Quality Control: Threat of Downsizing

QUESTION 

I am the manager of our quality control department. We do our own quality control and use an outside auditor. We originate high production and have multiple channels. And we are in 30 states. Our CEO told me that he wants to downsize my department and also pull production audits from the outside auditor. He says our defect ratios show we are doing well and don’t need to maintain quality control to the same extent. 

I tried to tell him that he is seeing the positive effect of quality control, and that downsizing it and removing the outside auditor will cause the defect ratio to worsen. If anything, he should be maintaining or even increasing my staff and external auditor because our production is rapidly increasing. Frankly, I couldn’t change his mind. 

So, I am appealing to you. Our CEO passes your articles out at almost every management meeting. He uses them as ways to encourage discussion. I want him to read your reply. I have been reading your articles for years, and I am familiar with your stance on maintaining a strong quality control department. 

How does mortgage quality control protect the lender? 

SOLUTIONS 

Quality Control Audits 

QC Tune-up 

ANSWER 

Your question comes as a surprise to me, since compliance in general and quality control in particular should be the very last departments to be downsized. If there are mitigating circumstances for the cutback, such as a substantial drop in production or a change in the company's configuration, then I suppose reducing quality control may be warranted. But, even then, it must be done carefully, slowly, judiciously, and with full awareness of any impact on investor due diligence and contractual requirements. 

Lenders Compliance Group offers quality control auditing. But, unlike most quality control companies that veered into mortgage compliance, morphing into a compliance firm, we began as a compliance firm and subsequently established a fully staffed quality control affiliate, carefully managed by an executive director, experienced personnel, compliance professionals, and attorneys. LCG Quality Control, our quality control auditing group, oversees the entire audit process, from the smallest to the largest production, and delivers reports in accordance with GSE and portfolio guidelines, pursuant to timing requirements. We know whereof we speak when it comes to quality control.  

MORE THAN JUST DEFECT RATIOS

Quality Control is far more than just maintaining defect ratios. Wherever you got that impression, get rid of it. You are putting your mortgage company at considerable risk, a risk that is so high that your company will likely implode in a matter of days if you fail to maintain the necessary departmental and auditing staff levels. Cut elsewhere, but do not cut the operational needs of quality control! 

Mortgage quality control (“QC”) protects lenders by mitigating financial risk through the identification and correction of process errors, ensuring compliance with regulations, and maintaining the quality of loan portfolios. This, in turn, prevents costly buybacks from investors, such as the GSEs, and reduces the likelihood of loan defaults. 

Indeed, QC is a component of the Second Line of Defense; in fact, its exact placement depends on the financial institution's structure, as QC functions can also be embedded within the First Line of Defense. The Second Line of Defense typically comprises risk management and compliance functions that provide oversight, develop policies, and monitor activities to ensure adherence to regulations and internal standards. Therefore, when a QC function is established within or aligned with these oversight departments, it serves as a "second-line control." 

QC is crucial for identifying and preventing errors; the specific placement of the QC function determines whether it serves as a First or Second Line of Defense. Regardless of its placement, QC plays a detective role in identifying issues after they occur and provides an early warning mechanism to management, thereby strengthening the overall control structure. 

Consider how quality control impacts the following risk categories. 

RISK MITIGATION 

Let’s start with mitigating risk. Two specific areas that QC impacts are default rates and loan buybacks. QC confirms that loans adhere to federal, state, local, and investor regulations (for instance, Fannie Mae guidelines), thereby avoiding penalties, legal issues, and breaches of contract.

Quality Control Red Flags and Automated Fraud Alerts

QUESTION 

I am the Chief Risk Officer of our company, a mortgage lender in the northwest. We have a nationwide footprint and an excellent Chief Compliance Officer. A persistent problem that she and I talk about is quality control findings, especially when the QC reports are showing fraud and misrepresentation. As a lawyer, I am cognizant of federal and state laws involving mortgage fraud. 

