Putting Mortgage Servicing Compliance in Focus

Ocwen’s Chief Compliance Officer, Michael Hollerich, sat downexclusively with MReport to discuss compliance trends in the mortgage industry and how the nonbank servicer is creating a revitalized culture of compliance.

 MReport: As Chief Compliance Officer at Ocwen what does your role entail and what is your background?

Hollerich: I joined Ocwen in April 2015 with more than 20 years of experience in mortgage finance and retail banking. I came to Ocwen because of the opportunity this company presents to leverage my experiences in designing and implementing risk and compliance oversight in organizations operating under intense regulatory scrutiny.

Ocwen appealed to me because, despite the challenges the Company was going through in late 2014 and early 2015, it never wavered in its mission to help homeowners stay in their homes.

At Ocwen, my mandate, which comes directly from our Chief Executive Officer Ron Faris and the Board of Directors, is to provide a new level of leadership to Ocwen’s Compliance Department and its enterprise-wide compliance management system. We are 100 percent focused on enhancing Ocwen’s culture of compliance and setting the tone from the top that our management and Board of Directors have no tolerance for regulatory breaches. We have also established compliance as a ‘trusted advisor’ for our business and ‘independent guardian’ of the organization.

MReport:  Can you share what Ocwen has done to create a culture of compliance in the mortgage servicing industry?

Hollerich: During my time at Ocwen I feel we have done a great deal in a very short time and we will continue to do more.

For example, we created the Company's comprehensive Compliance Risk Management Program Manual and delivered this manual to every employee in the Company. The manual is paramount to our culture of compliance as it describes the organization's compliance program and outlines the compliance roles and responsibilities for every employee in the organization from the Board of Directors on down to an entry-level employee.

With the support of the CEO and Board Compliance Committee, we continue to 'look under the hood' at our control infrastructure using a risk-based approach.  We recently launched an initiative using an independent third party to perform targeted mock examinations of certain complex or otherwise highly regulated processes. These targeted exams focus on the areas in the organization where we are most likely to impact the consumer. If we are to become the best company in the industry at responding to tough examinations from our regulatory partners, we must be leaders in identifying and self-reporting compliance issues.

Continuing on the topic of our relationships with regulators, we have committed to making our business unit leaders and subject matter experts available to our regulators both to proactively provide updates about our business strategy, as well as immediately upon request during the course of regulator interactions. This ensures that feedback on potential issues is received first hand by the business leadership who owns the processes and, ultimately, the compliance risk.

We also launched an enhanced compliance training program in 2016 to ensure that employees are receiving customized / targeted compliance training relevant to their specific job function.

Finally, we created a centralized repository for tracking consumer complaints and feedback across our organization.  We are building the infrastructure to quickly and effectively respond to consumer feedback in order to enhance the customer experience.  This is a critical area for our compliance program and we are getting better every day.

MReport:  What are the compelling compliance trends underway now or in the works for 2016?

Hollerich: We are currently watching several major compliance trends in the mortgage industry. 

First are general regulatory developments. Here we can say that, while the Home Mortgage Disclosure Act (HMDA) reporting requirements will increase, there will likely be a slowdown in rule-making in 2016 and, as such, a fairly stable regimen.

Second, violations will play out along certain fault lines.  Last year the Consumer Financial Protection Bureau (CFPB) cited specific areas including: (1) transactions that derived loan originators compensation based on the terms of the transaction, (2) violations related to origination disclosures, (3) deceptive practices driven by overly broad waiver language in home equity loan agreements, (4) violations related to loss mitigation solicitations, (5) violations in the foreclosure process, and (6) deficiencies in compliance management systems.

Third, expect increased scrutiny as it relates to fair lending and discriminatory lender practices. These non-compliant practices are of great concern to the industry and its overseers. We have recently seen an increased number of actions brought against various lenders.

