Non-Delegated Lenders: Quality Control for Non-QM Loans

Podcast | Substack

QUESTION 

I am one of the underwriters for a non-delegated lender. We received a request from an investor to conduct quality control. My boss says we do not have to do quality control. His position is that, at most, we need only a limited quality control audit. I came from another non-delegated lender, and they always did QC. 

He says we do not have to perform most aspects of QC audits, including credit analysis, re-verifications, credit reports, appraisal reviews, adverse action reviews, EPD issues, and GSE/FHA-VA underwriting reviews. Because we originate non-QM loans, he says QC is minimal. I read your Bulletin 2017-12, and it clearly shows that non-delegated lenders should do QC. 

I would like you to discuss QC requirements for non-delegated lenders. 

Does a non-delegated lender have to do quality control for non-QM loans? 

OUR COMPLIANCE SOLUTIONS 

We recommend the following compliance solutions for quality control support: 

Quality Control Audits

Our audits focus on risk mitigation, compliance, error correction, process improvement, verification, and ongoing monitoring. 

QC Tune-up®

This is our Second Line of Defense review that focuses on predictable output, reliable data, investor confidence, and reduced production cost. 

RESPONSE TO YOUR QUESTION

The question about a non-delegated lender having to conduct quality control seems to be one of those perennial questions that pop up from time to time. There is no mystery to the requirement. I appreciate that you have been reading our Bulletins. Anyone who wants to subscribe to our free Bulletins, please sign up! 

Whether you are originating QM or non-QM loans, you should be conducting quality control audits. Fannie Mae's non-delegated quality control (QC) requirements include having a comprehensive written QC plan, a process for selecting loans for prefunding and post-closing reviews, and a system for reporting and taking corrective action. 

If you're a non-delegated lender originating QM loans, the QC plan should be independent of the production process, and, among other things, you must conduct a minimum number of prefunding and post-closing QC reviews each month, based on a percentage of total loan volume. 

If you're a non-delegated lender originating non-QM loans, you should have QC processes in place. Because non-QM loans do not meet the criteria for purchase by Fannie Mae or Freddie Mac, the lender assumes all the risk, making a robust QC program essential to manage the loan quality and potential defects. 

Let's look somewhat broadly at the QC requirements. You must have a written QC plan that outlines your QC philosophy, objectives, and risks, with a process for selecting loans for review using random and/or discretionary methods across all products. The QC function must be independent of the production process, or, at a minimum, reviews must be conducted by personnel not involved in underwriting the specific loans subject to audit. 

The QC plan for QM loans must cover both prefunding and post-closing reviews, ensuring compliance with the Fannie Mae Selling Guide, the lender contract, and applicable laws. You can check out Fannie's requirements in the Lender Quality Control Programs, Plans, and Processes section. 

With respect to pre-funding, a minimum number of prefunding reviews must be completed each month, with the loan selection meeting at least the lesser of 10% of the prior month's total loans, 10% of current month projections, or 750 loans. 

Regarding post-closing, loans must be selected for monthly reviews, and the entire QC cycle must be completed within 90 days of loan closing. 

You must have documented procedures for reporting QC findings to management, documenting loan level findings for resolution, and taking timely corrective actions. All QC-related documentation must be retained for at least three years. An internal audit of the QC process itself should be performed annually to ensure compliance with the lender's policies and procedures. Our QC Tune-up®, a Second Line of Defense function, provides such support.

Quality Control: Threat of Downsizing

QUESTION 

I am the manager of our quality control department. We do our own quality control and use an outside auditor. We originate high production and have multiple channels. And we are in 30 states. Our CEO told me that he wants to downsize my department and also pull production audits from the outside auditor. He says our defect ratios show we are doing well and don’t need to maintain quality control to the same extent. 

I tried to tell him that he is seeing the positive effect of quality control, and that downsizing it and removing the outside auditor will cause the defect ratio to worsen. If anything, he should be maintaining or even increasing my staff and external auditor because our production is rapidly increasing. Frankly, I couldn’t change his mind. 

So, I am appealing to you. Our CEO passes your articles out at almost every management meeting. He uses them as ways to encourage discussion. I want him to read your reply. I have been reading your articles for years, and I am familiar with your stance on maintaining a strong quality control department. 

