Managing Third-Party Risk in Loan Servicing

The Covid-19 pandemic accelerated digital transformation in the essential ways we do business every day. The full effects of these changes are still being felt, and this is particularly true in working with third-party vendors in banking and finance. Loan servicers can manage sensitive financial information for dozens of banks, and millions of homeowners.

What do recent changes – remote workforces, economic shifts, the job market — mean from a risk standpoint?

In a recent presentation for Global Financial Markets Intelligence, Jacquelyn Pardue, Head of Procurement at LoanCare, discussed ways organizations can manage risk with their 3rd party vendors. Her advice to the 13th Edition Third Party Vendor Risk Management for Financial Institutions reveals a new set of criteria that she uses to evaluate vendors in light of present conditions:

Are they on sound financial footing?
Are we confident in their organizational stability?
Is the vendor resilient?

Answers to these questions could signal risks from a variety of sources, including data breaches and business continuity. A homeowner’s mortgage is usually their biggest financial commitment. It secures their most treasured possession: their homes. Servicers must mitigate these risks as much as possible to be able to serve their customers most important asset and assure their clients that they’re compliant, secure, and dependable.

EVALUATING FINANCIAL STABILITY

Despite a strong economic recovery following the pandemic, loan servicers and other financial industry players must evaluate financial stability when selecting third party vendors. A number of signals could reveal financial issues that may warrant further investigation.

When the pandemic hit, did the vendor receive a PPE loan?

What is their ownership structure? What are their sources of cash? Where is their capital coming from?

ORGANIZATIONAL STABILITY

Pandemic pressures redefined what it means for an organization to continue to deliver services. In loan servicing and other financial industry spaces, these pressures have several dimensions.

Staffing and retention: In the midst of the “Great Resignation,” organizations have seen increased volatility in staffing. Whether from workers demanding higher pay or wishing to continue with work-from-home arrangements, mobility has increased, putting greater pressure on organizations for hiring, training, and retention. It can also cause disruptions delivering vendor services.

When evaluating a vendor, ask questions about this. How is their retention? Did they experience layoffs or turnover? What policies do they have to encourage and boost retention?

Business Continuity

The migration to work-from-home was one of the major business continuity developments of the Covid-19 pandemic. For loan servicing, it meant a complex realignment around training, security protocols, and other considerations. We should get familiar with third-party vendor continuity plans. Is there a return to office? A hybrid model? How will they deal with internet outages in work-from-home staff? What other interruptions could affect their ability to deliver services?

What are their business continuity plans? Can your organization be involved in business continuity testing?

RESILIENCY AND CYBER RISK

Even loan servicing companies who take cybersecurity seriously may not realize the vulnerabilities present in their trusted vendors. The shift to a distributed workforce introduces potential security risks. As with business continuity, a vendor’s model for working influences their level of cyber risk and how they secure their data.

Where is the 3rd-party vendor’s data held? If they close their office, what data infrastructure remains, or where does it move?

How do they plan to work going forward? If on a hybrid or remote work plan, data must be secured across a much wider number of networks and devices. Are they taking adequate measures?

How is the third party using, viewing, and storing third party data, especially that of your customers?

Physical security offers a new set of risks as well, especially when working with offshore providers. How much access do individuals have to data? Are their devices secure?

In summary: What are their overall policies and procedures? Have they been updated since 2020?

VENDOR RISK MANAGEMENT RISK IS CRITICAL

Remember: these considerations around financial stability, organizational stability, and cyber risk are no longer about pandemic response. The changes we’ve seen will stick: Many of the companies aren’t going back to the office. This is about the way we work today, and whether a loan servicing vendor has been able to manage this transition.

LoanCare takes compliance and risk management seriously. That’s why banks, mortgage companies, credit unions, and MSR investors trust us to manage their loans, and why we only work with the most trusted, secure vendors. It’s also why organizations like GFMI seek out the advice of our procurement experts.

Interested in learning more?

Jacquelyn Pardue is participating in a Global Financial Markets Institute conference session on vendor selection, onboarding, and management.

14th Edition Third Party Vendor Risk Management for Financial Institutions
February 28–March 2, New York, NY

View the full agenda here:

https://www.marcusevans.com/conferences/thirdpartyvendorrisk/agenda

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.