Fourth, third-party vendors represent an area where there will be much attention, especially as they are also responsible to the customer. Because vendors can create reputational risk, they require risk evaluation, risk monitoring, and reporting.

Vendors must comply with consumer protection standards, and their compliance is the responsibility of the lenders and servicers as well. In fact, regulators have made it clear that outsourcing, contracting, and subcontracting does not lessen the accountability of lenders and servicer’s accountability for the work these third parties perform.

Fifth, the whole area of customer service will see significant change in the immediate future. It’s an increasingly competitive environment in which lenders will focus on improved customer experience that can presumably lead to new business opportunities. Customer care matters more than ever - from the timing and clarity of disclosures, to documentation of income and assets, to customer complaint management.

Sixth, expect even greater focus on data security, privacy, and integrity. Multiple layers of security, including insurance to cover any breaches, are required to ensure that all borrower data must remain private and that it is used properly. In response, the successful mortgage businesses will cultivate an even more sophisticated understanding of their own loan manufacturing processes. Importantly, there will be a trend toward a more vigorous and better use of analytics to identify and remedy process/production issues. Successful companies will use “big data” to their advantage through tracking, trending, benchmarking, and action planning.

Finally, expect a broader application of strict debt collection rules under the Fair Debt Collection Practices Act (FDCPA). In light of the other trends we’ve enumerated, this is both a regulatory and bottom-line imperative – all the more so in 2016, as top- and bottom-line pressures increase and regulatory attention intensifies.

MReport:  Given the intensified business pressures you’ve enumerated, how can the mortgage industry ensure compliance in such an environment?

Hollerich: Let me first clarify what has to be done. A Compliance Risk Management Program (CRMP) must demonstrate the organization’s commitment to comply with laws and regulatory requirements. It must have the full support of senior management and the Board, and it must be explicitly regarded as a top priority throughout the company. Ron Faris, Ocwen’s President and CEO, has made this our company’s top priority and we have made significant investments in our people and processes. 

For lenders, a successful compliance program should include policies and procedures to govern the lending process as well as expanded requirements under TILA RESPA Integrated Disclosure (TRID). Our compliance program is very focused on TRID post-implementation testing and we are setting our internal standards very high.

Next, there should be a consumer complaint management program in order to respond to specific matters and identify major issues that may lead to lending and servicing violations.

Finally, there needs to be active management from the executive leadership team, as well as oversight by the Board of Directors, to establish clear lines of accountability.

Implementation is key to compliance and requires thorough document processes, policies, and procedures.

To begin with, documentation is a crucial component of compliance, but it is often the most neglected. If tasked with securing the network and preparing for audits, it is absolutely critical to organize and document policies and procedures.  Furthermore, since compliance is an ongoing process, it is essential to always keep documents and information current by scheduling time to review and revise them throughout the year.

Second, companies must clearly understand compliance requirements for their specific industry. Every regulated industry is different. Regardless of an organizations compliance program, it is imperative to understand exactly what is required. Remember, some compliance requirements are clearly defined while others provide only vague guidelines.  This is where good collaboration between Legal and Compliance is required to interpret the requirements and understand how they may impact the company's processes.

Third, once proper documentation and a clear understanding of industry requirements is achieved, the next step is to identify which network devices, systems, and applications must be monitored for compliance. Meeting compliance regulations can be challenging when it comes to collecting the necessary audit trails and continuous policy reviews will ease that process.

Finally, automate processes wherever possible. Since reviewing audit trails can be a long and challenging task, workloads will be decreased and processes simplified by having the most efficient technology in place

 MReport: What role does technology play in compliance?

Hollerich: A few points, both about compliance and the limits of compliance. First of all, in a world where technology continues to change the way customers interact with the mortgage industry, paperless automation is key to lender compliance with TRID rules. The TRID disclosure requirements present a huge technology systems challenge, and the CFPB is expected to crack down on software vendors that hinder compliance. What the regulators demand is simply good for business. It is no accident that CFPB ramped up its push for an electronic closing process after results from a pilot program showed consumers favored it over in-person mortgage closing.

