PERSON OF THE WEEK: Sharon Matthews is president and CEO of mortgage compliance technology provider eLynx. MortgageOrb recently caught up with Matthews to find out what compliance initiatives mortgage lenders will be focusing on in 2016 and beyond.
Q: Despite a grace period for the Consumer Financial Protection Bureau’s (CFPB) TILA-RESPA Integrated Disclosure (TRID) rules, what are the biggest obstacles that mortgage lenders making a “good faith effort” to comply will need to overcome, and how can they get up to speed by this spring?
Matthews: Though there are many critical flashpoints related to TRID, the greatest obstacles lenders currently face are involved in the collaboration with settlement agents on the closing disclosure (CD) and the obtaining of accurate fees for the loan estimate. TRID is a complex rule to operationalize because it requires a greater degree of coordination between lenders, settlement agents and other supporting players. It significantly changes the process flow that lenders have typically used for so long by making the lender responsible for the creation of the CD.
In addition, because of higher expectations around vendor management, lenders need ways to obtain accurate fees from the settlement agents they rely on for closing. They must obtain these fees much earlier and ensure they understand when and why those fees may have changed during the loan origination process.
Many lenders, knowing that the challenges would be significant, opted to start out using manual processes to tide them over until new systems and solutions could be put in place. Others have sought to deploy systems but face challenges in adjusting processes and system configurations to accommodate all of the real-world scenarios that arise.
Q: How can technology help mortgage lenders expedite their processes to close loans on time despite the current challenges from TRID?
Matthews: One pain point often cited as the cause of delayed closings is the requirement for lenders and settlement agents to sync up the data for the CD. Lenders that are using brute manual force to manage this collaboration are particularly at risk of closing delays. Fortunately for these lenders, there is a range of technology options available that can help.
The most efficient option for settlement agent collaboration is a direct integration between the lender and the settlement agent’s title software system. This allows data to flow bi-directionally between the lender and settlement agent in near-real time, which can greatly reduce delays and increase accuracy. An alternative is data extraction technology that converts the unstructured data in a print-formatted document into structured data that can be used to prepare the CD.
Importantly for lenders, what works and what doesn’t has become clear over the months since the TRID deadline. This lessens the risk of choosing the wrong vendor or technology. As a result, lenders that deferred making the upfront investment in technology will find more options and should be able to tailor a proven solution to meet their specific requirements.
Q: After lenders become more comfortable with TRID, what do you think will be the next major challenge for the mortgage industry in terms of compliance, and how much of a challenge will it be compared with TRID?
Matthews: Most of the challenges facing the mortgage industry are data-related. The government-sponsored enterprises (GSEs) have set rigid data requirements for loans they will accept starting next year. Loan data in the Uniform Closing Dataset (UCD) will have to adhere to MISMO 3.3 reference model standards. Close on the heels of that is the CFPB’s new Home Mortgage Disclosure Act (HMDA) reporting requirements, which take effect in 2018. MISMO has just announced the release of version 3.4 of its reference model that will support the new HMDA reporting requirements.
Lenders and vendors that have adopted the MISMO industry data standard as part of their TRID implementation will be well on their way to complying with the new GSE and HMDA requirements. Those that have deferred adoption or that use proprietary or non-standard data models will find the effort to implement the forthcoming data requirements to be a significant undertaking. It is important that they take steps now to ensure they can deliver loans to the GSEs in 2017 and not risk being out of compliance with HMDA in 2018. As the industry learned with TRID, these deadlines have a way of coming up very quickly – and there is no guarantee that there will be a grace period on enforcement.
Q: You’ve coined the phrase “data-validated mortgage.” What is the definition, and why will it help the mortgage industry?
