It is difficult to think of two industries more highly regulated and impactful to the U.S. economy than healthcare and mortgage servicing. Both provide millions of people with their two most important, basic needs – health and shelter.
One can walk into any emergency room on any given night and see everything from minor bumps and bruises to more serious, life-threatening issues. There is a team of professionals working to care for those patients – from check-in staff, to orderlies, to nurses, doctors and the finance office. Each has to be on the same page in delivering the customer experience.
A mortgage servicer similarly is part of a team with the mortgage banker in delivering a seamless customer experience to the borrower. The lender may own the initial contact, but it is the servicer that ultimately becomes responsible for helping a person who recently lost a job, or who had a life-changing health issue, stay in his or her home.
The one consistency across both industries is that every person is unique, and they all expect to be serviced timely and treated with empathy.
Although both industries have learned lessons from the manufacturing industry, such as lean and six-sigma to improve costs and quality, dealing with people is not the same as manufacturing widgets. Both are facing a “perfect storm” of increased cost pressure, volumes of complex federal and state regulations (e.g., Affordable Healthcare Act and Dodd-Frank), and lightning-fast technological innovations that change how they operate and interact with customers.
For healthcare, this is not unfamiliar ground. The industry has faced a rapid rate of change and growing complexity for the last two decades, summarized by more to know, more to do, more to manage, more to watch and more people involved than ever before. Even in the midst of this complexity, providing a high-quality customer experience is critical to success.
The Emergency Care Research Institute (ECRI) published a report in November 2014 on the evolution of patient safety, risk and quality that discussed several healthcare initiatives from the past 15 years to improve monitoring and learnings from patient safety events. It mentions two past reports from the Institute of Medicine (IOM) pointing out that most problems in healthcare are caused by cumbersome processes, resource waste, coverage voids and information losses due to uncoordinated and poorly organized delivery systems that were overly complex and required too many internal and patient “handoffs.” The IOM reports concluded with a fundamental point: “Trying harder will not work. Changing systems of care will.”
The ECRI report used a quote from one risk manager who said the “mandate to improve patient safety presented risk managers with the opportunity to recreate our roles and use our existing skills to direct, mentor and lead the charge to improve patient safety within our organizations.” Healthcare organizations heard this call and began transforming their quality and compliance systems to improve the treatment of their patients – their customers. Risk and compliance teams played a major role in the process, as regulators increased their scrutiny on compliance practices within the industry.
Between 1998 and 2003, the Office of Inspector General from the Department of Health and Human Services issued several bulletins in the healthcare industry that outlined the seven effective components of a compliance management system (CMS), as follows:
- Implementing written policies, procedures and standards of conduct;
- Designating a compliance officer and compliance committee;
- Conducting effective training and education;
- Developing effective lines of communication;
- Conducting internal monitoring and auditing;
- Enforcing standards through well-publicized disciplinary guidelines; and
Responding promptly to detected offenses and developing corrective action.
These components are similar to the activities reviewed by the Consumer Financial Protection Bureau (CFPB) to measure an institution’s CMS effectiveness. Mortgage servicers, much like their healthcare peers, started the journey with massive initiatives to develop strategies, frameworks, and a playbook of policies and procedures to improve the customer experience and mitigate risk by establishing compliance and control.
Although many experts are predicting a future of complete automation and machines that learn to identify risk before it occurs, this will not come about through a simple rip-and-replace transformation. The archaic systems hold decades of necessary information, with data quality challenges and processes so complex and interconnected that simply making a minor change can result in material unintended consequences. The transformation, therefore, is a marathon grind of mile-by-mile improvements, setbacks and unforeseen challenges.
The lessons learned over the last two decades in healthcare provide mortgage servicers with 10 practical techniques to improve their quality control, which, in turn, will improve the customer experience. By applying the following techniques, mortgage companies can achieve similar successes with their consumer compliance programs and procedures, resulting in a more effective monitoring of their operations.