How does mortgage quality control protect the lender? 

SOLUTIONS 

Quality Control Audits 

QC Tune-up 

ANSWER 

Your question comes as a surprise to me, since compliance in general and quality control in particular should be the very last departments to be downsized. If there are mitigating circumstances for the cutback, such as a substantial drop in production or a change in the company's configuration, then I suppose reducing quality control may be warranted. But, even then, it must be done carefully, slowly, judiciously, and with full awareness of any impact on investor due diligence and contractual requirements. 

Lenders Compliance Group offers quality control auditing. But, unlike most quality control companies that veered into mortgage compliance, morphing into a compliance firm, we began as a compliance firm and subsequently established a fully staffed quality control affiliate, carefully managed by an executive director, experienced personnel, compliance professionals, and attorneys. LCG Quality Control, our quality control auditing group, oversees the entire audit process, from the smallest to the largest production, and delivers reports in accordance with GSE and portfolio guidelines, pursuant to timing requirements. We know whereof we speak when it comes to quality control.  

MORE THAN JUST DEFECT RATIOS

Quality Control is far more than just maintaining defect ratios. Wherever you got that impression, get rid of it. You are putting your mortgage company at considerable risk, a risk that is so high that your company will likely implode in a matter of days if you fail to maintain the necessary departmental and auditing staff levels. Cut elsewhere, but do not cut the operational needs of quality control! 

Mortgage quality control (“QC”) protects lenders by mitigating financial risk through the identification and correction of process errors, ensuring compliance with regulations, and maintaining the quality of loan portfolios. This, in turn, prevents costly buybacks from investors, such as the GSEs, and reduces the likelihood of loan defaults. 

Indeed, QC is a component of the Second Line of Defense; in fact, its exact placement depends on the financial institution's structure, as QC functions can also be embedded within the First Line of Defense. The Second Line of Defense typically comprises risk management and compliance functions that provide oversight, develop policies, and monitor activities to ensure adherence to regulations and internal standards. Therefore, when a QC function is established within or aligned with these oversight departments, it serves as a "second-line control." 

QC is crucial for identifying and preventing errors; the specific placement of the QC function determines whether it serves as a First or Second Line of Defense. Regardless of its placement, QC plays a detective role in identifying issues after they occur and provides an early warning mechanism to management, thereby strengthening the overall control structure. 

Consider how quality control impacts the following risk categories. 

RISK MITIGATION 

Let’s start with mitigating risk. Two specific areas that QC impacts are default rates and loan buybacks. QC confirms that loans adhere to federal, state, local, and investor regulations (for instance, Fannie Mae guidelines), thereby avoiding penalties, legal issues, and breaches of contract.

Servicing Quality Control: Subservicer Scrutiny

QUESTION 

We are a lender that subservices our loans through a reputable servicer. We originate Fannie Mae, Freddie Mac, USDA, FHA, VA, HECM, and Non-QM loan products. Our internal audit identified that we should have monitoring and control procedures in place for our subservicer. 

We already have a Loan Servicing Quality Control Plan. However, we do not have a separate policy for monitoring and controlling the subservicer function. Our internal auditor recommends that we establish such a policy immediately. 

As the General Counsel and Compliance Officer, I am responsible for ensuring that we meet all regulatory and legal requirements in our loan originating and servicing activities. I would like your view on whether we should have a separate policy for monitoring the subservicer. 

SOLUTIONS 

Subservicing Quality Control Audits

Loan Servicing Quality Control Plan

Monitoring & Control of Subservicer Policy 

RESPONSE 

Based on your question, you appear to be a master servicer. A master servicer is responsible for overseeing and auditing the activities of its subservicer. This responsibility arises from the fact that the master servicer remains liable for the performance of all servicing obligations, even when they are delegated to a subservicer. 

A master servicer is an entity responsible for overseeing the administration and management of a pool of loans, often in mortgage-backed securities (MBS) and other structured finance products. It ensures proper loan management and that investors receive their returns on time. 

Master Servicer 

In particular, a master servicer's role includes the following: 

Their role and responsibilities include: 

·       Loan administration and management 

Handling day-to-day operations like payment collection, managing escrow accounts, and distributing payments to investors. 

