptive script to reconstruct a borrower's financial data. (The script changes, based on not only what a borrower says but also how he says it; since hiring a director of consumer psychology last summer, Ocwen has been handling embarrassed callers differently than, say, angry ones.)

Ocwen also doesn't disrespect speculators. If it will yield more to the loan investor to modify a loan made to a home investor, then Ocwen will modify the loan. That may not be in line with the popular cant of the day by the chowder heads in Washington, but, then, Ocwen's all about dollars and cents, not hot air.

In bucking the general disdain for bailing out investment properties, Ocwen realizes that cash is cash, whether it comes from an owner-occupied mortgage payment or one fed by rent, and that a foreclosure displaces a family and blights a neighborhood whether the occupants are owners or tenants.

Which just goes to show that moneymaking and good economic policy aren't necessarily incongruous. As much as capitalism--especially in the mortgage industry--has gotten a bad rap of late, it might just prove useful yet.

Praise for capitalism? Break out my skates: Hell just froze over.

If, in fact, the loan-by-loan computer-driven analysis approach taken by Ocwen can provide evidence that it works better than the broad "systematic" approach championed by the FDIC's Sheila Bair and those who follow her lead, then will loan investors have an argument that taking the Bair approach is, in and of itself, a breach of the servicer's obligations under the relevant serving agreements? One article in a popular weekly news magazine isn't going to settle that question, but it's food for thought, especially if you're a class action litigator fishing for claims.

09:00 PM in Federal Legislation, Lending, Litigation, Outsourcing, Politics, Risk Management, The Economy, Web/Tech | | Comments (0) | TrackBack (0)

November 05, 2008

This Is The Change We Have Been Waiting For

Runaway train Everyone: can we all chant in unison, "Yes, We Can!"?

We can? Cool!

I'm not talking about Barack Obama, I'm talking about a federally-mandated 90-day foreclosure moratorium. The kind being pushed by Chris Dodd. The kind being pushed by "The Governator" in California and already enacted in other states. The kind that scares the pajamas off of mortgage loan servicers (free registration required). With Obama in the White House, the prospects for all of the pet projects of the Democratic powers-that-be in the Senate and the House look so much brighter.

With pressure mounting for Congress to enact a 90-day moratorium on home foreclosures, mortgage servicers are warning that the move could have the perverse effect of prolonging the housing downturn.

"A foreclosure moratorium would make a correction take much longer and have unintended consequences on servicers who already have liquidity constraints," said Dennis Stowe, the president of Residential Credit Solutions, a buyer and servicer of distressed mortgages.

Here's the problem for loan servicers: mortgage servicers advance delinquent loan payments, costs of collection, and foreclosure costs. They recoup those costs when the loan goes into foreclosure, and by delaying foreclosures, you increase the amounts of advances that servicers must make. To fund those advances, servicers are borrowing on their own lines of credit, and paying interest on those advances. That's good for the lenders who fund those advances, but not good for the servicers.

Critics like Senator Dodd, and his bitty buddy Barney Frank in the House, argue that servicers are deliberately forcing loans into foreclosure to limit the time during which they must make advances and to more quickly recoup the advances made (limiting their own financing costs) and, it is alleged, to pile on fees for additional foreclosure-related services. Rep. Frank has been especially critical of the fact that servicers aren't responsive to loan modification requests made by delinquent borrowers and, when they have them, the borrowers' representatives. That criticism appears to have a basis, but it seems due more to lack of staffing than it does to malice.

[Matt Stadler, the CFO of a servicer of distressed loans,] likened the state of the servicing industry to the "I Love Lucy" episode in which Lucy is furiously grabbing chocolates off a fast-moving conveyor belt.

"The borrowers are just piling up, and servicers are inundated and overwhelmed with calls they can't answer, short sales they can't complete, and not enough staff," he said. "They need more manpower."

If Matt had only had more time to parse the nuances of his last statement, I'm certain that he would have opted for a more politically correct contention, that what is needed is "more person power." You need to jump on board with the new world order, Matt, or the folks who will control two of the three branches of the federal government come next January will be screaming at folks like you: "No, You Can't!" And since you're fond of references to the old "I Love Lucy" show, hear me now and believe me later when I say to you that "you'll have some 'splainin' to do."

It's not likely that a moratorium will suddenly free up gazillions of servicing personnel who handle foreclosures and who will then miraculously be transformed into skilled loan modifiers.

When delinquency rates were below 2%, servicers mainly acted as collection agents, making automated phone calls to defaulted borrowers. As delinquencies rise, many loss-mitigation specialists lack the skills to handle the complexities of offering options to borrowers, Mr. Stadler said.

Demand outstrips supply. We've previously suggested that since bureaucrats and politicians have all this figured out, they should simply volunteer their staffs to make up the loan workout personnel shortages. Obviously, the government workers haven't got enough to keep themselves busy, inasmuch as they've plenty of time to meddle in matters that are well above their pay grade. Like running the residential mortgage loan industry.

