Oct. 13: Compensation, margin compression, setting passwords & cybersecurity update; corny joke front-runner

Lots going on out there as lenders continue to work on helping their borrowers, vendors strive for name and brand recognition, and the industry faces higher rates in the future and lower volumes. Not to mention thousands packing their suits and heading to DC. Let’s jump in on margin compression, compensation, appraisal waivers, blockchain, and cybersecurity.

I received this note from Rich Swerbinsky, COO of The Mortgage Collaborative. “Rob, after months of discussing these issues with our members, I penned a couple short pieces on the tough industry climate in general and on how we compensate employees in our industry.

On the subject of appraisals, this comment was received from Jon Weimer. “Interesting commentary on the Fannie Appraisal Waiver, but I have a hard time believing it’s not being utilized because borrowers want to know the property’s value. People apply to borrow money, and the appraisal is just typically a means to that end. If they know they can achieve what they want to achieve without the variable of the appraisal, I imagine most people would take that option. Probably saves a few bucks too. Just a guess, but I’d think it has more to do with lenders erring on the side of caution, not paying close enough attention to the findings, or not knowing if their investors would accept the waiver. And of course, maybe there are other variables that I don’t know based on things that happen post-closing.” Thanks Jon!

October is National Cybersecurity Month

Banks (and lenders who work for banks) should know that for 2019, the OCC said it will focus regulatory examination efforts on: cybersecurity and operational resiliency, commercial and retail credit loan underwriting, concentration risk management, credit risk, ALLL (including CECL), BSA/AML compliance, compliance-related change management process, internal controls, and end-to-end processes necessary for product and service delivery.

I’m thinking about changing my password from “MyrtleRules” to something more complex, like “Passwerd1.” Seriously, passwords are usually only changed minimally when they must be changed very often, and these changes aren’t effective.

Information on passwords and cyber risk is paramount for lenders and banks – one hack and a company can lose its entire net worth, reputation, and future. Now that hackers use sophisticated tools to detect versions of commonly used passwords, the National Institute of Standards and Technology (NIST) issued revised password guidelines to help people create passwords only they would know (and that would be difficult for thieves to crack). If you can picture it in your head and no one else could, that’s a good password.

Check out Special Publication 800-63B on Digital Identity Guidelines. Gone are recommendations to make passwords overly complex. Now, the important thing is for them to be personal and unique. Anything that you could easily think of might be a good password (a unique experience or diverse interest perhaps). Moreover, with these uniquely crafted passwords, you may not need to change them as often either. NIST’s guidelines continue to call for restricting sequential and repetitive characters (such as 12345), words that pertain to the particular site that the person is using, and commonly used passwords (such as p@ssw0rd). Management warns both employees and customers not to use passwords they may have had at other institutions or websites that subsequently suffered breaches. NIST says hackers often search for those first.

In prior commentaries I’ve mentioned that banks and other companies should still employ multi-factor authentication measures to lessen the chance of successful breaches. Indeed, more organized crime rings are successfully performing account takeover attacks on web and mobile applications. So, thwarting them with both unique passwords and additional authentication puts up two walls of defense.

Steve Brown with PCBB warns, “Know that criminals typically buy lists of commonly used user name and password combinations on the black market, and input the pairs into password cracking software called automated credential stuffing tools. Cybercriminals then use botnets to infect websites and mobile apps, enabling them to then use these credential stuffing tools to crack user names and passwords.”

Is a dollar in my wallet better than a dollar on the internet? Blockchain and artificial intelligence will not be adopted as quickly as expected, multiple industry experts say. Speaking at the SIFMA annual meeting, Bank of America Chief Operations and Technology Officer Cathy Bessant said distributed-ledger technology has potential but is so far “untested and untried,” while Rostin Behnam of the Commodity Futures Trading Commission told a CFTC conference that industry processes work reasonably well and have benefited from considerable investment.

How are lenders and banks viewing blockchain? Blockchain technology has many other uses that may be useful to banks & lenders beside those related to cryptocurrency. It uses a distributed ledger method of tracking and accounting, and that same technology can be used for contracts and business transactions. Some countries are even using blockchain to fight fraud and corruption.

Regulators are beginning to look at blockchain and provide clues as to how the use of it might eventually be regulated. As a reminder, cryptocurrencies rely on blockchain technology. The regulatory view of cryptocurrencies is evolving quickly. One of the first agencies to attempt a regulatory framework was the New York Department of Financial Services (NYDFS). In 2015, they published final rules for any crypto/virtual currency companies doing business in New York, which require these companies to apply for a Bit License.

The Commodity Futures Trading Commission (CFTC) has determined that at least some cryptocurrency tokens are commodities, and thus, subject to CFTC regulation. That is a big step for banks and non-depository mortgage banks that may have customers who want to use cryptocurrencies in transactions.

FINRA notes in its latest Regulatory and Examination Priorities Letter that it will be focusing on the sales practices of initial coin offerings (ICOs) and cryptocurrencies. The SEC is very interested in these areas, so more information and regulation is likely.

The FinCEN Improvement Act of 2018 just passed in the House. It seems to broaden the scope of FinCEN’s responsibility from protecting the financial system from illicit use and fighting money laundering, to a more active role of working with foreign financial intelligence units to prevent the use of cryptocurrencies potentially used by terrorist groups. While it still needs Senate approval, this bill could affect other regulations on this matter as well.

Rep. Tom Emmer, R-Minn., co-chairman of the Congressional Blockchain Caucus, says he will introduce three bills that call on the US to “prioritize accelerating the development of blockchain technology and create an environment that enables the American private sector to lead on innovation and further growth.” The bills urge regulatory clarity and government support for the blockchain industry.