·       Oversight of other servicers 

Appointing and coordinating with sub-servicers while remaining liable to bondholders for their performance. 

·       Ensuring compliance

Ensuring that servicing practices comply with regulatory and contractual requirements. 

·       Monitoring and reporting 

Tracking portfolio performance and reporting to the trustee and investors. 

·       Handling borrower communication and requests 

Serving as a point of contact for borrowers. 

·       Coordination with special servicers 

Working with special servicers for distressed or defaulted loans. 

You should have a separate policy for monitoring and control of the subservicer. Usually, the policy complements the Loan Servicing Quality Control Plan that you mentioned. Both the CFPB (Consumer Financial Protection Bureau) and GSEs (Government-Sponsored Enterprises, such as Fannie Mae and Freddie Mac) mandate that lenders (master servicers) proactively oversee and regularly audit their subservicer relationships and operations.[i] 

The master servicer is responsible for ensuring that the subservicer complies with all applicable regulations and contractual obligations, as required by Fannie Mae and other investors. Failing to oversee or audit a subservicer exposes the master servicer to significant business risks, including potential lawsuits, fines, and reputational damage if the subservicer fails to meet compliance guidelines or operational standards. 

Second Line of Defense 

The audit of a subservicer's servicing files falls under the Second Line of Defense for the originating institution that outsourced the servicing, with the possibility that the Third Line of Defense (viz., internal audits) may also perform independent audits to ensure effectiveness. 

As the Second Line of Defense, the originating institution has the ultimate responsibility for the subservicer's actions; therefore, it must oversee the subservicer's compliance with regulations and its own servicing standards. The act of reviewing the subservicer's servicing files and operations to ensure adherence to contractual obligations and regulatory requirements is considered a core function of the Second Line of Defense, which involves monitoring and oversight functions, such as risk management and compliance departments. 

Thus, the Second Line of Defense provides expertise, support, and monitoring regarding risk-related matters. I would break those features into the following activities: 

·       Developing and implementing policies and procedures for subservicer oversight. 

·       Conducting regular reviews of the subservicer's performance and compliance. 

·       Assessing the subservicer's internal controls and risk management framework. 

·       Monitoring the subservicer for compliance with regulatory requirements (CFPB, OCC, GSEs). 

·       Developing and implementing corrective actions to address any identified issues. 

Essentially, the Second Line of Defense is actively involved in ensuring the subservicer is compliant and performing as expected, while the Third Line of Defense audits the effectiveness of that oversight and the subservicer's operations to ensure the entire risk management framework is sound. I think your internal auditor was correct in recommending a separate policy for monitoring and controlling the subservicer. Use it in conjunction with your overall Loan Servicing Quality Control Plan. 

Oversight and Auditing 

There are five components of subservicer oversight and auditing. A robust subservicer oversight program should include regular audits of servicing files and operations. Implementing the program is not merely a recommended Best Practice but a crucial aspect of a master servicer's responsibility to manage risk and ensure compliance within the mortgage industry.

1. Establishing an Oversight and Surveillance Program 

The program should monitor the subservicer's compliance with servicing requirements outlined in the master servicer's contracts and applicable guidelines. 

These three elements must be included in oversight: 

·       Periodic audits and quality control (QC) reviews: These reviews help verify that the subservicer is adhering to contractual obligations and regulatory requirements. 

·       Operational audits: These audits delve deeper and can assess areas such as customer service reviews, escrow administration, collections, and loss mitigation procedures. 

·       Evaluation of training programs, financial strength, and overall experience: These evaluations help ensure that the subservicer has the resources and expertise to perform its duties effectively. 

2. Maintaining Policies and Procedures 

Master servicers must have established procedures for selecting and assessing subservicers, encompassing their experience, training programs, financial stability, quality control, and capacity to handle the portfolio. 

3. Operational Audits 

These audits should encompass customer service reviews, escrow administration oversight, procedural assessments of collection and loss mitigation, and examinations of bankruptcy, foreclosure, and REO management, among other areas. 

4. Ongoing Monitoring and Review 

This type of monitor involves continuously evaluating subservicer performance data, including loan-level data, customer satisfaction scores, response times, and error rates. 