However, we want a Red Flags approach. We want to put Red Flag checks into our underwriting processes. Our IT department is ready to install them. However, it seems that Red Flags have to be brought in from many other areas other than quality control, such as anti-money laundering and identity theft prevention screening. Our interest, though, is concerning quality control flags. We want to layer them on the other Red Flags in our processing systems. 

What are some Red Flags relating to quality control that may be installed in our loan origination system? 

What suggestions do you have for digitizing flags, alerts, and Red Flags picked up by quality control? 

COMPLIANCE SOLUTIONS 

Quality Control Audits 

QC Tune-up®

ANSWER 

Although an objective of Quality Control (QC) is to identify and reduce fraud and misrepresentation, Red Flag awareness arising out of QC is important because it alerts to risks that can destabilize many areas of a company’s risk management areas. Please download the White Paper I published on Risk Management Principles (PDF). 

Red flag identification should be part of both post-closing and prefunding QC processes; indeed, prefunding QC is uniquely positioned to support production teams in identifying and remedying these defects. The prefunding Red Flags should be positioned in your prior-to-closing procedures. 

I hear all the time about the importance of Red Flags. But I have yet to hear a great definition of what should be considered Red Flags. Are Red Flags just itemized factors listed on an automated underwriting system, credit report, or even a mortgage fraud screening tool? Putting them in an LOS requires logic to go with it. A Red Flag is “something that indicates or draws attention to a problem, danger, or irregularity,” according to Merriam-Webster. Irregularities can take many forms, and you must ensure the logic needed to digitize those forms in a constantly changing business environment. 

The irregularities can topple an otherwise dependable approach to QC. A strong QC program is notable for its ability to assess all files for any irregularities to determine both the materiality and the cause of each irregularity. Such causes include human error, process gaps, data irregularities, misinformation, misrepresentation, and fraud. Human errors are likely to be isolated. Sure, irregularities can be identified through the use of digital technologies or simply by comparing similar data in various locations throughout the loan file (i.e., Social Security Number being consistent on all documents in the loan file). And, misinformation can be corrected through confirmation. However, multiple instances of error and misinformation may indicate misrepresentation or fraud. 

There are generally three types of Red Flags detection sources that should be installed in the logic of your loan origination system. These are digitized, automated systems such as credit reports and GSE engines, such as Desktop Underwriter and Collateral Underwriter. Digitized types function according to specific logic, for instance, by means of data validation and reconciliation, pattern recognition, and fraud detection. Each often requires a human to check online search engines to identify corroborating information, review documents for inconsistencies, and consider written or verbal reverification of information. 

You are not going to be able to rely solely on Red Flags in your loan origination system to catch mortgage fraud. At best, such embedded Red Flags will alert you to a potential threat. I would be very cautious in allowing Artificial Intelligence (AI) to trigger systemic loan flow decisions, such as issuing Adverse Action based entirely on its Red Flag utility. AI is still in the nascent stage of development. I’ve published several articles on Artificial Intelligence, if you want to consider my perspective. 

It is laudable as a matter of governance and risk management that you plan to use digital solutions that have the potential to enable QC to be more effective. Automated fraud tools can be installed in the LOS logic requirements. I also think you should watch for new solutions to automate lower-risk data accuracy elements, leaving human resources free to perform more complex reviews to some extent. Keeping your digital solutions deployed within operations must be accompanied by monitoring and periodic testing. Nevertheless, digital solutions also have limitations, and you must control for those limitations! Over-reliance on any technological solution may cause more harm than good. 

Red Flags caused by QC do not and cannot stand alone. They are part and parcel of the entirety of the loan origination process. Take a look at the prefunding checklist that your QC auditor uses. Suppose the prefunding screen is convertible into a technological solution, which thereby effectuates a means to identify loan origination risks. In that case, your list of Red Flags will grow and change over time. 

For instance, here are just a few such tools: fraud detection systems; investors’ software, such as Fannie Mae’s CU; and digital applications and proprietary tools for scrubbing internal data. Using tools such as these to identify Red Flags and elevated risk can be helpful in determining the loans that the QC auditor should sample. Other tools exist that may also be helpful, but to ensure you are selecting the best tools for your organization, you should develop a method for selecting, testing, and monitoring the efficacy of the tools you use. 