Then, there is the separate issue of data breaches, which I touched on earlier. It is very important to understand that adhering to compliance requirements does not guarantee security. Indeed, many regulatory bodies are now making a point to educate organizations that the compliance standards they oversee will not always ensure their company data is secure. To help close the gap between compliance and actual security, far-sighted companies are moving toward a continuous compliance model to help reduce and limit exposure.

MReport: What are typically the biggest compliance mistakes and deficiencies in the mortgage industry?

Hollerich: There are four specific areas that can be cited as especially problematic.

First is origination compliance. Companies need to dedicate time and resources to ensure compliance with Do Not Call registry guidelines, Gramm Leach Bliley Act protection of consumer information, and Fair Credit Reporting Act requirements around consumers and credit reports.

Second is advertising and marketing, which relate to both origination and servicing. The CFPB has clearly expressed its views on deceptive advertising in the financial marketplace. Lenders and servicers must have strong compliance oversight practices for all advertising to consumers in order to avoid these kinds of problematic practices.

Third is loss mitigation. Modification and loss mitigation infractions continue to plague servicers, particularly when nonperforming loans are transferred from one servicer to another. Servicers need to research existing payment plans and loss mitigation activities that were agreed on by the previous servicer as well as identify payments that are made during the transfer of servicing.

Fourth is loan originator compensation. Lenders should follow CFPB regulatory requirements for compensation and have all compensation structures approved by their legal and compliance teams in order to avoid unintentional steering practices and the hefty fines that will result.

MReport: Even with the regulatory stability you anticipate for 2016, new regulatory changes affecting compliance are inevitable. What do you see as the most important in the coming months and years?

Hollerich: The following upcoming regulatory initiatives should be top-of-mind:

First, the TRID grace period ends in 2016 and further clarification impacting non-standard and special loans, for example, will be needed.

There will also be increased HMDA reporting requirements in 2018. Twenty-five new data points will be added, along with new reporting requirements for reverse mortgages and HELOCs.

In addition, a new CFPB servicing rule will be issued in mid-2016 that will require system changes and address the servicing of troubled loans, transfer of servicing from banks to non-bank servicers, and loss mitigation.

We will also see new requirements issued by Fannie and Freddie for mortgage sellers to submit closing disclosure data electronically. This requirement will go into effect by Q4 at the latest and may be mandatory by mid-2017.

Finally, the Federal Housing Administration (FHA) will finalize a loan certification rule that will need further clarification as to whether loan defects/errors will result in penalties or, alternatively, indemnification for loan losses.

MReport: What is your outlook for compliance in the mortgage industry for 2016 and beyond?

Hollerich: In addition to the trends we’ve already covered, I would like to recommend we keep a close focus on some other important areas.

First, the new mortgage disclosure requirements will have a sizable impact on lenders’ processes.

Second, the new TRID requirements will themselves be assessed once their effectiveness and practicability are determined based on compliance audits that will be conducted and new data sets that will be collected.

Third, many institutional investors are refusing to purchase mortgages loans until the CFPB assures them that they won’t have to pay for others' mistakes. This pullback is significant as it could further slow the issuance of private-label mortgage bonds in 2016. It’s a huge concern at a time when the majority of home loans are insured by Fannie, Freddie, and the FHA.

In terms of the broader compliance outlook, I would also like to add a few points regarding fair lending and exception management.

Scrutiny of the mortgage industry on fair housing compliance has significantly increased in the past few years as regulatory agencies enforce existing rules and enact new ones. To effectively achieve fair lending compliance and protect against enforcement actions, lenders must have a framework to allow for reasonable exceptions in originations, and they must create a structure so that lending standards are applied consistently.

Finally, the intensity of regulatory scrutiny may be unprecedented, which is all the more reason to chart a credible framework that provides for a compliant approach to exception management.