5. On-Site Audits and Reviews

Regularly conducting on-site audits and reviews ensures compliance with contractual requirements and regulatory standards. 

Jonathan Foxx, PhD, MBA
Chairman & Managing Director
Lenders Compliance Group 

---

[i] Both the Consumer Financial Protection Bureau (CFPB) and government-sponsored enterprises (GSEs) like Fannie Mae and Freddie Mac require master servicers to maintain oversight of their subservicers. Fannie Mae, for example, requires the master servicer to ensure that the subservicer is complying with all Fannie Mae requirements.

Quality Control Red Flags and Automated Fraud Alerts

QUESTION 

I am the Chief Risk Officer of our company, a mortgage lender in the northwest. We have a nationwide footprint and an excellent Chief Compliance Officer. A persistent problem that she and I talk about is quality control findings, especially when the QC reports are showing fraud and misrepresentation. As a lawyer, I am cognizant of federal and state laws involving mortgage fraud. 

However, we want a Red Flags approach. We want to put Red Flag checks into our underwriting processes. Our IT department is ready to install them. However, it seems that Red Flags have to be brought in from many other areas other than quality control, such as anti-money laundering and identity theft prevention screening. Our interest, though, is concerning quality control flags. We want to layer them on the other Red Flags in our processing systems. 

What are some Red Flags relating to quality control that may be installed in our loan origination system? 

What suggestions do you have for digitizing flags, alerts, and Red Flags picked up by quality control? 

COMPLIANCE SOLUTIONS 

Quality Control Audits 

QC Tune-up®

ANSWER 

Although an objective of Quality Control (QC) is to identify and reduce fraud and misrepresentation, Red Flag awareness arising out of QC is important because it alerts to risks that can destabilize many areas of a company’s risk management areas. Please download the White Paper I published on Risk Management Principles (PDF). 

Red flag identification should be part of both post-closing and prefunding QC processes; indeed, prefunding QC is uniquely positioned to support production teams in identifying and remedying these defects. The prefunding Red Flags should be positioned in your prior-to-closing procedures. 

I hear all the time about the importance of Red Flags. But I have yet to hear a great definition of what should be considered Red Flags. Are Red Flags just itemized factors listed on an automated underwriting system, credit report, or even a mortgage fraud screening tool? Putting them in an LOS requires logic to go with it. A Red Flag is “something that indicates or draws attention to a problem, danger, or irregularity,” according to Merriam-Webster. Irregularities can take many forms, and you must ensure the logic needed to digitize those forms in a constantly changing business environment. 

The irregularities can topple an otherwise dependable approach to QC. A strong QC program is notable for its ability to assess all files for any irregularities to determine both the materiality and the cause of each irregularity. Such causes include human error, process gaps, data irregularities, misinformation, misrepresentation, and fraud. Human errors are likely to be isolated. Sure, irregularities can be identified through the use of digital technologies or simply by comparing similar data in various locations throughout the loan file (i.e., Social Security Number being consistent on all documents in the loan file). And, misinformation can be corrected through confirmation. However, multiple instances of error and misinformation may indicate misrepresentation or fraud. 

There are generally three types of Red Flags detection sources that should be installed in the logic of your loan origination system. These are digitized, automated systems such as credit reports and GSE engines, such as Desktop Underwriter and Collateral Underwriter. Digitized types function according to specific logic, for instance, by means of data validation and reconciliation, pattern recognition, and fraud detection. Each often requires a human to check online search engines to identify corroborating information, review documents for inconsistencies, and consider written or verbal reverification of information. 

You are not going to be able to rely solely on Red Flags in your loan origination system to catch mortgage fraud. At best, such embedded Red Flags will alert you to a potential threat. I would be very cautious in allowing Artificial Intelligence (AI) to trigger systemic loan flow decisions, such as issuing Adverse Action based entirely on its Red Flag utility. AI is still in the nascent stage of development. I’ve published several articles on Artificial Intelligence, if you want to consider my perspective. 

