If you’re a regular reader of this blog, you know that customer complaints shouldn’t be ignored and vendor oversight is a must.
It’s too bad Nationstar Mortgage, one of the largest mortgage servicers in the country, can’t go back in time and learn this lesson. Instead, it learned it the hard way—resulting in a $110 million settlement with the Consumer Financial Protection Bureau (CFPB), the Justice Department, attorneys general from all 50 states, and bank regulators from 53 jurisdictions.
The CFPB says the problems stem from the flood of foreclosures following the subprime crisis. Between 2012 and 2015, Nationstar violated the Consumer Financial Protection Act of 2010 (CFPA), the Real Estate Settlement Procedures Act (RESPA), and the Homeowner’s Protection Act, causing substantial harm to mortgage borrowers it serviced.
More specifically, the CFPB alleges the company:
A problem of this scope doesn’t have one single cause—a lot of things have to go wrong from a compliance, risk management, and audit perspective—but there are two areas that seem to be getting top billing: vendor management and complaints.
According to the Justice Department, Nationstar (now doing business as Mr. Cooper) used a vendor to “effectuate the filing of its PCNs [payment change notice] and PPFNs [post-petition fee notice]” between May 2013 and May 2016.
While a Nationstar employee reviewed the notices for accuracy before they were filed, the signatories may not have reviewed or known what was inside the documents before they were filed under their credentials resulting in over 13,700 late or inaccurate PCNs and PPFNs that cost consumers around $17 million.
This was a clear vendor management fail. Looking past the alleged failure of the company to follow its own policies and procedures to properly review and file the documents, there was a serious underlying problem with the vendor providing the notices. Mortgage servicing and foreclosures come with a high risk of consumer harm, making it extremely important that any vendor tasked with highly regulated activities, such as PCNs and PPFNs, have strong compliance controls in place. This should have been part of Nationstar’s vendor due diligence and ongoing monitoring and addressed in the vendor agreement.
Further, Nationstar should have been documenting any errors in the notices and bringing them to the attention of the vendor. Gathering data on vendor incidents (like data errors) and reporting them to the vendor is essential to demonstrating deficiencies so that they can be corrected.
It appears that wasn’t happening.
The company has since stopped using the vendor and “enhanced procedures by retaining counsel to review and file documents only upon approval from Nationstar.”
Another key area to consider is complaint management, which should be a feature of every compliance management system. How did the problems at Nationstar first come to the attention of the CFPB? Consumer complaints.
To give you an idea of the number of complaints, an American Banker report found that consumers made 3,711 complaints about the company between January 2015 and November 2015, just slightly less than the year before. Common complaints include being “too quick to deny requests for loan modifications” and failing to uphold loan modifications when servicing is transferred.
If Nationstar had been systematically identifying, logging, and analyzing consumer complaints from the beginning, it likely would have been made aware of the scope of the problem before its regulator became involved. Then it could have shown that it had self-identified and remediated the problem. Instead, it invited the scrutiny of not just the CFPB but a whole litany of other state and federal agencies and enforcers.
As part of the settlement, the CFPB is requiring the company to “enhance and implement its policies, processes, and controls for handling consumer complaints, disputes, and notices of error.” This includes having an easy-to-find online complaint form, staff for researching complaints, and a way to identify and document all errors in a complaint and conduct a root cause analysis if there is a suspected systemic error.
Another problem Nationstar faced was that during 77 bankruptcies it didn’t send responses to notices of future changes (RNOFCs), causing outstanding loan amounts not to be waived at discharge. The Department of Justice says Nationstar attributes this oversight to:
To correct the problem, Nationstar has since introduced new system controls for monitoring response times, improved quality control and analysis reviews, and added a second level of review and post-audit quality review of the closing process, the Department of Justice says. It’s part of the company’s efforts to create a stronger and more effective internal audit program.
Once again we’re looking at a financial services company that failed at all three lines of defense. Manual processes were failing. Employees weren’t following procedures and reviewing and verifying documents. Risk management didn’t seem to recognize the serious risk of consumer harm. Compliance wasn’t doing enough with complaint management or vendor management. Audit wasn’t doing enough to check everyone else’s work. It’s a recipe for a disaster—or a $110 million fine.
Are all three lines of defense functioning at your institution? Would automating one or more of these areas help protect you from compliance failures and enforcement actions? Now is the time to be asking these questions. It’s something your institution should evaluate—before regulatory intervention is needed.
Thinking about vendor management? Learn more.