Free Market Dogma

QUESTION 

I am a former employee of a lender whose president is a hard-core hater of the CFPB. He believes that our government is out of control and the CFPB has been overreaching for years. He is glad that the CFPB is being shut down. I was a paralegal in the legal department. After having to put up with his railing and cursing about the government in general and the CFPB in particular, I decided to resign. Since then, I have been with a law firm and continue to attend law school. 

It's not as if his mortgage company has been in trouble with the CFPB. It complies with all the rules and regulations, and every audit by states and the CFPB itself has shown that the company complies adequately. There have been no administrative actions or fines. 

From what I can tell, the CFPB is a kind of anti-scam police. They are also involved in protecting consumers' financial interests with respect to financial products and services. I can't figure out why this is such a bad thing that it should be destroyed. I thought regulating on behalf of consumers is what good government is supposed to do. We can debate what overreach and unnecessary regulations are, but destroying the agency that actually helps consumers seems really dangerous. 

My former boss takes the position that any government involvement in the free market is an attack on free enterprise, which to him means running his business the way he wants to run it. And, any agency, like the CFPB, that regulates his company is an attack on its survival. I think that's really very extreme. I got tired of trying to convince him otherwise. 

I know this is controversial. I want to widen the lens a bit. You have always been willing to discuss controversial subjects. My former president reads every post you've written for years. I'm sure he will recognize me as the questioner, though I didn't tell you his name or company name. It may bother him that I am writing to you. Fortunately, I am no longer an employee. 

He often discusses your views and interpretations of the law. I have subscribed for years. I think you are a reliable resource for regulatory guidance. I want to know your view. It would really help! 

Is government involvement in free markets justifiable? 

COMPLIANCE SOLUTION 

Management Tune-up 

RESPONSE 

I respond to controversial subjects as they may relate to many aspects of regulatory compliance. I make no apologies. I know they are controversial because we predictably get a small tranche of unsubscribes whenever I discuss a topic that bugs the unsubscribers. Sometimes, the unsubscribers write to me, and we have enjoyable correspondence. 

We offer this newsletter as a labor of love. It's free! All are welcome. However, I discuss the regulatory landscape with all its ups and downs, controversies, and wrangling, and always try to ensure that compliance with the law is clarified. My goal is to educate and offer some helpful guidance. 

Anyone who does not recognize that the government partners with markets, be it mortgage or any other economic market, exhibits a view that borders on willful ignorance. I have taught graduate classes on market action relating to mortgage origination, and one obvious factor we discuss is the "free market" concept, which is the thesis that markets should not allow government involvement (often framed as "government interference"). 

"Free market" lingo wears several masks, such as "free trade" and "free enterprise," but the notion that any economic market is free of government involvement is belied by the fact that the government must be involved in ensuring and monitoring its legal and regulatory framework. 

Now, for a dose of reality: 

There has never been a free market in the history of the world.

Never. Nowhere. Not now. Not ever. 

The concept indirectly stems from an economic theory called "laissez-faire" – which, in French, means "allow to do" – which is a financial concept that purports to inform free markets and capitalism. In that scenario, the government does not regulate business, taxes, or tariffs. Instead, it proposes that a market self-regulates through the economic mechanism of supply and demand of products and services. And, it asserts that individuals drive markets through self-interest, which, somehow, leads to social and economic benefits.

Housing Prices, Mortgage Rates, and Morale

QUESTION 

Since the election, our staff has seen a drop in morale. As the CEO, I felt it important to call a companywide Zoom meeting to discuss it. I asked our Chief Compliance Officer and Director of Human Resources to be on the call. During the call, we asked for participation in a survey, which showed quite a divide among staff, especially on how they see the future of mortgage banking and the country. 

Overall, the call was a good idea. People felt less intimidated to share their views, but a lot of people held back. Afterward, I received many emails from employees who thought they were not safe to express themselves. The throughline of these emails was that they feared reprisals from people who held political views opposite to theirs. 

The two big areas of disagreement began over what will happen to housing prices and the future of mortgage rates. There were arguments about whether the new administration's policies would cause a decline in housing prices and an increase in mortgage rates. The differences expanded and became intimidating.