It is laudable as a matter of governance and risk management that you plan to use digital solutions that have the potential to enable QC to be more effective. Automated fraud tools can be installed in the LOS logic requirements. I also think you should watch for new solutions to automate lower-risk data accuracy elements, leaving human resources free to perform more complex reviews to some extent. Keeping your digital solutions deployed within operations must be accompanied by monitoring and periodic testing. Nevertheless, digital solutions also have limitations, and you must control for those limitations! Over-reliance on any technological solution may cause more harm than good. 

Red Flags caused by QC do not and cannot stand alone. They are part and parcel of the entirety of the loan origination process. Take a look at the prefunding checklist that your QC auditor uses. Suppose the prefunding screen is convertible into a technological solution, which thereby effectuates a means to identify loan origination risks. In that case, your list of Red Flags will grow and change over time. 

For instance, here are just a few such tools: fraud detection systems; investors’ software, such as Fannie Mae’s CU; and digital applications and proprietary tools for scrubbing internal data. Using tools such as these to identify Red Flags and elevated risk can be helpful in determining the loans that the QC auditor should sample. Other tools exist that may also be helpful, but to ensure you are selecting the best tools for your organization, you should develop a method for selecting, testing, and monitoring the efficacy of the tools you use. 

For a long time, I have heard of QC companies that provide their version of automated QC auditing, including color-coded tabs, all manner of interactive feedback, online transactions, digitized metrics, and supposedly automatic QC auditing at the loan level. Let me tell you a fact: automated risk and data-screening tools complement but do not replace a comprehensive prefunding QC program. My firm uses advanced technology for QC auditing of client files, and we audit thousands of files a year, but we never rely solely on a system solution to replace our prefunding or post-closing QC reviews. 

We always provide human analysis to prefunding and post-closing QC audits. No matter how sophisticated the automated tool is, it can fail or have gaps. If you plan to install logic that gleans prefunding QC findings in particular, you must continuously monitor for results that may reveal deficiencies while also highlighting new logic for tool enhancements and improvements. False positives can turn up in automated solutions, and there goes efficiency – along with the possibility of canceling a viable loan! Adjustments to testing parameters must be considered to ensure the proper balance between defect identification and false positives. In any event, you should continue to think of ways the tool can fail and how to fill those gaps operationally. 

If automated hard stops are not possible, implement a funding condition or post-funding review process to ensure loans with unresolved eligibility, compliance, or fraud flags do not get delivered to investors. Inevitably, some of these alerts become Red Flags that may be specific to your loan products, complexity, origination channels, geographic areas, and loan originator relationships (i.e., retail, wholesale). You should ensure that any automated tool is customized for your company’s desired controls before its use. And reject out-of-the-box settings that do not align with your organization’s unique risks. 

You do not mention the correlating action that should be taken when a Red Flag is triggered. That must be built into a system solution, with clear escalation paths for when the tool identifies flags or alerts, including individual management authorities and a sequence of escalation. It is essential that reporting, evaluation, and oversight of digitized system solutions, such as I have described above, are independent of the origination and underwriting staff. 

A final word about the “checkbox” approach to Red Flags triggered by prefunding or post-closing QC: the output of your tools should promote action that reduces a “check the box” approach. This may seem counterintuitive, but if the tool operates efficiently, it should constantly update and integrate its analytics. Therefore, your IT should consider integrating your tools into the loan origination system. Integration creates a basis for strategic loan selections and system hard stops for loans with defined eligibility, compliance, or fraud flags.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Appraisal and Evaluation Program

QUESTION 

Our state banking department requested that we update our independent appraisal policy. They want us to update the "Appraisal and Evaluation Program." And they want us to provide information about its independence. We bought the policy from a company that sells mortgage policies, but the examiner says the policy is "defective." 

We went back to the mortgage policy company, and they said there was nothing wrong with their policy. Obviously, there's something wrong if an examiner has a problem with it! We told the examiner that the mortgage manuals company is well known, but she didn't care and told us to update the policy. 

We don't know what to put into the policy to satisfy the examiner. We need some pointers. 

What is an appraisal and evaluation program? 

What is independence in relation to an appraisal and evaluation program? 

ANSWER 

The term "Appraisal and Evaluation Program" is found in variations throughout various regulatory frameworks. An institution's board of directors or its designated committee is responsible for adopting and reviewing policies and procedures that establish an effective real estate appraisal and evaluation program. 