For a long time, I have heard of QC companies that provide their version of automated QC auditing, including color-coded tabs, all manner of interactive feedback, online transactions, digitized metrics, and supposedly automatic QC auditing at the loan level. Let me tell you a fact: automated risk and data-screening tools complement but do not replace a comprehensive prefunding QC program. My firm uses advanced technology for QC auditing of client files, and we audit thousands of files a year, but we never rely solely on a system solution to replace our prefunding or post-closing QC reviews. 

We always provide human analysis to prefunding and post-closing QC audits. No matter how sophisticated the automated tool is, it can fail or have gaps. If you plan to install logic that gleans prefunding QC findings in particular, you must continuously monitor for results that may reveal deficiencies while also highlighting new logic for tool enhancements and improvements. False positives can turn up in automated solutions, and there goes efficiency – along with the possibility of canceling a viable loan! Adjustments to testing parameters must be considered to ensure the proper balance between defect identification and false positives. In any event, you should continue to think of ways the tool can fail and how to fill those gaps operationally. 

If automated hard stops are not possible, implement a funding condition or post-funding review process to ensure loans with unresolved eligibility, compliance, or fraud flags do not get delivered to investors. Inevitably, some of these alerts become Red Flags that may be specific to your loan products, complexity, origination channels, geographic areas, and loan originator relationships (i.e., retail, wholesale). You should ensure that any automated tool is customized for your company’s desired controls before its use. And reject out-of-the-box settings that do not align with your organization’s unique risks. 

You do not mention the correlating action that should be taken when a Red Flag is triggered. That must be built into a system solution, with clear escalation paths for when the tool identifies flags or alerts, including individual management authorities and a sequence of escalation. It is essential that reporting, evaluation, and oversight of digitized system solutions, such as I have described above, are independent of the origination and underwriting staff. 

A final word about the “checkbox” approach to Red Flags triggered by prefunding or post-closing QC: the output of your tools should promote action that reduces a “check the box” approach. This may seem counterintuitive, but if the tool operates efficiently, it should constantly update and integrate its analytics. Therefore, your IT should consider integrating your tools into the loan origination system. Integration creates a basis for strategic loan selections and system hard stops for loans with defined eligibility, compliance, or fraud flags.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Quality Control: Anticipating Defects and Trends

QUESTION 

Our quality control reports provide defects and trendlines, but we have never been able to put together a list of which defects keep occurring. A trendline is useful; however, trends change all the time, and each quarter presents new defects to chase after and fix.  

We outsource our monthly quality control audits, and we have an in-house quality control coordinator who monitors our policies and procedures for quality control. And I’m the in-house quality control coordinator. 

For the audit method, we use a random sample. In our region, there is a huge competitor that uses discretionary samples. I wonder if they have an advantage in being able to identify defects better than we can by using the random sampling method. 

My concern is determining how to stay informed of the frequency of recurring defects. Since defects change each quarter, I want to know how to list and track them so that I can anticipate and cure them going forward. 

How can I anticipate defects and trends in quality control audits? 

COMPLIANCE SOLUTIONS 

Quality Control Audits 

QC Tune-up® 

ANSWER 

I am going to show you how you can use the audit findings of discretionary quality control audits to anticipate defects and trends in random quality control audits. 

First, I am going to provide some findings that Fannie has offered.[i] You likely have many investors, Fannie being one of them. Many of them utilize both random and discretionary analytics to determine if their relationship partners meet their quality control standards. Lenders often face many of the same challenges. Being aware of the defect trends across the industry allows for more dynamic QC, better action planning, and prevention of similar defects in your organization. 

But don’t be too caught up in an investor’s report if your defect does not appear there. If you’re not experiencing the same defects, it may mean that you already have effective origination controls in place. There is also the possibility that your auditor is not picking up on the defect. 

