Loan Origination Governance & Controls:

Loan Origination Governance & Controls: Fannie Mae s Expectations of Lender Management Looking at Loan Quality as an Example 2011 Fannie Mae. Trademarks of Fannie Mae. 2013 Fannie Mae Trademarks of Fannie Mae 1

Seminar Guidelines Phones Survey Saving and Printing Documents Time of Class Session Documents WebEx Layout and Features Participant Panel: Q&A Panel: Polling Panel: Your name will be here Please direct questions to All Panelists The Polling Panel only appears when a poll Is activated Document Views (lower left hand corner): Use this feature to adjust the size of the presentation 2

An important note about the seminar content While every effort has been made to ensure the reliability of the session content, Fannie Mae s Selling and Servicing Guides and their updates, including Guide Announcements and Release Notes, are the official statements of Fannie Mae s policies and procedures, and should be adhered to in the event of discrepancies between the information in this seminar and the Guides. 3

(Unfortunate) t True-Life Tales Senior management was unaware that its QC vendor was not fulfilling its contractual obligations until Fannie Mae informed them. The lender did not conduct any type of assessment or audit of its internal operations. The QC staff was significantly behind on the loan selection and review timeline requirements. The management team, although informed, took no action, nor did it notify Fannie Mae per our requirements. Management had not established tolerances for what was acceptable or not acceptable within its risk standards. For example, the allowable defect rate for each staff member and the consequences if the rate was exceeded. 4

Can you complete these statements? is the person responsible for area/function. The controls applicable for this area/function include the following:. These controls were last internally tested on and will be re-tested on. These controls were last audited by on and will be audited again by on. We took the following actions based on our last internal test or last audit:. 5

Course Objectives Discuss governance and controls Identify management responsibilities associated with governance and controls Utilize Loan Quality and Quality Control (QC) as examples Assist you in facilitating effective governance, controls, and loan quality 6

Loan Quality: A Risk Control Framework 7

If management is about running the business, governance is about seeing that it is run properly. - R. Tricker 8

Corporate Governance Corporate governance is the accumulated framework of laws, rules, and controls designed to affect the way a company will operate. A strong corporate governance structure will result in: Effective risk management Clear definition of responsibilities Accountability Efficient operational processes Continuity of relationships between the company and it stakeholders (investors, employees, customers, regulators, etc.) What is your firm s governance process? 9

Controls Why Controls? To Manage Risk Process of Developing Controls: Identify risks Assess and prioritize risks e.g., high, moderate, low Implement operating protocols for mitigating the identified risks Monitor controls to ensure they are working as designed and are effective 10

More on Controls Examples of Control Activities Segregation of Duties Mandatory Management Reviews Delegation of Authority Record Retention Supervision of Operations Physical/Intellectual Safeguards Transactional Procedures Controls Exist on Many Levels Organization Level Transaction Level Control Types Detective Corrective Preventative 11

Examples of Controls Financial Example: 2 nd sign-off prior to issuing checks over a designated amount Operational Example: Continuous automatic back-up of on-line mortgage application data Loan Quality Example: All application data is run though a tool early in the origination i process to identify errors, omissions, conflicts, and potential misrepresentation 12

Risks, Controls, and the Loan Origination Process Functions Application Processing Underwriting Closing Funding Delivery Potential Risks Personnel Fraud Reputation Counterparty Poor Loan Quality Operational 13

Using Poor Loan Quality as an Example Risks of Poor Loan Quality Loss of customers and/or investors Reputation Lengthy remediation timeframes disrupting business Increased costs, e.g. repurchases Regulatory actions Objective Create a Culture of High Loan Quality Establish a Quality Control Program Communicate needs and expectations to staff Establish standards and responsibilities Fund and employ qualified, competent personnel Develop goals and metrics And so on 14

Reliance on a poor control is often worse than having no control at all. - T. Rawlins 15

Let s address any questions 16

Management Responsibilities: Our Expectations Management establishes the control environment; effective controls set the tone for organizational behavior Consider also that controls can serve as the consciousness and ethical backbone of a firm Management s Specific Responsibilities: Claim Ownership Define Accountability Set Standards Establish Goals and Metrics Inform and Educate Monitor and Act Let s now explore the points further, relating them to Loan Quality 17

Claim Ownership Controls will only be as important as Management says they are. Accordingly, Management must: Define the standards Establish s the environment e and tone Lead through example Management Compensation is tied to Loan Quality The firm provides adequate funding and resources for QC Leadership is fully aware of the current loan quality performance, actively addressing gaps and weaknesses Loan Quality is a permanent Board agenda item 18

Define Accountability You Your staff Your third-party originators and service providers Responsibilities are clearly defined in writing Loan Quality is made part of everyone s job All loan origination staff, TPOs, and relevant thirdparty service providers performance scorecards include loan quality components and metrics 19