We believe there are certain features of an appraisal and evaluation program. The program should: 

·       Provide for the independence of the persons ordering, performing, and reviewing appraisals or evaluations. 

·       Establish selection criteria and procedures to evaluate and monitor the ongoing performance of appraisers and persons who perform evaluations. 

·       Ensure that appraisals comply with the agencies' appraisal regulations and are consistent with supervisory guidance. 

·       Ensure that appraisals and evaluations contain sufficient information to support the credit decision. 

·       Maintain criteria for the content and appropriate use of evaluations consistent with safe and sound banking practices. 

·       Provide for prompt receipt and review of the appraisal or evaluation report to facilitate the credit decision. 

·       Develop criteria to assess whether an existing appraisal or evaluation may be used to support a subsequent transaction. 

·       Implement internal controls that promote compliance with these program standards, including those related to monitoring third party arrangements. 

·       Establish criteria for monitoring collateral values. 

·       Establish criteria for obtaining appraisals or evaluations for transactions that are not otherwise covered by the appraisal requirements of the appraisal regulations. 

Regarding the independence of the appraisal and evaluation program, for both appraisal and evaluation functions, an institution should maintain standards of independence as part of an effective collateral valuation program for all of its real estate lending activity. 

The collateral valuation program is an integral component of the credit underwriting process and, therefore, should be isolated from influence by the institution's loan production staff. We also recommend that an institution establish reporting lines independent of loan production for staff who administers the institution's collateral valuation program, including the ordering, reviewing, and acceptance of appraisals and evaluations. 

Appraisers must be independent of the loan production and collection processes and have no direct, indirect, or prospective interest, financial or otherwise, in the property or transaction.[i] These standards of independence also should apply to persons who perform evaluations. 

For a small or rural institution or branch, it may not always be possible or practical to separate the collateral valuation program from the loan production process. If absolute lines of independence cannot be achieved, an institution should be able to demonstrate clearly that it has prudent safeguards to isolate its collateral valuation program from influence or interference from the loan production process. In such cases, another loan officer, other officer, or company director may be the only person qualified to analyze the real estate collateral. However, to ensure their independence, such lending officials, officers, or directors must abstain from any vote or approval involving loans on which they ordered, performed, or reviewed the appraisal or evaluation.[ii] 

Communication between the institution's collateral valuation staff and an appraiser or person performing an evaluation is essential for exchanging appropriate information relative to the valuation assignment. An institution's policies and procedures should specify communication methods that ensure independence in the collateral valuation function. These policies and procedures should foster timely and appropriate communications regarding the assignment and establish a process for responding to questions from the appraiser or person performing an evaluation. 

We are often asked if an institution may exchange information with appraisers and persons who perform evaluations. The short answer is Yes, with restrictions; for example, you may provide a copy of the sales contract[iii] for a purchase transaction. However, an institution should not directly or indirectly coerce, influence, or otherwise encourage an appraiser or a person who performs an evaluation to misstate or misrepresent the property's value. 

Consistent with its policies and procedures, an institution also may request the appraiser or person who performs an evaluation to: 

·       Consider additional information about the subject property or comparable properties. 

·       Provide additional supporting information about the basis for a valuation. 

·       Correct factual errors in an appraisal. 

Furthermore, an institution's policies and procedures should ensure that it avoids inappropriate independence of the collateral valuation function, including: 

·       Communicating a predetermined, expected, or qualifying estimate of value, or a loan amount or target loan-to-value ratio to an appraiser or person performing an evaluation; 

·       Specifying a minimum value requirement for the property that is needed to approve the loan or as a condition of ordering the valuation; 

·       Conditioning a person's compensation on loan consummation; 

·       Failing to compensate a person because a property is not valued at a certain amount;[iv] 

·       Implying that current or future retention of a person's services depends on the amount at which the appraiser or person performing an evaluation values a property; and 

·       Excluding a person from consideration for future engagement because a property's reported market value does not meet a specified threshold. 

After obtaining an appraisal or evaluation, or as part of its business practice, a institution may find it necessary to obtain another appraisal or evaluation of a property. You would be expected to adhere to a policy of selecting the most credible appraisal or evaluation rather than the appraisal or evaluation that states the highest value. 