This is the first time I've encountered such a situation. I am concerned about how this will affect our customer, departmental, and vendor relationships. Now, I know you're not a psychologist. We did an HR Tune-up a couple of years ago, and we had an excellent risk score, but this situation is unusual. I don't think it's an HR issue. We also had you do a CMS Tune-up for our compliance management review. However, this situation seems more like an internal risk. I am concerned about the attitude we bring to mortgage banking relationships. Maybe you could offer some feedback. 

I have read your column for years. Members of my firm read your newsletter. I want to post your reply to our company employee page. I have scheduled a call with you this December to discuss new Compliance Tune-up engagements. In the meantime, I urge you to let us know how you view the situation. 

What can I tell our employees about the future of housing prices and mortgage rates? 

What should I do about the harassment and intimidation issues that are messing with our morale? 

SOLUTION 

Compliance Tune-up 

ANSWER 

Since the election, I have received an enormous number of emails from clients, non-clients, subscribers, news organizations, colleagues, academics, and even a few retired regulators. As you correctly surmised, our firm only provides guidance based on our expertise in residential mortgage banking. We are not forecasters bent on prognosticating future events. We immerse ourselves in legal and regulatory compliance, conduct audits and due diligence reviews, and prepare our clients for regulatory changes. 

Given the outpouring of interest, we are considering offering a webinar on the impact of the election outcome on mortgage banking. If you think this is a webinar you would attend, please let me know here. I welcome your input. 

A recurring concern in the emails was the extent to which the new administration will undo regulations and consumer protections. The punditry has been out in full force. I will offer some educated guesses, but they are just guesses. I'll offer some feedback on the new administration's policies with respect to their potential impact on housing prices and mortgage rates. Given your concerns about the morale issues, I will conclude with a few words about mitigating a hostile work environment.

Housing Prices 

Reducing or terminating certain regulations might have a positive effect on housing markets. The theory is that less regulation usually leads to more active markets. 

I have spoken to a few builders – one of them is a national builder – who believe they will do better in the forthcoming plans to reduce regulations. That said, it seems to me that the supply of homes will still run short of some expectations and depends on the variable of an expanding economy, which generally causes home prices (and rents) to increase. 

However, some builders tell me that they expect tax incentives. When I pushed them on this theory, they said to me that increased housing inventory leads to lower home prices – the old supply and demand concept. I noted that the supply/demand ratio has its challenges, too, because lower home prices can, and often are, offset by increases in home buying costs caused by tariffs, which might increase costs, notwithstanding higher mortgage rates. 

For instance, the Trump tariffs imposed on Canadian lumber shipped into the U.S. were continued under the Biden administration. That drove up the average cost of a newly built home by about $14,000, according to a 2022 estimate by the National Association of Home Builders.[i] 

Maybe there will be further development of "opportunity zones,"[ii] which induce companies (or individuals) to invest in certain low-income areas in exchange for specific tax benefits (i.e., deferring capital-gains taxes). There will likely be the continuation of the Low-Income Tax Credit, which is a federal program ratified in 1986 that provides tax credits to housing developers in exchange for building affordable rental housing. 

Other factors that drive up the cost of housing are lot costs, uncertainty regarding the cost and availability of building materials, appraisal concerns, and survey timing. Federal, state, and local regulations also play a role in slowing the growth of the housing sector. How these factors get priced into the housing market will affect housing growth and supply. Notwithstanding the current market, which has pending home sales at their highest level since March, mortgage rates have been higher since early October.[iii] 

I do think it is appropriate to factor in the potential for a severe shortage of labor. The shortage is now at 52%. Previously, it was at 58% in 2023 and a record high of 77% in 2021.[iv] The problem of labor shortage worsens because 3,000,000 immigrant workers[v] account for 26% of the construction workforce.[vi] That's a record high![vii] The problem is the proposed plans for mass deportations of immigrants could have a substantial adverse impact on the house-building industry. 