You should keep a list of the top defects occurring in your reports and investor reports. Keeping the list streamlines your ability to anticipate defects. Use the list to train on, too. You should be leveraging the list of defect trends to develop training opportunities for your staff, underwriters, and other participants in the loan flow process. This is a critical way to get ahead of the trending defects. Develop training to prevent these defects from occurring. 

________________________________________________________

 Quality Control Audits

 QC Tune-up

________________________________________________________

If you want to discuss your approach to quality control, please contact Brandy George, our Executive Director of LCG Quality Control. You can reach Brandy here.

My table below provides a means to anticipate defects as well as a learning tool for training. You can add more columns if you’d like. In our analyses, these are some of the defects that investors reported last year in random sampling. I will list them and add a Best Practice. The Best Practice is an essential component of your training experience. (I have left some blanks in the table to show other possibilities.)

RANDOM SAMPLE
Defect	Description	Best Practice
Income and Employment	Calculation errors	-During prefunding QC, be sure to target complex income streams, especially on higher DTIs. -Assess the year-over-year trends. The variable income requires evaluation of consistency and predictability.
Borrower Eligibility	Borrower not employed	-Perform extra due diligence in addition to the verbal verification of employment. (i.e., Internet searches; email borrower at job address as close to closing as possible; track and move the verification timeline up. -Be aware of specific volatile jobs or industries that are more susceptible to workforce disruptions.
Appraisal	Inadequate comparable adjustments; condition and quality rating discrepancies	-Utilize value acceptance + property data (VA+PD), when applicable, to increase certainty, better manage risk, and gain process efficiencies.
Assets	Insufficient	Using one-month statements when two months are appropriate.
Liabilities
Credit
Loan Documentation
Title/Lien
Fraud

Please note that the severity of certain defects may make the loan ineligible to certain investors. For instance, a Significant Defect is an issue that makes the loan ineligible for delivery to Fannie Mae and requires remediation or could result in a potential repurchase. An Initial Significant Defect occurs when a Significant Defect has been cited, but remediation activity is still in progress. 

Discretionary sampling is valuable when you want to do a comparative analysis, even if you only do random sampling. As I mentioned above, you can get discretionary (or targeted) audit results directly from many investors. 

Sometimes, the discretionary and random defects sync up. Take the category of appraisals, for example. In the random sample table above, inadequate comparables are a defect. However, Fannie reported in the fourth quarter of 2023 that their discretionary sampling listed appraisal errors amongst the highest of their defect trends.[ii] In this category example, importantly, the investor’s discretionary sample drills down into the appraisal defects to broaden out the findings, as the following table shows.

Discretionary Sampling
Defect	Description
Appraisal	Inadequate Comparable Adjustment(s)
	Failure to Adjust Comparables
	Inappropriate Comparable Sale(s) Selection Due to Location
	Comparable Sale(s) Physical Features Reported Inaccurately - Condition / Quality of Construction
	Use of Physically Dissimilar Comparable
	Sale(s) - Gross Living Area

A discretionary sample intentionally looks for loans with a greater likelihood of being defective or ineligible. Your random defect trendline, however, may be low in a category yet high in the investor’s trendline. That information provides a possible anticipatory impact, so you should be monitoring that category closely, even though it is currently reporting a low defect and trend.

Taking a strategic approach to comparing random to discretionary sampling can lead to the ability to anticipate defects and trends. The opportunity to use this information to enhance your sampling findings, plus ongoing training, is established on both prefunding and post-closing quality control reviews.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] See, for instance, the quarterly quality control report provided by Fannie Mae, which outlines random and discretionary audit findings, including defect and trend analyses. Freddie Mac offers a similar report. And many investors will provide information regarding their overall findings quarter-over-quarter or other calendrical intervals.

[ii] Idem

Quality Control Challenges – Defect Rates and Trendlines

QUESTION 

During a MORA review, Fannie determined that several areas were problematic. We thought we were mostly ready until we got the MORA results. Fannie required us to revise a list of issues. 

It was too late for us to use your Fannie Tune-up. So we mustered through as best as we could. One area that the MORA team criticized us for was that we did not establish a "methodology for identifying, categorizing, and measuring defects and trends against an established target defect rate." 

