TheMReport — News and strategies for the evolving mortgage marketplace.
Issue link: http://digital.themreport.com/i/463042
28 | Th e M Rep o RT Feature providers. Requiring background checks to ensure vendors are suitable and keeping up to date on disciplinary actions must be a priority. For instance, the oversight committee of an appraisal manage- ment company (AMC) can check appraisers against the suspen- sion list posted by the Appraisal Subcommittee (ASC) website, a national registry containing all appraisers' licenses and expiration dates. By registering for the ASC newsletter, the oversight commit- tee will receive daily notification of any disciplinary actions. Just as AMCs must continually monitor appraisers, so must lend- ers continually monitor AMCs. When lenders audit AMCs, they should check if they make timely payments to appraisers (typically within 30 to 45 days, depending on the jurisdiction); whether they disclose the fees paid and collected in the ap- praisal report; that the AMCs' statements and certifications will not improperly influence, coerce, or require the appraiser to indemnify the AMC for damages; if they follow the requirement to notify appraisers prior to removal from the panel and insist that the appraiser have the opportunity to respond; whether the AMC has adequate surety bonds, registra- tion with the appropriate secre- tary of state's office, background checks for owners, and the controlling person listed; and if the AMC has complaint tracking and resolution procedures to ad- dress complaints from consumers, the Better Business Bureau, state boards, vendors, and others. Vendor oversight itself is just a piece of a larger structure that both lenders and their third- party partners need to imple- ment to maintain compliance. An internal control system will facilitate timely discovery of any violations. This system should ensure that compliance measures are correctly implemented and carried out. An internal control system performs periodic re- views, facilitates training, handles the investigation of complaints, and protects whistle-blowers. This is a vital part of compli- ance in vendor organizations and should be given as much atten- tion as any other system. In addition to compliance training, lenders must ensure vendors also actively adhere to an established—and uncompro- mising—business code of ethics. Whether it's called a code or a mission statement, this set of principles should not only sum- marize an organization's ethical ideals, but also contain practices that the company believes in and functions by and that guides employees in following sound and above-board work practices. Such codes should do more than pay lip service to proper protocol. Though they can't cover every issue, these mission statements should serve as tools to be used in concert with other policies, legal requirements, and individual judgment. Consulting federal sentencing guidelines, Sarbanes-Oxley, and Federal Acquisition Regulations (FAR) is essential when writing a business ethics code. According to FAR, companies with federal contracts of more than $5 million and a performance period of longer than 120 days must have a code of ethics, among various other internal programs. While this code is par- ticularly important for executives in making major decisions, all levels of the organization must be able to understand it. A code of ethics has no value unless the whole company takes steps to promote it daily. At a time when rapid job turnover has become standard operating procedure, the impor- tance of educating new employees on a code of ethics is becoming increasingly important. And all employees, from the most recent to the most senior, should be re- quired to go through training that covers conflicts of interest, insider trading, recordkeeping and reten- tion, confidential information and discrimination, and other hot-but- ton issues. Not only are practices such as these unethical, they are illegal and grounds for prosecu- tion. Outperforming competitors does not obviate the obligation to remain honest and fair. Finally, no vendor training program can be complete with- out stressing security. Employees will confront these issues every day, most often inadvertently. Full security requires proper instruction and assurance that measures are not only outlined, but enforced. Information secu- rity is simply the protection of information from unauthorized access, use, or disclosure. A well- informed workforce is the best way to minimize both internal and external threats. In today's world of experienced hackers, training in cybersecurity needs to be more comprehen- sive than ever. One way to test employees on security awareness is to simulate phishing attacks and regularly send them throughout the organization. Those employees that fail the test simply require additional training. Obviously, the use of company-generated IDs and strong passwords to access proprietary information effectively promotes IT security. Default passwords, personal information (whether names or numbers), and simple nouns or verbs are out. Employees also should understand that all electronic communications are considered company property and that management has the right to monitor emails and browsing histories. Employees should as- sume all their communications are public information. Clean desk policies also con- tribute to information security. Anything but trivial, this simple policy prohibits leaving any confi- dential or sensitive documentation at an unattended desk. During breaks, lunches, and off-hours, all hard copies of such material must be locked in a drawer or within an office. Although it is com- mon to focus on protecting the company against external threats, internal security breaches are often just as common. Clearly, it's important that lend- ers ensure their vendors remain compliant, implement a busi- ness code of ethics, and enforce security awareness. But simply following these policies is not always sufficient. Vendors must encourage employees to hold each other accountable, as well as to alert management if they wit- ness inappropriate behavior. If vendors are lacking in these areas, the lender will be held account- able and executives may face inordinately high fines and even criminal charges depending on the severity of the issue. A healthy relationship be- tween lender and vendor can— and should—be achieved with the proper care and training. Regardless of whether Dodd- Frank regulations are relaxed or intensified, it will always be up to the lender to ensure that vendors conduct business in the most honest and secure ways possible. Yvonne ThoMpson is vice president of human resources at LRES, a national provider of residential and commercial valuations and asset management for the mortgage, banking, credit union, and real estate industries. Requiring background checks to ensure vendors are suitable and keeping up to date on disciplinary actions must be a priority.