There is a growing consensus among economists that deporting undocumented immigrants will further erode construction labor. As one well-known economist, Chief Economist Lisa Sturtevant of Bright MLS recently said:

"…the "mass deportation proposal would have a chilling effect on the construction industry, shrinking the already constrained labor force and stalling badly needed new housing construction." … "At the same time, proposed tariffs will increase building costs."[viii] 

In my conversations with builders and lenders, the response I get is that native-born construction workers will take the place of the immigrants. Well, I'm not so sure. According to one study, native-born workers are reluctant to join the construction industry. Their total count remains below the boom levels of the mid-2000s by over half a million.[ix] In fact, one in three craftsmen comes from outside the U.S. 

Mortgage Rates 

I'm not a prophet, but it doesn't take prophecy to figure out the short-term trajectory of mortgage rates, given the new administration's proposed plans. It seems to me that mortgage rates will remain high for now. I watch the credit markets closely, and I've noted the 10-year Treasury note has risen considerably recently, ostensibly, I suppose, in anticipation of a Trump win; but, remember, the 10-year pulls the 30-year mortgage rate along with it. Treasury yields usually increase when investors expect inflation to increase. In other words, investors are signaling an expectation of rising inflation. 

Here's an age-old formula: higher economic growth can lead to higher inflation, and higher inflation can lead to higher interest rates. 

Bond yields are rising because investors must be expecting the proposed fiscal policies to expand the federal deficit, meaning the downward direction of inflation will likely turn upward. Put another way, mortgage rates will be higher in the short term because investors are signaling that the budget deficit will not improve, notwithstanding the Fed cutting short-term interest rates. Therefore, unless inflationary pressures subside, it seems unlikely that the Fed will not make deeper interest rate cuts, which will keep mortgage rates high. 

During the campaign, Mr. Trump said mortgage rates would come down to 3% or lower.[x] My conjecture can be summed up in the following legal terminology: "Not going to happen!" Or, perhaps it could, if and only if there is a sharp economic downturn. I'm not into major economic crashes or some other kind of nasty economic downturn as a means to bring down mortgage rates. I hope you feel the same way! 

Here's another age-old formula: macroeconomic and microeconomic events determine mortgage rates, but presidents have no power to reduce mortgage rates. None. Not even a little bit! 

Given the foregoing observations, in the long term, it may be that home buying will peter down, not bubble up. 

Several of Trump's plans to impose tariffs could lead to higher mortgage rates through the end of this year. Let us not forget that the federal deficit will impact mortgage rates. I read that the president-elect says he will "charge" tariffs on several countries. Of course, tariffs are a tax paid by American consumers. So, it is the American consumer who is being "charged." Tariffs are import or export taxes added to the cost of goods and passed on to the American consumer. They are highly inflationary. And they often trigger retaliatory tariffs, thereby agitating and increasing the inflationary debacle. 

Here's a final age-old formula: taxing American consumers through tariffs, reducing construction labor supply (already severely depleted), implementing tax promises[xi] (i.e., expanding the 2017 tax cuts), increasing the deficit, may lead to a rise in inflation, higher housing prices, and elevated mortgage rates. 

Morale 

I would like you to consider a few final words regarding your observations that participating employees felt they "were not safe to express themselves" because "they feared reprisals from people who held political views opposite to theirs." I do not want to gloss over this fear, as it has a deleterious impact on the sales and operational processes and could even lead to a hostile work environment. You may face legal liability if you do not correct the issue immediately. If an employee is telling you they feel intimidated or afraid, that may be a sign of a hostile work environment. 

Such an environment is where an employee experiences unwelcome conduct, usually severe and pervasive, expressed through offensive behavior, harassment, and discrimination that is severe enough to impact their ability to do their jobs. The fallout on company morale, consumer relations, operations, legal and regulatory risk, and public sentiment can adversely affect a company's risk structure. 

When we have done HR Tune-up audits, we occasionally find hostile work environments overtly or covertly taking shape through such conduct as public humiliation or belittlement, unwanted sexual advances or attention, physical threats or intimidation, subjective abuse of the victim, bullying, and jokes and comments related to someone's beliefs and protected characteristics. You should not think that having a company call puts an end to such problems. They rarely do. 

So, here's my advice, take it or leave it. I think you should publish a Code of Ethics and Conduct, which must be consistent with state and federal law, that sets forth your policy concerning zero tolerance for a hostile work environment. If you want, we offer a strong Code of Ethics and Conduct. 