They found our Quality Control Plan was defective, and we could not show that we followed a methodology to uncover defects and trends. Our QC Manager discussed this with our QC auditor, but they became defensive. They did not want to update their Quality Control Plan or provide their procedures for Fannie to evaluate. So, on top of everything else, we need to get another QC auditor. 

We need your help in understanding some basics about defects and trendlines. 

What methodology is used for "identifying, categorizing, and measuring defects and trends against an established target defect rate?" 

ANSWER 

It's unfortunate that you did not contact us soon enough for the Fannie Tune-up. It takes 60 days to complete, and it is inexpensive. Most clients use the Fannie Tune-up to comply with Fannie guidelines and stay ready or get ready for a Mortgage Origination Risk Assessment (MORA) visit. 

_____________________________________________ 

Anyone interested in the Fannie Tune-up can request information here. 

_____________________________________________ 

I thought it would be a good idea for you to get some feedback from Brandy George, the Executive Director of LCG Quality Control. 

There are few professionals in mortgage banking with Brandy's credentials and depth of experience. Her group audits small and large loan production into the thousands of units. Importantly, Brandy works hands-on with clients to ensure their quality control meets Fannie's guidelines. So, I asked her to join me in answering your question. 

_____________________________________________

 Brandy also offers a free Quality Control Plan (terms apply)

that meets GSE and regulatory scrutiny. 

If anyone wants to talk to Brandy about their Quality Control needs,

you can contact her here. 

_____________________________________________ 

I asked Brandy to give a brief but useful answer to your question. The following outline is reflective of my notes from my conversation with her. 

Brandy confirmed that a financial institution must have a set of policies and procedures documented in its Quality Control Plan, establishing a target defect rate and the methodology for "identifying, categorizing, and measuring defects and trends" against that rate. 

According to Brandy, 

the target defect rate is the final net defect rate your firm has established as an acceptable percentage rate of open defects in any given audit period and the year-to-date percentage rate of open defects. 

That led to our discussion about calculating the defect rate. I like Brandy's response: 

Calculating and tracking the actual defect rate against your target defect rate is how you assess your credit and financial risk performance and measure progress in meeting your quality control goals. Managing gross and net defect rates is critical to understanding the financial exposure revealed during the QC process. 

The gross defect rate is calculated by dividing the number of all defects noted by the number of loans reviewed in the audit period, and the final net defect rate is calculated by dividing the number of open defects by the number of loans reviewed in the audit period. 

To provide a granular description that brings in threat levels, having a target defect rate is required for the top severity level – which, by the way, is ineligible for delivery to Fannie Mae – and enables the lender to regularly evaluate and measure progress in meeting its loan quality standards. 

The lender must define lower severity levels as appropriate for its organization, and different target defect rates may be established for different severity levels (if applicable). Note that the target defect rate is a Fannie Mae requirement!

With respect to calculating the target defect rate, I would like to add my observation to Brandy's guidance. Calculating a defect rate is how you measure against your target defect rate. Some lenders use only a gross or a net calculation when determining their monthly defect rate, while others use both. 

• The gross defect rate is the defect rate based on the initial findings prior to any rebuttal activity. 

• The net defect rate is the defect rate based on the final findings after the rebuttal activity. 

Understanding the root cause of the issues resolved during the rebuttal process may provide insight into how the defects can be prevented. 

Concerning the severity level, if a loan has both the highest-severity level defect and a lower-severity level defect, Fannie directs that the lender should only count the loan once – in the highest-severity category – in a defect rate calculation. Calculations should be done for your two most severe defect types (i.e., Significant and Moderate). 

My conversation with Brandy concluded with discussing the methodology for identifying defects and trendlines. Her insight here is helpful. She said: 

The methodology for identifying defects and trends lies within the audit process. How loan defects are identified and categorized leads to the final reporting results. Meaning, exceptions and defects need to be categorized in such a way that puts the defects in risk rating categories, such as Minor, Moderate, and Significant, compliance and regulatory, or by area of responsibility, such as Loan Officer, Processor, Underwriter, or Closer.  