1. Conduct a three-dimensional risk assessment
Servicers should use a three-dimensional risk assessment that risk-rates the regulation, process and controls to mobilize and deploy resources on high-risk regulations and business activities. The three-dimensional risk assessment is derived from a risk-based principle that an operation has finite resources – and those risk, control and compliance resources should be deployed to mitigate highest-risk areas. For example, the Servicemembers Civil Relief Act regulation would be rated high. Manual processes and controls would likely be rated high, whereas an automated process with automated controls may be rated low. One key consideration in risk rating is assessing the potential customer impact of the risk to protect the customer experience. The objective of this technique is to mobilize and deploy resources strategically to high-risk areas by assessing the risk of regulations, processes and controls.
2. Develop a “job aid” to manage succession risk
The “job aid” is derived from the principle that a job requires more than transactional procedures. The job aid takes a 360-degree view of a job and outlines the requirements to perform the role. For example, the job aid may detail external interactions that include who, when, why, what and how interactions take place. It will typically encompass key success objectives, risks, and lessons learned from successes and challenges. It may list out departmental contacts, system and access requirements, escalation points, approval processes, and any other relevant requirements of the role. The objective is to mitigate succession risk in continuously changing organizations by ensuring a successor can be rapidly mobilized and effective.
3. Apply hypothesis and behavioral scenarios to test design
Hypothesis and behavioral scenarios are derived from the auditing principle that behaviors are driven by the presence of incentives/pressures, opportunities and rationalizations. Many tests are designed around the “happy path” or expected path of a process but rarely consider alternative scenarios. Processes with technology issues, work-arounds and higher-than-expected volumes are examples of when compliance and quality may have been traded for the pressure to complete the task. The foreclosure departments after the financial crisis are prime examples of when higher-than-expected volume impacted quality and compliance. Hypothesis scenarios in test design should also incorporate complaints (e.g., CFPB complaints for which monetary relief was provided is an indicator of confirmed issues) and external knowledge (e.g., emerging industry issues). The objective of incorporating hypothesis and behavioral scenarios in test design is to mitigate the surprise risk by actively seeking the following surface issues.
4. Institute pilot-phase testing on process changes as an early detector
Pilot-phase testing is derived from the principle that it is better to get a process right once before having to repeat it a thousand times. One of the most significant challenges for servicers is managing the rapid change coming from regulations and technology and capturing efficiencies to manage costs. Upfront pilot testing of new or existing controls is a recommended tollgate of any process change before running full-production volumes. For example, if a manual process is automated through a workflow tool, rigorous upfront testing should be conducted on a sample of customers before turning the tool on completely in production. The objective of testing processes comprehensively in a pilot phase is early detection of unintended consequences and controlling the systemic impact of an unexpected issue.
5. Run independent manual validations of automated controls
Independent manual validation of automated controls is derived from the principle that teachers use for making students manually learn basic math functions before using calculators. Before automating a task, it is important to already know the expected outcome. Automated controls should be independently validated through a manual review to reconcile expected results. This testing would typically occur at three points: 1) in the implementation of a new automated control; 2) in a process change that utilizes automated controls; or 3) in look-back if the automated controls have not already been independently verified. For example, if a new automated control that prevents collection calling before 8 a.m. and after 9 p.m. were implemented, it would be recommended to pull a sample of calls post-implementation and manually verify the control is performing as expected. The objective of independently validating automated controls is to mitigate continuous monitoring of the “wrong things.”