The Code should include procedures to mitigate the risk. The procedures should include the following:

 

1.   Maintaining a detailed record of the harassing behavior, including dates, times, witnesses, and specific details of what happened.

 

2.   Informing a supervisor, HR department, or appropriate authority about the behavior.

 

3.   Bringing in an employment attorney if the offending issue is not addressed adequately. 

You have already made a good start by opening the dialogue and recognizing the challenge. Now, you need to ensure that the fears and feelings of intimidation do not create a hostile work environment. Taking prompt action to prevent and promptly correct any harassment[xii] can lead to a safe workspace, boost morale, and potentially avoid liability. 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Since Pandemic Onset, Lumber Products Have Added $14K to House Price, $51 to Rent, Emrath, July 14, 2022, Paul, National Association of Home Builders, https://eyeonhousing.org/2022/07/since-pandemic-onset-lumber-products-have-added-14k-to-house-price-51-to-rent/ 

[ii] See Tax Cuts and Jobs Act of 2017 (TCJA)

[iii] Pending home sales hit seven-month high, McAlinden, Fergal, November 27, 2024, Mortgage Professional (MP), Key Media  https://www.mpamag.com/us/mortgage-industry/market-updates/pending-home-sales-hit-seven-month-high/515737

[iv] Labor Shortages Ease, But Remain Worse Than in the Last Boom, Emrath, Paul, February 23, 2024, National Association of Home Builders, https://eyeonhousing.org/2024/02/labor-shortages-ease-but-remain-worse-than-in-the-last-boom/

[v] Immigrant Share in Construction Sets New Record, Siniavskaia, Natalia, November 20, 2024, National Association of Home Builders, https://eyeonhousing.org/2024/11/immigrant-share-in-construction-sets-new-record/. “In 2023, 11.9 million workers, including both self-employed and temporarily unemployed, comprised the construction workforce. Out of these, 8.9 million were native-born, and 3 million were foreign-born, the highest number of immigrant workers in construction ever recorded by the American Community Survey.”

[vi] The Role of the Recent Immigrant Surge in Housing Costs, Frost, Riordan, October 29, 2024, Joint Center for Housing Studies, Harvard University, https://www.jchs.harvard.edu/blog/role-recent-immigrant-surge-housing-costs

[vii] Op. cit v

[viii] 5 ways Trump's next presidency could affect the U.S. economy — and your money, Picchi, Aimee, November 7, 2024, CBS News, https://www.cbsnews.com/news/trump-election-impact-on-economy-taxes-inflation-your-money/

[ix] Op. cit. v

[x] Trump’s First Broken Promise Will Be 3% Mortgage Rates, Levin, Jonathan, November 6, 2024, Bloomberg, https://www.bloomberg.com/opinion/articles/2024-11-06/trump-s-first-broken-promise-will-be-3-mortgage-rates-election-2024

[xi] What Trump's return to the White House could mean for the economy and taxes, Pettypiece, Shannon, November 6, 2024, NBC News, https://www.nbcnews.com/politics/2024-election/trumps-return-white-house-mean-economy-taxes-rcna177690. "Economists at the University of Pennsylvania estimate Trump’s tax and spending plans would increase the deficit by $4.1 trillion when accounting for the effects they would have on the wider economy."

[xii] Harassment, U.S. Equal Employment Opportunity Commission, https://www.eeoc.gov/harassment

Regulatory Mandate: Third-Party Risk Management

QUESTION 

I am the Compliance Manager of a bank. We have a mortgage banking platform. I handle our legal and regulatory compliance. Our new Chief Risk Officer wants to review our Third-Party Risk Management policy and procedures. The problem is that we do not have such a policy and procedures. 

We have vendor management procedures, which our regulator has accepted. Like me, the CRO is an attorney but he can’t fathom how we could have functioned for so long without this policy, irrespective of the regulator’s evaluation. I respect his view, and he has discussed case law and regulatory requirements with me. But, the fact is, we simply have never created a comprehensive policy just for third-party risk management. 

I understand now that a policy for Third-Party Risk Management is an essential requirement that must be drafted and ratified by our Board. The policy must extend to other banks and nonbanks with which we do business. We need some guidance in drafting this policy. The CRO follows your articles, and he asked me to write to you. I have subscribed and encouraged our staff to subscribe. 