Categorizing into risk rating categories is essential to the mission of the quality control project. Once initial (gross) defects are cured, it is important to determine root causes, analyze issues, and reconcile the difference between your gross and net defects and action plan accordingly. Be sure to analyze the cause between the gross and net defect rates! The goal is to identify and remediate the issues to narrow the gap between gross and net defect rates. 

A final word about targets and defect rates. An effective way to establish loan quality targets is to model the financial exposure created at a certain defect level. The concept of "zero defects" generally will be considered challenging to achieve. And, in any event, Fannie Mae does not evaluate lenders by a zero-defect-rate standard. 

Fannie Mae expects lenders to set defect rate targets as reasonably low as possible based on a formal cost-benefit analysis of meeting that target. The MORA team expects lenders to demonstrate to Fannie how they manage loan quality to meet their established target. 

_____________________________________________ 

Brandy also offers a free Quality Control Plan (terms apply)

that meets GSE and regulatory scrutiny. 

If anyone wants to talk to Brandy about their Quality Control needs,

you can contact her here. 

_____________________________________________ 

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

A New Quality Control Program

QUESTION 

We are a lender in the southwest. I am the VP of mortgage lending. Our loans are only conventional on 1-4 single family residential property. Our primary investor is Fannie Mae. We do not originate government loans or investor loans. 

Recently, we ended the relationship with our quality control auditor. So, we're now looking around to replace them. We went to a conference where several lenders highly recommended your firm. So, our compliance manager will be contacting you soon. 

Now, we're updating our quality control plan. We need to start over with a new quality control plan. We need guidance about the areas we should outline in the QC plan. I realize this is a big subject, so maybe you can provide an overview of the basic elements. 

What are the basic requirements of a QC Plan? 

ANSWER 

There are essentially six parts to a basic Quality Control Plan ("Plan" or "Program"). More about that shortly. Depending on the company's size, risk profile, complexity, loan products, and investor conduits, to name a few factors, the Plan's purpose is central to controlling a mortgage lender's originating environment. 

Thank you for contacting us to handle your quality control auditing. We can accommodate any production size and audit virtually all loan products. We have an entire group devoted to quality control, headed by an Executive Director, and staffed with an accomplished audit staff. 

Please contact us here. We'll see that you speak directly with our audit management team. 

I would add that it is critical to ensure that the Plan and the QC auditing are aligned. When regulators and investors review your QC reports, they want to see that you are implementing the requirements of your specific Program. When LCG conducts QC, we can provide a Plan that properly reflects your auditing needs. Be sure to discuss the Plan requirements when you speak to us. 

You should consider establishing a baseline review of your quality control compliance. To effectuate this assessment, many company's use our QC Tune-up. This mini-audit provides substantive evaluation of your quality control function and provides a risk rating. It's cost-effective, hands-on, and quick. If interested, contact us here for information about the QC Tune-up.

Because you originate only conventional loans and your primary investor is Fannie Mae (“Fannie”), my response will address the QC requirements for conventional generally and Fannie in particular.[i]

Your QC Plan must define your lending standards for loan quality, establish processes designed to achieve those standards and mitigate risks associated with the loan origination processes. In that regard, Fannie requires the lender to develop and implement a QC program that provides a structure for identifying the deficiencies in the loan manufacturing process and implementing plans to remediate those deficiencies and underlying issues quickly. 

Six Parts of a Quality Control Program 

I mentioned above that there are six parts to a basic Quality Control Plan. I am going to provide a brief description of each part. I urge you to contact us if you want a more detailed discussion. 

The six parts of a QC Program are: 

1.     Overview; 

2.     Contents; 

3.     Standards and Measures; 

4.     File Reviews; and 

5.     Reporting and Remediation. 

Overview 

Put simply, the Program must include a documented QC Plan that outlines requirements for validating that loans are originated under its established policies and procedures. 

