“It’s not ‘if’ but ‘when’,” right? These stats make me think about changing my “Passwerd123!” password. According to the Identity Theft Resource Center (ITRC), there have been 5,754 data breaches between Nov 2005 and Nov 2015, exposing some 856 million records. Further, IBM research estimates that the average breach costs $3.8 million. As you build protections against cybercrime, you have to be careful not to derail your own efforts. Some banks, for instance, may believe that encrypting data is enough to keep hackers out. While it’s true that strong encryption is a critical defense mechanism, it’s not a panacea. After all, even good algorithms can be susceptible if thieves are persistent enough. Look no further than the Logjam vulnerability uncovered last year. It allowed attackers to intercept and decrypt secured communications between users and thousands of websites and mail services worldwide.
As I travel around and visit with various companies, the amount of time and effort being put into making their data safe is the greatest ever. Will it be enough? There’s no doubt that banks need strong encryption, but beyond that, it is critical to utilize sophisticated tools such as advanced detection analytics to help identify emerging threats in real time. Another area lenders should stay on top of is making sure to have an effective “patch management” program. Just doing this can significantly decrease the number of security breaches because hackers buy old tools on the Web and repurpose them frequently. They also try to tunnel into weaker systems, so having the latest updates communicates a simple “go somewhere else” message to them.
Steve Brown with PCBB writes, “An effective patch management program should include written policies and procedures to identify, prioritize, test and apply patches in a timely manner, the FDIC notes. Such a program should also utilize vulnerability information culled from threat intelligence sources. Bank boards and senior management need to be held accountable for requiring regular reports on the status of the patch management program and for creating strategies to deal with systems or products that are at end-of-life or close to it.
“Next, given more employees are using their own devices for work purposes, banks are asking for trouble if they don’t make extra efforts to encourage staff to regularly update their personal computing systems. Banks have ample resources to help boost proper defenses. The FDIC, for example, has developed Cyber Challenge exercises, which are a series of videos and simulations that are available free on its website. The FDIC also has a cybersecurity awareness training program, so send your teams and get the training. In addition, the FFIEC has its new cybersecurity assessment tool, which helps banks assess their risk and better determine cybersecurity preparedness.”
On the subject of whistleblowers, I received this note from BuckleySandler’s Jeff Naimon. “While it is true that the CFPB does not have False Claims Act authority, many of the major False Claims Act cases against FHA lenders have involved a whistleblower award as well, most famously with respect to two or three of the biggest banks’ settlements (where the whistle blowers received 8 figure pay outs). In many respects, because the more global enforcement program is focused on the largest lenders, for other than the very largest non-bank mortgage companies, whistleblowers constitute one of the biggest risks for triggering FCA investigations and liability. Your note about really listening to internal complaints is critical positive advice for lenders – when defending an enforcement action, few things are worse than communications that show that senior management was made aware and ignored concerns that were raised (or even retaliated against those who raised them) and few things are better than being able to show that senior management acted promptly to address concerns once they became aware of an issue. And your readers should know that external whistleblowers — i.e., competitors — trigger a high proportion of RESPA enforcement activity.” BuckleySandler has a False Claims Act and FIRREA Resource Center, including a tracking chart of relevant cases.
Every month we receive a myriad of statistics about housing from a myriad of entities like the conservator of Fannie & Freddie, the Census Bureau, builders, etc. I received this note. “Looking at a graph, I see a huge increase in home sales in 1997. What do you think fueled that rise? In Sept. 1996 the 10 year rate was 6.9%. Then Greenspan decided to lower rates and on Sept. 1998 the 10 year was at 4.4%, by May 2003 it was 3.35%. Was the housing boom solely attributable to lower rates driven down by the Fed? What about the dramatic expansion of subprime mortgages made to subprime borrowers? One could argue that the subprime market was intensified with the FASB Rule 157 that took place in Nov. 2007 that was supposed to have clarified Fair Value using mark to market rules. And don’t forget that starting around the beginning of 2008 the mortgage products (read: CDOs) became so challenged that they had no buyers, or the market for buyers did not exist – and bad products were created.”
The note went on. “This meant that all these products had zero value in a mark to market FASB 157 rule environment. Yet at no time in history did the worst of the subprime market suffer more than a 20% loss. When our government, with Barney Frank as the lead proponent, nullified the FASB rule 157 on March 9th 2009 the illiquidity of this market disappeared and the market became liquid again and we saw a recovery in banking, the stock market in general, and our economy turned around. One never hears about these details even though they are the overriding reason for the 2008 market collapse…..Why? TARP was a stop gap measure introduced in late 2008 to stop the crash of our banking industry – arguably not needed had the FASB 157 rule been discontinued in late 2008. But proof that TARP worked as a stop gap measure and also that the CDO market that was at the heart of the TARP intervention, were not all bad and did have real value, disregarding FASB 157, is that TARP looks to make approx. an 8% profit on the $245 billion investment made in the CDO market.”
Wow, that is quite a note! You are correct with some items. The spike in the housing market? It’s widely known that it was the easily available money, provided by BOTH Alan Greenspan’s low rates (more people qualify at 3.5% than do at 6.5%), and by getting more borrowers into loans due to sub-prime guidelines (again, made available and funded by Wall Street), that created more demand in the real estate market and drove those prices up.