What are some key features of a policy focused on Third-Party Risk Management? 

COMPLIANCE SOLUTION 

TPRM Tune-up®

Third-Party Risk Management

Policy and Procedures 

ANSWER 

Thank you for subscribing, and I appreciate your Chief Risk Officer reading our articles. We have been publishing these articles for many years, and it is humbling when our subscribers express their gratitude. 

Our research of public enforcement actions shows that approximately 25% of them - that’s one in four enforcement actions! - against banks and nonbanks have specifically noted deficiencies in how the target institution managed third-party service provider risks. 

If any financial institution does not have a Third-Party Risk Management policy and procedures, it is surely currying legal and regulatory risk. Your CRO is correct! 

One other point before I proceed. When a company official tells me that their regulator has never mentioned a particular regulatory violation, though it is a regulatory violation, and thus they intimate that what they’re doing must be ‘acceptable to the regulator,’ the alarms go off. If an institution wants to wait for a regulator to find its policies skimpy, defective, sketchy, inadequate, incomplete, fragmentary, insufficient, and deficient, it will find itself in the midst of a very unpleasant, belated attempt at remediation and possibly even an administrative action. 

And remember to implement the procedures and monitor the implementation. A bank examiner will not only review the policy but also determine if the procedures are implemented. 

_____________________________________________________________ 

TPRM Tune-up® 

When we conduct our TPRM Tune-up®, which is a review of a company’s third-party risk management structure, we work with a set of audit tools that help us evaluate regulatory compliance, offer recommendations, and provide a risk rating. The TPRM Tune-up® is often in demand because third-party risk management is central to safety and soundness criteria. Contact us here, and we’ll send you the presentation.  

_____________________________________________________________ 

Board and Management Responsibility 

Financial institutions are still ultimately responsible for managing their third-party service provider relationships, activities, and associated risks. They must ultimately ensure that all of their operations, in-house or outsourced, are conducted safely and soundly and in compliance with applicable legal and regulatory requirements, including consumer protection and financial crimes laws and regulations, just as if the institution were performing the activities itself. 

Regulators look to the company’s Board of Directors as ultimately responsible for providing oversight for third-party risk management and holding management accountable for its role. Management is responsible for developing and implementing third-party risk management policies, procedures, and practices commensurate with the institution’s risk appetite and the level of risk and complexity of its third-party relationships. Internal controls, independent reviews, and documentation are critical components. 

Third-Party Risk Management POLICY 

There are essential requirements for a Third-Party Risk Management policy (“TPRM Policy”). 

The TPRM policy has four principal requirements, which I will outline below. It will be up to you to draft the policy language. Each requirement can have its section and subsections. I will offer some guidance to help with your considerations. 

The four TRPM Policy requirements can be elucidated as follows: 

1.       Risk Management 

2.       Third-Party Relationship Life Cycle 

3.       Governance 

4.       Appendix 

TPRM Policy Sections 

1. Risk Management 

Not all third-party relationships present the same level of risk. Indeed, not all such relationships require the same level of oversight. However, a financial institution should apply rigorous risk management practices throughout the third-party relationship life cycle for third parties that support higher-risk activities, including critical activities. 

An institution may adjust and update its third-party risk-management practices commensurate with its size, complexity, and risk profile by periodically analyzing the risks associated with each third-party relationship. It is important to involve knowledgeable and skilled staff in each stage of the risk management life cycle. 

Therefore, your company would apply risk management practices in different stages of the third-party relationship life cycle. For instance, an important initial step is identifying third-party relationships that support higher-risk activities, including critical activities. 

Generally, to determine if an activity is higher risk, a company would assess various factors, such as if the third party has access to sensitive data (including customer data), processes transactions, or provides essential technology and business services. 

2. Third-Party Relationship Life Cycle 

Effective third-party risk management generally follows a continuous life cycle for third-party relationships. There are five stages of the TPRM life cycle, all responsive to governance in terms of  Oversight and Accountability, Independent Reviews, and Documentation and Reporting. 

Here is an outline of the five stages of the TPRM life cycle. 