This week the Senate Banking Committee held a hearing titled: “Exploring the Cryptocurrency and Blockchain Ecosystem.” The committee will hear from two witnesses: Dr. Nouriel Roubini (NYU) and Mr. Peter Van Valkenburgh (Coin Center), two are capable witnesses with diametrically opposite views of the cryptocurrency ecosystem. Dr. Roubini once described blockchain as “one of the most overhyped technologies ever” and said that most initial coin offerings (ICOs) were “created by con artists, charlatans, and swindlers looking to take your money and run.” Mr. Van Valkenburgh works at Coin Center, which is the “leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies like Bitcoin and Ethereum.” Asking a 75-year old Senator to understand any of this is ludicrous, but analysts believe that the primary policy focus in the near-term will be on policing the industry and individuals rather than introducing a sweeping federal overhaul. Who can do a federal overhaul anyway?

In addition to all the regulatory agencies, leaders in the Crypto/Virtual currency industry have proposed a self-regulatory body called the Virtual Commodity Association (VCA). It would require member firms to commit in writing to operating their offerings in compliance with safe and sound practices and “provide a sanctions-based accountability program to compel ongoing member compliance.”

The North American Securities Administrators Association is ahead of federal regulators in support of a formal cybersecurity rule for financial professionals, and that likely makes sense, said President Michael Pieciak. Small firms are regulated by states and “are some of the most vulnerable shops,” he said.

No, this is not a paid ad, but the Northwest Credit Union Association (NWCUA) and IP Services announced a partnership that will provide cybersecurity and Information Technology (IT) systems management solutions to its member credit unions. “National safeguards and standards are being established to protect financial institutions and consumers from constant threat of breaches. Individual credit unions should adopt the same strategy to thwart off next generation cyber-attacks. It is critical that credit unions deploy a proactive security strategy that manages IT assets, ensures service availability, and manages risk mitigation. IP Services solves these challenges by using an integrated set of processes and controls to ensure uninterrupted systems and business performance while adhering to strict compliance and security requirements.” Northwest credit union leaders will have the opportunity to meet the IP Services team during the NWCUA’s annual MAXX Convention in Tacoma Oct. 16-18. IP Services is an exhibitor at the Strategic Link Trade Show during the event.

The news is not confined to the United States. Five thousand nine hundred miles away in China, the Chinese Central Bank announced it has officially launched testing of a blockchain trade finance platform designed to conduct trade and financing activities. And last month in Russia the Raiffeisen Bank issued a digital mortgage using blockchain.

Bob Hill and his new wife Betty were vacationing in Europe – as it happens, near Transylvania. They were driving in a rental car along a rather deserted highway. It was late and raining very hard. Bob could barely see the road in front of the car.

Suddenly, the car skids out of control! Bob attempts to control the car, but to no avail! The car swerves and smashes into a tree. Moments later, Bob shakes his head to clear the fog. Dazed, he looks over at the passenger seat and sees his wife unconscious, with her head bleeding! Despite the rain and unfamiliar countryside, Bob knows he must get her medical assistance. Bob carefully picks his wife up and begins trudging down the road. After a short while, he sees a light. He heads towards the light, which is coming from a large, old house. He approaches the door and knocks. A minute passes. A small, hunched man opens the door.

Bob, badly wounded, mumbles, “My name is Bob Hill, and this is my wife Betty. We’ve been in a terrible accident, and my wife has been seriously hurt. Can I please use your phone?”

“I’m sorry,” replied the hunchback, “but we don’t have a phone. My master is a doctor; come in, and I will get him!”

Bob brings his wife in. An older man comes down the stairs. “I’m afraid my assistant may have misled you. I am not a medical doctor; I am a scientist. It is many miles to the nearest clinic, however, and I have had a basic medical training. I will see what I can do. Igor, bring them down to the laboratory.”

With that, Igor picks up Betty and carries her downstairs, with Bob staggering after them. Igor places Betty on a table in the lab. Bob collapses from exhaustion and his own injuries, so Igor places Bob on an adjoining table.

After a brief examination, Igor’s master looks worried. “Things are serious, Igor. Prepare a transfusion.” Igor and his master work feverishly, but to no avail. Bob and Betty Hill are no more. The Hills’ deaths upset Igor’s master greatly. Wearily, he climbs the steps to his conservatory, which houses his grand piano. For it is here that he has always found solace. He begins to play, and a stirring, almost haunting melody fills the house.

Meanwhile, Igor is still in the lab tidying up. His eyes catch movement, and he notices the fingers on Betty’s hand twitch, keeping time to the haunting piano music. Stunned, he watches as Bob’s arm begins to rise, marking the beat! He is further amazed as Betty and Bob both sit up straight!

Unable to contain himself, he dashes up the stairs to the conservatory. He bursts in and shouts to his master: “Master, Master! The Hills are alive with the sound of music!”

Visit www.robchrisman.com for more information on our industry partners, access archived commentaries, or to subscribe to the Daily Mortgage News and Commentary. If you’re interested, visit my periodic blog at the STRATMOR Group web site. The current blog is, “The Rise of the Credit Unions.” If you have both the time and inclination, make a comment on what I have written, or on other comments so that folks can learn what’s going on out there from the other readers.


(Market data provided in partnership with MBS Live. For free job postings and to view candidate resumes visit LenderNews. Currently there are hundreds of mortgage professionals looking for operations, secondary and management roles. For up-to-date mortgage news visit Mortgage News Daily. For archived commentaries, or to subscribe, go to www.robchrisman.com. Copyright 2018 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)


Rob Chrisman