But “lower rates driven by the Fed” did not lead to subprime lending. There has always been a population of borrowers that fit that description, and there has always been a segment of lenders that will lend to them at a certain rate and price.
Most believe that the cause of additional subprime lending was the expansion of credit guidelines by Wall Street. It was Wall Street who made the market for those loans by putting the poor guidelines out there, it was Wall Street who bought the loans, and it was Wall Street’s financial disengagement from the risk that caused them to under pay for the risk that they themselves created. After all, they were simply buying the mortgages, pooling them, and then selling that exact risk off to unknowing investors after coercing (buying) A and A+ ratings from the rating agencies. Correspondent lenders like Wells, Band of America, Citi, and Chase competed with Wall Street’s Goldman Sachs, JB Morgan, Bear Stearns, and Lehman, who were bringing lenders wild and crazy credit guidelines, or letting them write their own, and then overpaying for the product. Generally they would pay more than the correspondents would pay the client with FNMA / FHLMC pricing.
Many will say that this is proof that FNMA / FHLMC didn’t create the sub-prime market – they weren’t paying enough. Nor were the correspondent lenders, some of which didn’t want the lack credit quality or operational controls they required.
Of course we know that “when the music stopped” borrowers with some programs couldn’t refinance either because the loan program she would have qualified for didn’t exist anymore, or the equity just wasn’t there. One’s gardener also couldn’t continue to lie about his income and get easy money to buy or refi. Everyone had to liquidate their positions and the end of the housing rally and the Wall Street products going away were very closely related. The lack of the available loan product guidelines further fed the decline of the housing market: there wasn’t an interest rate drop in the world that could rescue an upside down mortgagor.
And when did that music stop? Lenders started seeing “no bids” (i.e., no market at any price) in mid-2007 for some subprime pools. Note that this was prior to the 2007 implementation of FAS 197. The next year up to the liquidity crisis of 2008 played out as all of the rest of the music stopped for the rest of the games of musical chairs. I don’t think that anyone questions the validity of FASB 197 (which I believe that we have back again), and I do think that everyone relevant to the industry is aware that the thinly capitalized 2008 positions of some companies are what took them down – when not only were they unable to MARK to market, but they were also unable to actually sell – because in the real world, not just the FASB world of accounting and balance sheets, there was no bid for their trash.
Your description of FASB 197 is accurate – all securities holders had to do mark to market accounting. Marking an asset to market is a very capitalist exercise, and one that we all do mentally every single time that one of our stocks that we bought goes up or down in value, or when a comparable house down the street from our own homes sells. It isn’t a left wing conspiracy, it wasn’t invented by Barney Frank, and it was discussed by our industry for years prior to the actual change in 2007. As a matter of fact, Frank’s 2009 nullification of this FAS 197 rule was remarkable at the time because he really had no jurisdiction to make that decision.
I believe that, however, prior to FASB 197 firms had the choice of either doing mark-to-market accounting or portfolio asset based valuations. The industry had firms that operated both ways. Virtually no actual mortgage company (not banks with portfolio capability) used asset valuations – they only did mark-to-market accounting for years.
FASB 197 was definitely not a cause of the crisis, but most will say that it was a contributor. I think it was like the pneumonia that comes in and plays a role in killing smoker who is already dying of emphysema. The smoker did it to themselves; the pneumonia just helped them along the road to the ultimate outcome a bit faster. The Financial Crisis was already well on its way when FAS 197 went into effect – with plenty of blame to go around. To rest the blame solely on one program, one company, one individual, one accounting rule, or one segment of the industry is wrong – everyone shared in it.
You may find it interesting to note that in the recent rally many lenders have had regulatory margin calls. It can be argued that this is a result of the regulatory repair after the financial crisis. Basically, there is now an obligatory cash true up of the mark to market on the position, and if the paper loss on the TBA bond sale is too high, the dealer is obliged by regulation to settle a margin call, prior to actual bond delivery and settlement.
Finally, what’s the source of your claim, “At no time in history did subprime suffer more than 20% loss?” That simply is not true – many of the private label subprime MBS pools (not FNMA / FHLMC, because they wouldn’t buy such poor credit or loan structures) were wiped out by over 70% of principal.
GREAT TRUTHS THAT LITTLE CHILDREN HAVE LEARNED:
1) No matter how hard you try, you can’t baptize cats.
2) When your Mom is mad at your Dad, don’t let her brush your hair.
3) If your sister hits you, don’t hit her back. They always catch the second person.
4) You can’t trust dogs to watch your food.
GREAT TRUTHS THAT ADULTS HAVE LEARNED:
1) Raising teenagers is like nailing jelly to a tree.
2) Wrinkles don’t hurt.
3) Families are like fudge…mostly sweet, with a few nuts.
4) Today’s mighty oak is just yesterday’s nut that held its ground.
5) Laughing is good exercise. It’s like jogging on the inside.
6) Middle age is when you choose your cereal for the fiber, not the toy.
(Copyright 2016 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)