Matthews: The data-validated mortgage represents a new approach to accessing the specific data that supports each mortgage loan. A mortgage can be described as “data-validated” when information within the loan documents and from the mortgage process flow is utilized to do the following four things:
- Substantiate that an approved loan is consistent with the loan sent by the lender to the closing table, signed by the borrower and sold to investors;
- Demonstrate loan quality to investors by providing greater transparency;
- Monitor regulatory requirements throughout the mortgage workflow, from pre-close to post-close, and highlight potential investor or regulatory errors; and
- Document evidence of compliance throughout each phase of the loan lifecycle.
There are many implications to this simple description, and a number of things have to happen before the data-validated mortgage becomes possible. First, there is the matter of the information being locked in the paper documents used by the industry. Despite the technological evolution over the past 15 years, the mortgage business remains largely a document-centric industry, with loan data either locked in print-formatted documents or siloed in proprietary systems. To use data to validate a mortgage, the data must not only be accessible, but also portable so that it can be exchanged between systems and entities involved in the loan process. This requires that the data be structured so that it is presented in a particular context. As importantly, the data structure must be standardized so that the systems and entities in the loan process understand the context of the data with unerring precision.
Currently, there are numerous patches and work-arounds being used that expose data to error-prone steps, such as manual data re-entry and imperfect integrations, making precision very difficult to achieve. The data-validated mortgage replaces the old approach with accessible, portable and reliable standardization that puts lenders, investors and regulators on exactly the same page. The de facto standard in the mortgage industry is the MISMO data reference model. The adoption of MISMO as the data standard in the mortgage industry is a huge, and necessary, step toward the data-validated mortgage and its great benefits to the industry as a whole.
Q: The GSEs have mandated adoption of the UCD by the second quarter of 2017. How difficult will this be to achieve, and what can ease lenders’ challenges in meeting the mandate? Do you believe the mortgage industry will adopt MISMO version 3.3 data standards on a greater scale and at a faster pace than it has in the past?
Matthews: The difficulty lenders will have conforming to the UCD requirement depends on how they addressed TRID. Customers that adopted a MISMO-compliant TRID solution will have a head start in conforming with the UCD requirements. Their data is essentially UCD-ready. Customers that didn’t will have to transform their data so that it is MISMO-compliant.
I think the GSE requirement is a tipping point for MISMO adoption and will make MISMO 3.3 the clear standard for the mortgage industry. Any lender wanting to sell loans to the GSEs will need to conform to the standard, and in all likelihood, it will become a requirement for all other mortgage investors going forward. I believe the logic among lenders and mortgage technology vendors will be to adopt the MISMO standard throughout the loan workflow.
Q: Is cybersecurity the single most important issue that the mortgage industry faces today, and how can home buyers/borrowers feel secure that their financial information is safe from hackers?
Matthews: Unfortunately, this issue isn’t one faced only by the mortgage industry. Any transaction involving personally identifiable information is subject to exposure by hacking. However, because of the nature and volume of private information associated with home loans, the mortgage industry has to be especially diligent to protect itself and its borrowers from cybersecurity attacks.
There are a number of measures that lenders and the mortgage technology industry can use to evaluate the effectiveness of their defenses against cyber threats. Among them are formal audits by the Federal Financial Institutions Examination Council (FFIEC) and the American Institute of Certified Public Accountants (AICPA). These audits evaluate compliance with “state-of-the-industry” cybersecurity practices and should help consumers feel more secure about their financial information.
As a software-as-a-service vendor, eLynx is under the supervision of the Office of the Comptroller of the Currency and is a participant in the FFIEC Examination Program. As such, the company is regularly audited by the FFIEC and AICPA, but it also employs cybersecurity measures beyond those required by the FFIEC and AICPA. eLynx is certified as compliant with the Payment Card Industry Data Security Standard, which has to be renewed annually.
eLynx also submits to regular application code reviews by an independent third party to ensure software used in eLynx services does not contain potential security vulnerabilities. In addition, the company conducts regular penetration tests of both its networks and infrastructure to verify the effectiveness of its cyber defenses against external attacks. It is a different and more dangerous world now that cyber threats have become a stark reality, and we take this aspect of our business very seriously.