Set Standards Define the baselines: minimums, maximums, tolerances. What do you want to produce? Standards must be in writing and structured so they can be tested and validated (e.g., via an audit) Standards apply internally and externally For my firm, a Quality Loan is defined as:. A comprehensive written QC program, vetted and approved by the Board and Management, details all aspects of the firm s QC efforts: staffing, systems, prefunding QC, post-closing QC, reporting, the action planning process, etc. Before an Underwriter calls an Investor to see if a loan meets the Investor s guidelines, the Underwriter assesses the loan against internal standards, asking Does this meet our credit culture and risk appetite? 20

Establish Goals How will you meet and exceed your standards? Have goals been extended to third-party service providers? How do your controls and control goals align with your business objectives and incentives are there any conflicts of interest? Quality components of Loan Origination staff scorecards are specific to the individual, role, and team Lender establishes specific performance goals for its QC Vendor Management reviews loan quality standards and goals against production goals to ensure proper alignment 21

Develop Metrics Key Performance Indicators (KPIs) SMART Reporting, monitoring. and analysis (specific, measureable, attainable, relevant, time-specific) KPI: Loan Quality Defect Rate Cycle Time: Loan Selection to Completed Review Number of Outstanding Action Items Monthly Management reports and quarterly Board updates with key metrics including trending 22

Inform and Educate Effective communication lines Training i to ensure the requisite it skill set and knowledge of the processes and procedures Processes for updates and changes All QC Processes and Procedures are in writing Training for Production Team on what, when, and how to ask certain questions that will help ensure applicants disclose all existing and pending liabilities Origination staff is periodically tested to assess understanding of their Control Point responsibilities 23

Monitor Evaluating Controls: Self-Assessments Internal and External Audits Internal and External Feedback Frequency and Coordination Monitoring the Control Environment (the big picture ) Discretionary mortgage selection criteria evaluated quarterly Annual external audit of the QC Program Investor loan reviews aggregated quarterly to examine trending, themes, and what can be improved Management conducts a monthly Town Hall with QC staff 24

Act Responding to Findings and Feedback: Identify and address root cause of control breakdown Determine remedies Assign the who and when of the remedy implementation Follow through Internal review revealed certain closing procedures bypassed under deadline pressures; sign-off raised to higher level Internal audit indicated QC vendor not meeting required timelines; new vendor selected External audit of QC program revealed weak reporting practices; Management overhauling process 25

Management and Controls Today What was perhaps p tolerated in the past is no longer acceptable in today s environment Out Adequate Track Record but Little or No Formal Evidence of Controls In Good Track Record and Effective, Documented Controls 26

What corporate governance means is that people outside looking into the company will see that the people inside who are practicing qualitative governance are making decisions on an intellectually honest basis and are applying care and skill in making business judgments. - M. King 27

Observed Not So Best Practices Production focused; minimal or no knowledge of operational risks Only financial audit of the organization; no other control assessments No internal or external audit program No oversight or monitoring of third party originators, service providers, or vendors Standards were left to the various departments to define with no management follow-up Poor or no management reporting 28

Observed Best Practices Senior management conducts monthly risk committee meetings, which include mid-level management, to discuss control issues requiring a management focus Management promotes a risk culture rather than solely a production culture via tone, standards, compensation structure, etc. Tolerances specifically established for what will and will not be accepted for [insert the Standard here, e.g., Quality, Financial Reporting, Business Continuity] 29

Observed Best Practices (cont.) Regular and consistent monitoring of operational areas; action plans and remediation efforts are documented and reported monthly to ensure progress Mid-level management regularly reviews its processes and procedures to ensure they are adequately met by their assigned staff Management is aware, via effective reporting and escalation processes, on the performance of all controls, staff, and entities (e.g., vendors) 30

When Outsourcing QC The Quality Control Cycle Monitor and Document Eliminate Defects Observe and Record Identify and Act Measure and Report Continuous Improvement Remember, it s your plan and process You own it whether the vendor performs or not Establish a periodic plan to evaluate the work of the vendor- Are they actually performing the tasks? Is it evidenced? Analysis, action planning, and remedy implementation belongs to you 31

The problems we have today cannot be solved by thinking the way we thought when we created them. - A. Einstein 32

Let s address any questions 33

Thank you for your attendance Refer to the Appendix for additional resources and Fannie Mae Business Portal information Please respond to the survey 34

Appendix 35

Beyond the Guide Publication https://www.fanniemae.com/content/tool/beyond-qc-guide.pdf 36

Other Resources Fannie Mae Selling Guide Business Portal Loan Quality Page (see next slide) Mortgage Fraud Resources And much more Fannie Mae Tools, such as EarlyCheck Appraisal Messaging Services QC Self-assessment (see screen shot) Other HFI Spotlight Live Web Seminars, including: QC Reporting Discretionary Mortgage Selections and Reviews Prefunding QC Beyond the Guide (companion to the booklet) Action Planning 37

Loan Quality Webpage https://www.fanniemae.com/singlefamily/loan-quality 38

The QC Self- Assessments can be accessed via the Loan Quality Webpage Worksheet: https://www.fanniemae.com/content/tool/qc-self-assessment-worksheet.pdf Summary: https://www.fanniemae.com/content/fact_sheet/qc-self-assessment-summary.pdf 39

Web Seminar Information https://www.fanniemae.com/singlefamily/hfi-spotlight 40