If you’re a regular reader of this blog, you know that customer complaints shouldn’t be ignored and vendor oversight is a must.
It’s too bad Nationstar Mortgage, one of the largest mortgage servicers in the country, can’t go back in time and learn this lesson. Instead, it learned it the hard way—resulting in a $110 million settlement with the Consumer Financial Protection Bureau (CFPB), the Justice Department, attorneys general from all 50 states, and bank regulators from 53 jurisdictions.
The CFPB says the problems stem from the flood of foreclosures following the subprime crisis. Between 2012 and 2015, Nationstar violated the Consumer Financial Protection Act of 2010 (CFPA), the Real Estate Settlement Procedures Act (RESPA), and the Homeowner’s Protection Act, causing substantial harm to mortgage borrowers it serviced.
More specifically, the CFPB alleges the company:
- Failed to honor borrower’s loan modification agreements because it didn’t identify loans that had pending loss-mitigation applications or trial-modification plans
- Foreclosed on borrowers to whom it had promised it would not foreclose while loss mitigation applications were pending
- Improperly increased borrowers’ permanent, modified monthly loan payments
- Mispresented to borrowers when they would be eligible to have their private mortgage insurance premiums canceled
- Failed to timely remove private mortgage insurance from borrowers’ accounts
- Failed to timely disburse borrowers’ tax payments from their escrow accounts
- Failed to properly conduct escrow analyses for borrowers during their Chapter 13 bankruptcy proceedings
A Vendor Management Fail
A problem of this scope doesn’t have one single cause—a lot of things have to go wrong from a compliance, risk management, and audit perspective—but there are two areas that seem to be getting top billing: vendor management and complaints.
According to the Justice Department, Nationstar (now doing business as Mr. Cooper) used a vendor to “effectuate the filing of its PCNs [payment change notice] and PPFNs [post-petition fee notice]” between May 2013 and May 2016.
While a Nationstar employee reviewed the notices for accuracy before they were filed, the signatories may not have reviewed or known what was inside the documents before they were filed under their credentials resulting in over 13,700 late or inaccurate PCNs and PPFNs that cost consumers around $17 million.
This was a clear vendor management fail. Looking past the alleged failure of the company to follow its own policies and procedures to properly review and file the documents, there was a serious underlying problem with the vendor providing the notices. Mortgage servicing and foreclosures come with a high risk of consumer harm, making it extremely important that any vendor tasked with highly regulated activities, such as PCNs and PPFNs, have strong compliance controls in place. This should have been part of Nationstar’s vendor due diligence and ongoing monitoring and addressed in the vendor agreement.
Further, Nationstar should have been documenting any errors in the notices and bringing them to the attention of the vendor. Gathering data on vendor incidents (like data errors) and reporting them to the vendor is essential to demonstrating deficiencies so that they can be corrected.
It appears that wasn’t happening.
The company has since stopped using the vendor and “enhanced procedures by retaining counsel to review and file documents only upon approval from Nationstar.”
Complaints: The Canary in the Coalmine
Another key area to consider is complaint management, which should be a feature of every compliance management system. How did the problems at Nationstar first come to the attention of the CFPB? Consumer complaints.
To give you an idea of the number of complaints, an American Banker report found that consumers made 3,711 complaints about the company between January 2015 and November 2015, just slightly less than the year before. Common complaints include being “too quick to deny requests for loan modifications” and failing to uphold loan modifications when servicing is transferred.
If Nationstar had been systematically identifying, logging, and analyzing consumer complaints from the beginning, it likely would have been made aware of the scope of the problem before its regulator became involved. Then it could have shown that it had self-identified and remediated the problem. Instead, it invited the scrutiny of not just the CFPB but a whole litany of other state and federal agencies and enforcers.
As part of the settlement, the CFPB is requiring the company to “enhance and implement its policies, processes, and controls for handling consumer complaints, disputes, and notices of error.” This includes having an easy-to-find online complaint form, staff for researching complaints, and a way to identify and document all errors in a complaint and conduct a root cause analysis if there is a suspected systemic error.
Related: Download our whitepaper Why Complaint Management Matters
Lack of Automation & Audit
Another problem Nationstar faced was that during 77 bankruptcies it didn’t send responses to notices of future changes (RNOFCs), causing outstanding loan amounts not to be waived at discharge. The Department of Justice says Nationstar attributes this oversight to:
- Lack of automated processes
- Lack of consistency in practices across servicing teams
- Human error in the manual data entry by staff with insufficient training
- Lack of adequate quality controls
To correct the problem, Nationstar has since introduced new system controls for monitoring response times, improved quality control and analysis reviews, and added a second level of review and post-audit quality review of the closing process, the Department of Justice says. It’s part of the company’s efforts to create a stronger and more effective internal audit program.
Once again we’re looking at a financial services company that failed at all three lines of defense. Manual processes were failing. Employees weren’t following procedures and reviewing and verifying documents. Risk management didn’t seem to recognize the serious risk of consumer harm. Compliance wasn’t doing enough with complaint management or vendor management. Audit wasn’t doing enough to check everyone else’s work. It’s a recipe for a disaster—or a $110 million fine.
Are all three lines of defense functioning at your institution? Would automating one or more of these areas help protect you from compliance failures and enforcement actions? Now is the time to be asking these questions. It’s something your institution should evaluate—before regulatory intervention is needed.
Thinking about vendor management? Learn more.