Further, an institution's reporting of a person suspected of non-compliance with the Uniform Standards of Professional Appraisal Practice (USPAP) and applicable federal or state laws or regulations or otherwise engaged in other unethical or unprofessional conduct to the appropriate authorities would not be viewed by governmental agencies as coercion or undue influence. Indeed, an institution should not use the threat of reporting a false allegation to influence or coerce an appraiser or a person who performs an evaluation.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] The Agencies’ appraisal regulations set forth specific appraiser independence requirements that exceed those set forth in the Uniform Standards of Professional Appraisal Practice (USPAP). Institutions also should be aware of separate requirements on conflicts of interest under Regulation Z (Truth in Lending Act), see 12 CFR 1026.42(d).

[ii] For instance, the NCUA has recognized that it may be necessary for credit union loan officers or other officials to participate in the appraisal or evaluation function although it may be sound business practice to ensure no single person has the sole authority to make credit decisions involving loans on which the person ordered or reviewed the appraisal or evaluation. 55 FR 5614, 5618 (February 16, 1990), 55 FR 30193, 30206 (July 25, 1990).

[iii] Refer to USPAP Standards Rule 1-5(a) and the Ethics Rule.

[iv] This provision does not preclude an institution from withholding compensation from an appraiser or person who provided an evaluation based on a breach of contract or substandard performance of services under a contractual provision.

A New Quality Control Program

QUESTION 

We are a lender in the southwest. I am the VP of mortgage lending. Our loans are only conventional on 1-4 single family residential property. Our primary investor is Fannie Mae. We do not originate government loans or investor loans. 

Recently, we ended the relationship with our quality control auditor. So, we're now looking around to replace them. We went to a conference where several lenders highly recommended your firm. So, our compliance manager will be contacting you soon. 

Now, we're updating our quality control plan. We need to start over with a new quality control plan. We need guidance about the areas we should outline in the QC plan. I realize this is a big subject, so maybe you can provide an overview of the basic elements. 

What are the basic requirements of a QC Plan? 

ANSWER 

There are essentially six parts to a basic Quality Control Plan ("Plan" or "Program"). More about that shortly. Depending on the company's size, risk profile, complexity, loan products, and investor conduits, to name a few factors, the Plan's purpose is central to controlling a mortgage lender's originating environment. 

Thank you for contacting us to handle your quality control auditing. We can accommodate any production size and audit virtually all loan products. We have an entire group devoted to quality control, headed by an Executive Director, and staffed with an accomplished audit staff. 

Please contact us here. We'll see that you speak directly with our audit management team. 

I would add that it is critical to ensure that the Plan and the QC auditing are aligned. When regulators and investors review your QC reports, they want to see that you are implementing the requirements of your specific Program. When LCG conducts QC, we can provide a Plan that properly reflects your auditing needs. Be sure to discuss the Plan requirements when you speak to us. 

You should consider establishing a baseline review of your quality control compliance. To effectuate this assessment, many company's use our QC Tune-up. This mini-audit provides substantive evaluation of your quality control function and provides a risk rating. It's cost-effective, hands-on, and quick. If interested, contact us here for information about the QC Tune-up.

Because you originate only conventional loans and your primary investor is Fannie Mae (“Fannie”), my response will address the QC requirements for conventional generally and Fannie in particular.[i]

Your QC Plan must define your lending standards for loan quality, establish processes designed to achieve those standards and mitigate risks associated with the loan origination processes. In that regard, Fannie requires the lender to develop and implement a QC program that provides a structure for identifying the deficiencies in the loan manufacturing process and implementing plans to remediate those deficiencies and underlying issues quickly. 

Six Parts of a Quality Control Program 

I mentioned above that there are six parts to a basic Quality Control Plan. I am going to provide a brief description of each part. I urge you to contact us if you want a more detailed discussion. 

The six parts of a QC Program are: 

1.     Overview; 

2.     Contents; 

3.     Standards and Measures; 

4.     File Reviews; and 

5.     Reporting and Remediation. 

Overview 

Put simply, the Program must include a documented QC Plan that outlines requirements for validating that loans are originated under its established policies and procedures. 