Stage 1: Planning 

Careful planning enables a community bank to consider potential risks in the proposed third-party relationship. Managing third-party relationships allows the company to evaluate the extent of risk management resources and practices for effective oversight of the proposed third-party relationship throughout the subsequent stages of the third-party relationship life cycle. 

Stage 2: Due Diligence (Selecting the Third Party) 

Due diligence is the process by which a company assesses, prior to entering into a third-party relationship, a particular third party’s ability to, among other things, perform the activity as expected, adhere to company policies, comply with all applicable laws and regulations, and conduct the activity in a safe and sound manner.

 

The guidelines to develop in the policy is a clear definition of effective due diligence. We define effective due diligence as assistance with the selection of capable and reliable third parties to perform activities for, through, or on behalf of the company. If the company cannot obtain desired due diligence information from the third party, it will have to consider alternative information, details, controls, and monitoring; otherwise, it should consider abandoning the use of the third party.

 

Conducting due diligence on third parties before selecting and entering into third-party relationships is an important part of sound risk management. It provides management with the information needed about potential third parties to determine if a relationship would help achieve an organization’s strategic and financial goals. The due diligence process also provides the banking organization with the information needed to evaluate whether it can appropriately identify, monitor, and control risks associated with the particular third-party relationship. 

Stage 3: Contract Negotiation

 

Before entering into a contractual relationship with a third party, an institution should consider contract provisions that meet its business objectives, regulatory obligations, and risk management policies and procedures. If a company has limited negotiating power, management needs to understand any resulting limitations and consequent risks. It comes down to risk tolerance, such as whether the contract can still meet the company’s needs, whether the contract would result in increased risk to the company, and whether residual risks are acceptable.

Stage 4: Monitoring 

Monitoring cannot be overemphasized when managing third-party risk. A company’s ongoing monitoring of the third party’s performance enables management to determine if the third party is performing as required for the duration of the contract. Our clients use the results of monitoring to use the derived information to adapt and refine their risk management practices.

 

There are three aspects of this stage in the life cycle, whereby monitoring:

 

1)   Confirms the quality and sustainability of a third party’s controls and ability to meet contractual obligations;

2)   Escalates significant issues or concerns (i.e., material or repeat audit findings, deterioration in financial condition, security breaches, data loss, service interruptions, compliance lapses, or other indicators of increased risk; and

3)   Responds to such significant issues or concerns when and where identified. 

Stage 5: Termination 

Ending a relationship with a third party occurs for a variety of reasons, such as expiration or breach of the contract, the third party’s failure to comply with applicable laws or regulations, or a desire to seek an alternate third party, bringing the activity in-house, or discontinuing the activity. It is important for management to terminate relationships efficiently, whether the activities are transitioned to another third party, brought in-house, or discontinued. 

3. Governance 

As I noted above, the life cycle is governed by tripartite activities: Oversight and Accountability, Independent Reviews, and Documentation and Reporting. Here are some tips for each activity. 

(A) Oversight and Accountability

 

The Board of Directors has ultimate responsibility for providing oversight for third-party risk management and holding management accountable. The management is responsible for developing and implementing third-party risk management policies, procedures, and practices commensurate with the company’s risk appetite and the level of risk and complexity of its third-party relationships.

 

(B) Independent Review

 

The company must conduct periodic independent reviews to assess the adequacy of its third-party risk management processes. An institution may use the results of independent reviews to determine whether and how to adjust its third-party risk management process, including its policies, reporting, resources, expertise, and controls.

 

(C) Documentation and Reporting

 

Documentation and reporting, key elements that assist those within or outside the company who conduct control activities, will vary among financial institutions depending on the risk and complexity of their third-party relationships.

4. Appendix 

Consider including an appendix that lists resources. The resources do not have to be comprehensive. Keep adding to the Appendix as you come across resources that help to manage third-party risk management. Of course, there are Acts, regulations, and rules. However, other sources of information may be available, particularly on specific topics.

The use of third parties, especially those using new technologies, may present elevated risks to a financial institution and its customers, including operational, compliance, and strategic risks. Importantly, the use of third parties does not diminish or remove the institution's responsibilities to ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.

Request Information: TPRM Tune-up®.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group