6. Align incentives to quality and compliance improvement
Aligning incentives to quality improvement is derived from the same principle as previously discussed, except for the twist of using behavioral drivers to propel a positive impact on quality and compliance. Risk, controls and compliance can be a lonely place when one is escalating issues with one’s own employer, especially sensitive, high-risk issues. It is essential to know that the institution promotes and rewards individuals who protect the business. For example, recognizing and rewarding people who have found high-risk issues and communicating the positive impact to the business will encourage a culture of quality and compliance. A servicer’s risk, controls and compliance organization can be thought of as offensive linemen for a football team. When things go right, they never get the headlines, but when the quarterback is sacked, they are often the first blamed. In the National Football League, quarterbacks and running backs are known to demonstrate their deep appreciation of their linemen’s efforts, and it is a practice that mortgage servicing can replicate for the work of their risk, controls and compliance teammates. The objectives of this technique is to build a culture of quality and compliance, as well as strengthen the unity of one team with different roles and areas of coverage, focusing on a common goal.
7. Manually confirm that high-risk manual activities are performed in accordance with policies and procedures
8. Identify learnings from successes and misses
This technique is derived from the principle that success and failure are repeatable events, with value in the learnings from both results. Organizations are typically capable of analyzing the root causes of failure but tend to more quickly move past the successes. Success in this technique is defined as finding self-identifying, high-risk issues before regulators or auditors find them and before they have undesired material impacts on the business and its customers. Issues don’t find a servicer – a servicer must find them. It is hard work to identify and confirm high-risk issues with internal subject matter experts whose singular focus for decades has been their particular line of business. The business will point to previously passed audits, be well-versed in relevant regulations and perform tens of thousands of transactions within its department annually. For example, it could be a hesitation in walk-throughs that creates a hypothesis scenario (e.g., words such as “usually,” “depends” or “it’s complicated” can indicate variance in the process); a data value that looks off (e.g., unusually high debt-to-income ratio); an illogical date sequence (e.g., a payment effective date in bankruptcy before a filed payment change notice); or a reconciliation with another data field, system or report that may be used in other departments for similar activities. The point is that successes should be analyzed for key learnings and communicated across the organization for the objective of continuously improving monitoring capabilities.
9. Allow performers to listen and observe an auditor’s investigation
This technique is derived from the principle that firsthand experience and exposure are the best teachers. It is very difficult to fully appreciate the level of scrutiny and types of questions that come out of regulatory examinations and audits unless a servicer experienced them firsthand. Knowledge is power, and closing that gap of experience will provide performers with a better understanding of the “why” around their daily tasks. For example, teams need to not only understand the consequences of not complying with the requirements, such as sending out an inaccurate letter, but also understand the importance of their daily activities and responsibility in mitigating risk. This exposure can result in better design and execution of test procedures, monitoring of business activities, and issue investigations. The objective of this technique is to give the risk, controls and compliance organization a realistic understanding of the critical role its monitoring activities play in protecting the business.
10. Incorporate audit skills into training curriculums
This technique is derived from the principle that in order to prepare for examiners and auditors, an organization needs to think like them. Most organizations have robust training curriculums to ensure their employees understand the regulatory requirements governing their businesses and the frameworks, processes and activities to perform the day-to-day roles. The next step in maturity of training curriculums is to focus on increasing the performer’s effectiveness in the role by developing audit skills. For example, tailoring the training curriculum to develop critical analysis skills to ask the right questions and confirm the answers – or to analyze data for outliers, incomplete or inaccurate data, and illogical dates – will enable the team to become more effective in its reviews. Assumptions have been the root cause to many process breakdowns. Training effectiveness should focus on building capabilities to generate and test hypotheses and collect, analyze, interpret and critique data, information and evidence.
Transforming mortgage operations is akin to changing wheels on a car traveling 65 miles per hour on a four-lane highway. It has been all hands on board, and the costs match the effort. Lenders have taken the lead in showing that the will to transform exists. Now it is up to mortgage servicers to make the leap to the next phase of the journey. They can achieve this in part by looking outside to other industries, such as healthcare, that started down a similar path years before.
Christopher Sicuranza is managing director and consumer finance leader for Navigant Consulting, a major global consultancy serving a range of verticals and industries, including mortgage servicing. He can be reached at firstname.lastname@example.org.