The Overview must provide guidelines to ensure that: 

·     the loans comply with applicable federal, state, and local laws and regulations; 

·     the loans comply with investors' guidelines, such as Fannie Mae's Selling Guide, all related contractual terms and agreements, and are in all respects eligible for delivery to Fannie; and 

·     the Plan must guard against fraud, negligence, errors, and omissions by officers, employees, contractors (whether or not involved in the origination of the mortgage loans), brokers, borrowers, marketing partners, and others involved in the mortgage process. 

Contents 

The Plan must include documented QC procedures that establish standards for quality and incorporate systems and processes for achieving those standards. At a minimum, the Plan must contain the following categories.

 

·     Quality standards and measures, including:

 

o   a general overview and description of the QC philosophy;

 

o   the plan objectives;

 

o   specific risks to be measured, monitored, and managed; and

 

o   the methods used to ensure the Program is an independent and unbiased function, including program governance (targets, sampling) and transaction execution.

 

·     Procedures involving detailed operating and reporting methods for all employees affected by the QC process.

 

·     QC file review process: a process for performing prefunding and post-closing QC file reviews, including, at a minimum, a method for

 

o   confirming compliance with the investors’ guidelines, all related contractual terms and agreements, and that the loans are in all respects eligible for delivery to Fannie; and

 

o   confirming compliance with applicable federal, state, and local laws and regulations.

 

·     Sample selection process: the procedures and metrics for identifying a representative sample of loans for QC file reviews using both random and discretionary selection methodologies, as applicable, that include loans

 

o   originated through each applicable production channel (for example, retail, correspondent, and third-party originators);

 

o   originated under all mortgage products (for instance, fixed, ARM, and special or niche programs); and

 

o   originated using all underwriting methods (manual and AUS).

 

·     Reporting: written procedures for reporting the results of the QC file reviews, including the method of monthly reporting of review findings, including

 

o   the method of monthly reporting of review findings;

 

o   identifying critical components included in the reports;

 

o   distributing summary-level findings to senior management;

 

o   distributing loan-level findings to the business unit(s), specifically to parties within the business unit(s) responsible for resolution;

 

o   requiring a timely response to and resolution – or resolution plan – of findings identified in the QC review process; and

 

o   maintaining accurate and detailed records of the QC reviews’ results.

 

·     Vendor review: a process for reviewing the QC work performed by the third-party auditors.

 

·     File retention: procedures for maintaining for three years records of the QC findings and reports, loan files reviewed, and all related documentation, including chronicling the location of such records.

 

·     Audit: an audit process to ensure that the lender’s QC processes and procedures are followed by the QC staff and that its assessments and conclusions are recorded and consistently applied. 

Quality Standards and Measures 

This is a somewhat complicated area, often leading to confusion. So, I will offer a high-level description. A lender is responsible for the development and maintenance of standards for loan quality and the establishment of processes designed to achieve those standards. 

To evaluate and measure loan quality standards effectively, the lender must establish a methodology for identifying, categorizing, and measuring defects and trends against an established target defect rate. 

At a minimum, the lender must identify any loans with a defect; specifically, these are loans not in compliance with investor guidelines or other related contractual terms and agreements. A methodology must be established by which all loans with identified defects can be categorized based on the severity of the defect. The lender must define the severity levels appropriate to its organization and reporting needs; however, the highest severity level must be assigned to those loans with defects resulting in the loan not being eligible as delivered to Fannie. 

The lender must also establish target defect rates for its organization, reflecting its quality standards and goals. Establishing a target defect rate is based on a lender’s post-closing random QC sample. It enables the lender to regularly evaluate and measure progress in meeting loan quality standards. 

Different target defect rates may be established for different severity levels; however, at a minimum, a target defect rate must be established for the lender’s highest level of severity. 

Here’s an suggestion: a target defect rate that is as reasonably low as possible should be established. Once the targets are set, performance against the targets must be measured at least quarterly and reported to management. It is also essential that the target defect rate(s) be evaluated and, if necessary, reset at least annually. The lender must document the rationale for establishing the target rate(s). During a Fannie review, consideration may be given to how the lender’s chosen target defect rate affects the investor’s risk. Sometimes, this leads to the investor requiring a more realistic target.