There is no question that operational risk and third party oversight are "buzz words" being spoken about inside the walls of the regulators of financial institutions. This is in large part a result of the recent regulatory changes due to the financial crisis of a few years ago. Operational risk is the risk of loss due to human error; inadequate or failed internal systems and controls; noncompliance with, laws, rules, regulations, policies, or ethical standards; and external influences such as market conditions and fraudulent activities.
Third party oversight is the term used to describe the process to ensure that an entity chosen to perform an operational process or to provide a service is performing adequately to minimize exposure to potential significant financial loss, reputation damage, and supervisory action and to assess the quality of the service, risk management practices, financial condition, conformance to policies and procedures and applicable controls and reports. Related to third party oversight in the valuation space, is the need to oversee valuation providers, commonly referred to as appraisal management companies.
With this increased attention and visibility into the operational aspect of a financial institution comes the inevitability of adverse commentary during exams from the regulators. The penalties for non-compliance range from recommendations, matters requiring attention and even significant financial penalties will be increasing.
Dating back to 1989, the federal agencies have issued guidance designed to promote the safe and sound practices related to establishing real estate appraisal and valuation programs. These began with FIRREA in 1989 and were expanded upon in the Interagency Appraisal and Evaluation Guidelines in 1994. A series of Bulletins followed, in addition to numerous changes to other regulations affecting the valuation process.
Since early 2010 there has been over 300 pages of new and/or proposed regulations related to the valuation process, the Dodd/Frank Act, The Interagency Appraisal and Evaluation Guidelines, changes to FIRREA, TILA, ECOA, USPAP and the ever growing list of state statutes and rules, to name a few. The additional requirements to comply with Fannie Mae, Freddie Mac, FHA and VA only adds an additional layer of complexity and the need for closer examination of policies, procedures and process to ensure compliance with the regulations. At times, Institutions and valuation providers can struggle to identify and aggregate all of the rules, regulations, recommendations and guidance related to establishing safe, sound and compliant practices related to their real estate valuation programs. Where other regulations come with concise names such as Reg O, or Reg Z, appraisal and valuation related regulations are found in a number of areas, that add to the confusion and complexity of compliance. (Note to the regulators, "Regulation A" for all things appraisal!)
The Consumer Finance Protection Bureau released a memorandum in 2012 that states supervised banks and non-banks should "oversee their relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm". The Consumer Finance Protection Bureau expects supervised banks and non-banks to have an effective process for managing the risks of service provider relationships. They stress the need for conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial laws. They further require the review of service provider policies, procedures and internal controls to ensure the provider is compliant. And finally, the CFPB mandates establishing internal controls and ongoing monitoring to determine whether the service provider is complying with the Federal consumer financial laws. Last month, the OCC released Bulletin #2013-29 that contained risk management guidance which stresses similar oversight obligations related to the use of third parties in the valuation process.
So what does this mean for financial institutions? The regulators clearly expect that the financial institutions are responsible for the acts of those that they hire by stating "An institution that engages a third party to perform certain collateral valuation functions on its behalf is responsible for understanding and managing the risks associated with the arrangement". "The financial institution at all times will be responsible for the actions and compliance of their chosen third party valuation services providers. It is not acceptable or possible to abdicate responsibility for program compliance to a third party". In addition, the Interagency Appraisal and Evaluation Guidelines stresses that "an institution should use caution if it engages a third party to administer any part of its appraisal and evaluation function, including the ordering or reviewing of appraisals and evaluations, selecting an appraiser or person to perform evaluations, or providing access to analytical methods or technological tools".
Going forward, it is distinctly clear that consumers of valuation services will need to provide far more oversight of third party providers. They will have to have very specific service level expectations and clear consequences for non-compliance to the valuation providers to ensure adherence to the regulators requirements or face the consequences of possible recommendations, matters requiring attention or even cease and desist orders.
This will be the topic discussed on December 10th at The Third Party Oversight Summit being held at the Cosmopolitan Hotel in Las Vegas. Attendance is open to individuals from financial institutions and appraisal management companies. Attendance should be mandatory for risk managers and compliance personnel within banks as well as operations teams from within appraisal management companies.