The Overview must provide guidelines to ensure that: 

·     the loans comply with applicable federal, state, and local laws and regulations; 

·     the loans comply with investors' guidelines, such as Fannie Mae's Selling Guide, all related contractual terms and agreements, and are in all respects eligible for delivery to Fannie; and 

·     the Plan must guard against fraud, negligence, errors, and omissions by officers, employees, contractors (whether or not involved in the origination of the mortgage loans), brokers, borrowers, marketing partners, and others involved in the mortgage process. 

Contents 

The Plan must include documented QC procedures that establish standards for quality and incorporate systems and processes for achieving those standards. At a minimum, the Plan must contain the following categories.

 

·     Quality standards and measures, including:

 

o   a general overview and description of the QC philosophy;

 

o   the plan objectives;

 

o   specific risks to be measured, monitored, and managed; and

 

o   the methods used to ensure the Program is an independent and unbiased function, including program governance (targets, sampling) and transaction execution.

 

·     Procedures involving detailed operating and reporting methods for all employees affected by the QC process.

 

·     QC file review process: a process for performing prefunding and post-closing QC file reviews, including, at a minimum, a method for

 

o   confirming compliance with the investors’ guidelines, all related contractual terms and agreements, and that the loans are in all respects eligible for delivery to Fannie; and

 

o   confirming compliance with applicable federal, state, and local laws and regulations.

 

·     Sample selection process: the procedures and metrics for identifying a representative sample of loans for QC file reviews using both random and discretionary selection methodologies, as applicable, that include loans

 

o   originated through each applicable production channel (for example, retail, correspondent, and third-party originators);

 

o   originated under all mortgage products (for instance, fixed, ARM, and special or niche programs); and

 

o   originated using all underwriting methods (manual and AUS).

 

·     Reporting: written procedures for reporting the results of the QC file reviews, including the method of monthly reporting of review findings, including

 

o   the method of monthly reporting of review findings;

 

o   identifying critical components included in the reports;

 

o   distributing summary-level findings to senior management;

 

o   distributing loan-level findings to the business unit(s), specifically to parties within the business unit(s) responsible for resolution;

 

o   requiring a timely response to and resolution – or resolution plan – of findings identified in the QC review process; and

 

o   maintaining accurate and detailed records of the QC reviews’ results.

 

·     Vendor review: a process for reviewing the QC work performed by the third-party auditors.

 

·     File retention: procedures for maintaining for three years records of the QC findings and reports, loan files reviewed, and all related documentation, including chronicling the location of such records.

 

·     Audit: an audit process to ensure that the lender’s QC processes and procedures are followed by the QC staff and that its assessments and conclusions are recorded and consistently applied. 

Quality Standards and Measures 

This is a somewhat complicated area, often leading to confusion. So, I will offer a high-level description. A lender is responsible for the development and maintenance of standards for loan quality and the establishment of processes designed to achieve those standards. 

To evaluate and measure loan quality standards effectively, the lender must establish a methodology for identifying, categorizing, and measuring defects and trends against an established target defect rate. 

At a minimum, the lender must identify any loans with a defect; specifically, these are loans not in compliance with investor guidelines or other related contractual terms and agreements. A methodology must be established by which all loans with identified defects can be categorized based on the severity of the defect. The lender must define the severity levels appropriate to its organization and reporting needs; however, the highest severity level must be assigned to those loans with defects resulting in the loan not being eligible as delivered to Fannie. 

The lender must also establish target defect rates for its organization, reflecting its quality standards and goals. Establishing a target defect rate is based on a lender’s post-closing random QC sample. It enables the lender to regularly evaluate and measure progress in meeting loan quality standards. 

Different target defect rates may be established for different severity levels; however, at a minimum, a target defect rate must be established for the lender’s highest level of severity. 

Here’s an suggestion: a target defect rate that is as reasonably low as possible should be established. Once the targets are set, performance against the targets must be measured at least quarterly and reported to management. It is also essential that the target defect rate(s) be evaluated and, if necessary, reset at least annually. The lender must document the rationale for establishing the target rate(s). During a Fannie review, consideration may be given to how the lender’s chosen target defect rate affects the investor’s risk. Sometimes, this leads to the investor requiring a more realistic target.