TheMReport — News and strategies for the evolving mortgage marketplace.
Issue link: http://digital.themreport.com/i/328038
Th e M Rep o RT | 23 Feature W hen President Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, it represented the largest set of financial regulatory reforms seen in the United States since the Great Depression. The wide-ranging and compre- hensive legislation significantly impacted every aspect of the financial services sector—and the field services industry was no ex- ception. It is imperative that field services companies make the ap- propriate investment in resources, both human and technology, to minimize clients' exposure to the risks of noncompliance for a wide range of requirements. Those not committed to compli- ance and the necessary invest- ment will not survive the new regulatory environment; those who embrace the compliance re- quirements will strengthen their organization and the industry in immeasurable ways. While not all-encompassing, the regulatory environment that field services companies must operate in include but are not limited to: • Consumer Financial Protection Bureau (CFPB) rules and regulations • False Claims Act provisions • Gramm-Leach Bliley Act (GLBA) • Protecting Tenants at Foreclosure Act (PTFA) • Service Members Civil Relief Act (SCRA) • Fair Debt Collections Practices (FDCPA) • Unfair Deceptive or Abusive Acts or Practices (UDAAP) The financial services industry has invested heavily in their audit and compliance functions to ensure there are proper frameworks in place to assess their suppliers' adherence to applicable rules and regulations. This has fostered a renewed sense of partnership and collaboration within the industry as client/ vendor audit and compliance teams have worked side-by- side to identify gaps, implement monitoring procedures, and create best practices around adherence to these important requirements. Importantly, organizations that provide services in this space must embrace the new environment and ensure that executive leadership is engaged and provides thought leadership to their teams in this dynamic regulatory environment. Financial Services Focus on Compliance and Audit T here is a renewed focus and investment on vendor oversight within the financial services industry. Typically, the vendor management department of these organizations will risk rank their vendors based on predefined criteria such as annual spend, service provided, potential risk to the organization, and maturity of the suppliers' systems and processes. In the course of a year, depending on their size, a field services company could undergo close to 75 onsite and desk audit assessments. There's no question audits can be time consuming, but each audit should be looked at as an opportunity to strengthen and enhance existing compliance frameworks. There are two focused audits that field services companies un- dergo: vendor compliance audits and global information security audits. These audits are focused on different criteria but often overlap in a number of areas. The global information security audits are generally focused around the ISO 27002 control set, Information Technology Infrastructure Library (ITIL) controls, Control Objectives for Information and Related Technology (COBIT) controls, and other IT-related control frameworks. From a test- ing perspective, the IT auditors perform reviews of: • Physical security • Business continuity and disas- ter recovery • Software development and change management proce- dures • Application permission and authority levels • Data integrity and protection (encryption) • Network vulnerability testing As field services companies typically receive and utilize confidential consumer data, it is imperative that the controls safeguarding this data are robust, comprehensive, and scalable. The vendor compliance audits focus primarily on the business processes and proce- dures and the frameworks by which controls are in place to ensure quality service delivery. Comprehensive business process control walkthroughs are per- formed and transactional control testing is conducted to ensure compliance. In the past year, the audits have expanded their scope to ensure compliance with regulations and to assess the field services companies' policies and procedures as they relate to: • Comprehensive customer com- plaint tracking systems • Legal complaint tracking systems • Background check validation for anyone who performs services on a property • Human resource manage- ment and systems entitlement reviews • Customer service call monitoring • Vendor management controls and scalability of network • Protection of confidential customer data and adherence to privacy requirements Front of the Class Regulatory reform brings compliance and third-party oversight to the forefront of the field services industry. By Greg Robinson, CFO, Safeguard Properties