DSNews delivers stories, ideas, links, companies, people, events, and videos impacting the mortgage default servicing industry.
Issue link: http://digital.dsnews.com/i/792858
ยป VISIT US ONLINE @ DSNEWS.COM 27 regulatory and litigation liability. For example, you could have a borrower that was affected by a breach attempt to prove that your institution was negligent and your controls governing data privacy weren't up to the industry standard. It's going to be a lot easier for that borrower to bring a successful claim for damages if you were behind the industry standard. Also, your regulators are taking notice of breaches as well and will take a close look at your controls during your next exam. Your reputational liability is tremendous as well. If a servicer seems cavalier in their approach to their cybersecurity and their data protection controls, it can have a devastat- ing effect on their reputation. It can be more difficult to obtain new servicing rights or even keep certain servicing portfolios. For a lender it could be hard to get new borrowers to trust you again,especially if the data breach is on a national scale. ere is also a lot of liability with vendors when it comes to data privacy and cybersecurity. You should be on the same standards and have the same controls you have around data security. You should be documenting your due diligence prior to onboarding a vendor and showing that it included a review of the proposed vendor's cybersecurity and data protection standards. All lenders and servicers should also review the FFIEC's recently revised IT Handbooks. ese handbooks are used by bank examiners as a guide when performing exams relating to data protection and cyber security and as such, are a great tool to assist in creating best practices and standards in order to limit your liability. From a legal perspective, are there any precautions that nonbank servicers should take when dealing with regulatory compliance? Both regulators and legislators are very aware of the dramatic rise in the market share that non-bank servicers are currently enjoying. e GAO released a study in March of last year that highlighted the growth of non-bank servicers and called for an increase of the existing regulatory oversight over them. Since that report, the market share of non-bank servicers has only gotten bigger. Recently we saw Citi announce they were shedding all their MSRs and exiting the servicing industry, and I believe all their MSRs are being sold to nonbank servicers. It's important to note that the CFPB manages their supervision and enforcement functions using a risk-based approach. So given this increase in market share servicers, we are seeing with non- bank servicers, you can expect more regulatory focus from the CFPB. I always advise that just because your organization may not be the largest servicer, don't assume that you're flying below the CFPB's radar. A good first step in avoiding the CFPB's focus is to monitor any complaints you are receiving through the CFPB portal and have these complaints reviewed for root cause and any trending. is is one of the CFPB's primary tools to identify consumer risk, so it's a great precaution non-bank servicers can take. If you do get identified for an exam or an investigation this type of control is also viewed as a positive by the CFPB. I would also advise to stay focused on pend- ing regulatory changes such as the FDCPA and TCPA issues we have talked about, as well as the amendments to the 2013 servicing rules and guidance that comes out on a regular basis. No matter your size you shouldn't wait for larger entities to implement and then follow suit. When it comes to regulatory and compliance is- sues, you want to be an industry leader and not a follower. It's just a better approach. Being ahead of the curve comes with a lot of costs, but these costs are always less than the liability that comes with noncompliant practices. In the ongoing PHH v. CFPB case, where does the future of the Dodd Frank Act and consumer protection stand? I view the regulation of the financial services industry as a pendulum. After the financial crisis subsided, the pendulum swung way too far to one side and we wound up with the over regulation and aggressive approach utilized by the CFPB that we deal with today. at said, I think it's important to temper the down swing of the pendulum as the new administration attempts to deregulate. I do believe there are a lot of good aspects to Dodd Frank. For example, I think that the CFPB in theory is a great agency to have. ey just need to be somewhat toned-down. I would like to see some of their edges softened. For example, their practice of regulation through enforcement, or the aggressive approach they have taken towards rule promulgation both need to be readjusted. I think the best way to achieve these changes is not through the PHH decision, but to capitalize off the momentum of the PHH matter by changing the CFPB organizational structure to a commission while bringing some oversight to their funding through new legislation. e PHH matter is still pending a petition for hearing en banc and if the panel accepts and PHH loses they will most likely petition for cert from the Supreme Court; within that time frame, Congress has the opportunity to push legislation through that can restructure the CFPB in a more meaningful and stable way, than what would occur if the PHH decision is confirmed. "There is a lot of liability with vendors when it comes to data privacy and cyber security. All your vendors should be up to the same standards and have the same controls you have around data security . . ."