As we and others have repeatedly pointed out, delaying foreclosures simply delays the inevitable, while compounding the ultimate losses. There's a certain element of "magical thinking" that goes into assuming that a 90-day foreclosure moratorium will somehow resolve a foreclosure crisis; that all those foreclosures-in-process will be transformed into loan modifications or refinancings because...well...just because! Let's face it, if a borrower's broke today, he or she is likely to be just as broke 90 days hence. Also, as Mr. Stadler observes, "[a] moratorium doesn't fundamentally change anything since many of these borrowers in the late stages of default have already abandoned the property."

More often, servicers put borrowers on repayment plans, which let borrowers catch up on arrears over six to 18 months. Unlike modifications, these plans are not restricted by investor requirements.

A crucial problem is that many loan modification agreements ultimately fail. "It's well known within the industry that modified loans have a recidivism rate of 50%," said [Keefe, Bruyette and Woods chief equity strategist Fred] Cannon.

Then there are the long term effects of a foreclosure moratorium to consider. An analysis recently released by David Wheelock of the Federal Reserve Bank of St. Louis alleges that those effects upon borrowers are not good.

During the Great Depression, state and local governments responded to the rise in mortgage foreclosures primarily by changing their laws. Several states enacted temporary moratoria on foreclosure, while others made permanent changes that limited the rights or incentives of lenders to foreclose on mortgaged property.

Wheelock's report shows that 27 states adopted foreclosure moratoria during the Great Depression, particularly in the Midwest.

[...]

“Although the economic and societal benefits of lower foreclosure rates are difficult to measure, research shows that the foreclosure moratoria of the Great Depression imposed costs on future borrowers.”

He cited several studies that suggest foreclosure moratoria tend to encourage lenders to reduce the supply of loans and may lead to higher average interest rates for subsequent borrowers.

"The evidence from the use of foreclosure moratoria during the Great Depression demonstrates how legislative actions to reduce foreclosures can impose costs that should be weighed against potential benefits," Wheelock said.

Evidence? Congress don't need no stinkin' evidence! This freight train's barreling down the tracks and facts and statistics will end up blown aside like a station wagon load of nuns stuck on the tracks and praying for mercy. The Dodd-Frank express stops for no obstacles and refuses to be derailed. Obey the signals at all road crossings!

A national foreclosure moratorium: Yes We Can!

10:13 PM in Banking Law-General, Consumer Law-General, Federal Legislation, Lending, Litigation, Outsourcing, Politics, State Law | | TrackBack (0)

September 14, 2008

Bank's Confidential Info "eBayed"

Ebay It's one thing for Gov. Palin to try to sell the Alaskan state government's jet on E-Bay. It's quite another thing for your run-of-the-mill bank vendor to sell your personal information (including your banking information) through the same service.

An investigation is under way into how a computer containing bank customers' personal data was sold on eBay.

The computer, bought by IT manager Andrew Chapman for £77, had the sensitive details on its hard drive.

Mr Chapman, from Oxford, said the machine contained information on several million bank customers.

Details of customers of three companies, including the Royal Bank of Scotland (RBS) and its subsidiary, Natwest, were involved.

RBS said an archiving firm told it the computer had been "inappropriately sold on via a third party".

It said historical information relating to credit card applications for its bank and others had been on the machine.

The information is said to include account details and in some cases customers' signatures, mobile phone numbers and mothers' maiden names.

[...]

Mr Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply.

"The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find if you know something about computers," he said.

Why a "backup" business allowed sensitive information of one of the bank's that it services to exist on a laptop, encrypted or unencrypted, is a question I'm certain that RBS and Natwest have been asking the vendor.

I hope for the sake of RBS and Natwest (and American Express, the third company involved) that their agreements with the archiving firm contained strong contractual obligations to protect such confidential information, and provided adequate remedies to those firms in the event those obligations were breached. Knowing Amex's standard practices, I assume that they do. Of course, they won't save the banks and Amex from the public relations hit to their reputation caused by articles such as the one linked above. However, they should give them financial recourse against the vendor.

The vendor should be sweating bullets.

A spokeswoman for data processing company Mail Source, which is part of the archiving firm Graphic Data, said it was investigating how the computer equipment had been removed from a secure location.

"The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed," she said.

The incident was "extremely regrettable" and the firm was "taking every possible step" to retrieve the data and ensure it was an isolated incident, she added.

"Extremely regrettable." That was said with typical British understatement. I think that Graphic Data will, indeed, "extremely regret" this information security breach. Even more than Americans, Europeans take their privacy seriously. At least, they seem to where private businesses are concerned. On the other hand, they appear to love Big Brother a lot more than the libertarians who populate the U.S.A.

Luckily for the banks and Amex, the purchaser of the laptop turned out to be not only a knowledgeable IT professional, but also an honest man. While legal fines may be imposed by the appropriate government authority, at this point it appears that any such fines would be imposed on the vendor, not on the banks and Amex. Also, it does not appear that there has been any wrongful use of the personal information.

Once again, the lesson is hammered home: Don't allow sensitive data to be downloaded to a laptop unless it's encrypted. Yes, I know, encryption can make the performance of the laptop less speedy and the employees will bitch and moan. Believe me, they'll get over it.

09:58 PM in Banking Law-General, Compliance, Crime, Litigation, Outsourcing, Risk Management, Web/Tech | | TrackBack (0)

Next »

Recent Posts

Archives

More...

Categories