The most common question my colleagues and I are asked by prospective clients is whether we provide the “full set” of policies and procedures for all of the mortgage acts and practices. Of course we do! But policies and procedures are only one aspect of the many risk management services my firm offers.*
Nevertheless, policy statements seem to be ‘first and foremost’ when it comes to a client’s compliance needs.
Yet we do not often get questions such as the following:
- How can we effectuate policies and procedures?
- What policies are the most important for us to adopt?
- Although we have policy statements, how often should we update them?
- Who would be in charge of maintaining and enforcing policies?
- How do we build policy statements into a Compliance Management System (CMS)?
- Which policy statements are important to our warehouse lenders?
- Which policy statements are important to investors and Regulators?
- Which policy statements are important to our servicing affiliate and subservicers?
- How can we prove that our policies are being adequately implemented?
- What are the key components of policies and procedures?
- What vendor offers the most professionally safe policy statements?
- How do we go about building our own policies and procedures?
- How often should we train our employees on our policies?
- Is there a self-assessment checklist that we can put into our policy statements?
- What is the best way to document our implementation of procedures?
- Is there a core set of policies that we absolutely must have at all times?
- Which policies require testing and auditing, either internally or externally?
- How do we stay up to date on regulatory changes that affect our policies?
- What method is preferred to review, adopt, and update policy statements?
- Do we have a sufficient budget for maintaining policies and procedures?
- What resources should we use to draft comprehensive policy statements?
- What is the best method to retire a policy that is no longer a regulatory requisite?
- Where should we go for guidance in those areas that are not yet fully regulated?
In my view, we ought to get away from the thinking that considers policies and procedures to be a panacea for the effects of improper management, regulatory deficiencies, and trending defects. Policies are a continually changing, dynamic means to an end, but not the end itself. And they are only as good as the accuracy of their content and the efficacy of their implementation.
Just one employee who does not know, or contravenes, the requirements of a policy statement becomes the weakest link in an otherwise strong chain of compliance enforcement. When it comes to acting in compliance with, and according to, a policy and procedure, the financial institution is only and always as strong as its weakest link!
Most mortgage bankers want to be proactive, not reactive, though, often, that is not always achievable, especially when new policies, guidelines, rules, procedures, and actionable implementations seem to arise all the time. This reminds me of Say’s Law in economics, which, when referring to aggregate expenditure in an economy, states that spending rises to the level of income. In the case of policy statements, it seems that policies and procedures rise to the level of demands for them by the spate of regulations requiring them. If this seems like a circular kind of way to get things done, it is!
Still, we must make our way through the thicket of policy statements, hopefully coming oneday to a clearing where, if even for a brief moment, there is some equilibrium between the policies needed and the regulatory demand for them.
Some proactive lenders make it their business to always be ready for a regulatory examination; others drag out the process interminably, waiting to receive an examination letter before they get ready – which, by the way, is usually too late. And, yes, in mortgage compliance, it is certainly possible to be too late to do anything about a violation of law. Compliance leaves traces; it is impossible to obliterate its trail. I have said many times, preparation is protection! Indeed, I have written extensively on this theme.[i]
The US Coast Guard has a famous Latin motto: Semper Paratus, which means “Always Ready”. Let’s use an admonishment, also in Latin! I offer this cautionary advice to mortgage bankers: always stay vigilant; always make sure your policy statements meet regulatory scrutiny; and, to now use my own Latin phrase, never be put in the position of being Ex Abrupto, which means “Without Preparation”.
