Nov. 23: Letters on mobile app, information, and cyber security; risk transfer; a transitional licensing update

Yes, it has become quiet out there, with lots of “out of office” replies and empty cubicles. There’s a lot for our industry, and clients, to be thankful for in 2019 and many are taking a breather. But that doesn’t mean customers don’t need help, and that there is still plenty going on.

For example, in response to a write up I had in the lead paragraph on Facebook/iPhone camera/QC-ing security, Michael Chan sent, “In JD Power’s 2019 study released last week, apparently only 15% of consumers surveyed used their mortgage originator’s mobile app. Much of the communication with consumer is still via email and phone. First off, I didn’t realize that many mortgage originators HAD a mobile app. I’m in the business of helping originators realize the value of mobility and mobile apps, and, I can only infer that that percentage is low because either mortgage originators don’t have (or didn’t realize they had) a mobile app or, if they do, it’s just not very well thought out which leads me to my second point and is related to the question that you received and posted below.”

Michael’s note continued. “There is so much noise out and distortion out there from a technology standpoint especially in our industry. First off, native mobile apps are going to provide a much higher level of security than a browser (whether it be for taking loan applications or other types of mortgage origination functions). A mortgage company/bank/credit union can QC and/or request information from the technology partner to demonstrate that level of security too. The technology service providers can and should proactively provide that information anyways. And that leads to my second sub-point here which is very important for organizations in this industry to heed and that is enterprise-grade technology cannot be more important nowadays. There are many, many vendors and service providers out there, and, my point is that, from cyber-security to UI/UX to so many other considerations, there needs to be a better rigor in how technology is not only built and put together but also how its evaluated and delivered to a customer.

 

“I can go on a little bit more too about the native mobile app side of things but I’ll save that for another time. This is all just my 2 cents.” Thanks Michael!

While we’re on “Michaels,” I received this note from Michael Steer from MQMR. “Rob, the links below are something to be shared with your readers. The MBA put out a fantastic whitepaper on The Basic Components of an Information Security Program last week. Nice job to the MBA for this!  Every executive team at a mortgage company or vendor should read through it and go through each section step by step with their IT department to see what they have in place and obtain evidence from the IT department (or outsourced IT vendor provider if they use one) that those controls are in place and functioning properly. Page 5 references some other regulations and resources to refer to such as the NY Cybersecurity Requirements for Financial Services Companies, which outlines some additional components of a cybersecurity program.

 

“We’ve done many IT audits for clients and it’s surprising the type of findings we still identify given how much emphasis there’s been on cybersecurity the past few years: USB mass storage access still open, lack of screen timeout/lock and password expiration/failed attempt lockout policies, firewalls not fully turned on, access to main systems via guest Wi-Fi, lack of encryption at rest using a TPM-module, user access controls not in place and deboarded employees still having access to some systems or had gaps in having their systems access terminated, lack of physical security and clean desk policies around the office, and many, many more. We need to continue to promote cybersecurity awareness as an industry to protect ourselves and those we do business with.”

Economic sanctions have caused some countries to step up state-sponsored cyberattacks on US firms in order to replenish their national coffers, according to the Federal Bureau of Investigation. Banks are finding they need to adjust their operational risk models upward to take into account the threat of more sophisticated cyberattacks.

The Federal Reserve is considering collecting information on losses from cyberattacks to beef up the banking industry’s risk management. “As a first step, we are going to focus on a voluntary exercise, but we do not rule out the possibility of moving towards mandatory collection,” says Filippo Curti, an economist at the Federal Reserve Bank of Richmond.

Weiner Brodsky Kider reports that the FTC settled a complaint against a technology company whose allegedly lax information security policies resulted in a data breach. The FTC recently announced a proposed settlement with a Utah-based technology company for alleged violations of the FTC Act, including failures to implement reasonable information security safeguards which led to a security breach.

Licensing in the primary market & liquidity in the secondary markets

The Mortgage Bankers Association sent out an update on transitional licensing. “On Sunday, November 24th, the new federal temporary authority law will go into effect and the Nationwide Multistate License System (NMLS) will allow mortgage loan originators (MLOs) who meet the strict eligibility requirements in the statute to work in any state for 120 days if they have applied for a license and complete their education and testing requirements.

“Some correspondent lenders/aggregators may not yet be ready to purchase loans that have been originated by MLOs operating under temporary authority. As a result, policies regarding temporary authority may vary, and may be fluid, in this early period, and we encourage you to regularly review recent notices/memoranda to ensure you understand correspondent purchase policies and can comply with any procedural or documentation requirements.

“It is important to note that MBA has confirmed with the Federal Housing Administration and the GSEs that they have NOT placed any restrictions on loans they will insure or purchase which are originated by MLOs operating under temporary authority. In response to our inquiry, FHA has released an FAQ on the matter, which you can review here (search the term ‘temporary authority’).

“As you make final preparations for temporary authority, please ensure all appropriate staff have reviewed the materials on the dedicated NMLS webpage. Additionally, by clicking here you and your teams can listen to a recent webinar MBA held with the Conference of State Bank Supervisors that explains the basics of the new law, details the changes that have been made to the NMLS system, and discusses important risk management controls. Lastly, MBA is offering a new Compliance Essentials Resource Guide to help your organization manage policies and procedures for this exciting new business opportunity. For more information click here.”

Risk Transfers & Deal Creation Continue

Without an active secondary market, the primary market (rates to borrowers) would suffer. Both Freddie and Fannie continue to transfer risk from their balance sheets (and, since they’re in conservatorship, the taxpayers) to willing buyers.

Fannie Mae priced its first Multifamily Connecticut Avenue Securities (MCAS Series 2019-01) transaction, a $472.7 million note offering that complements Fannie Mae’s Delegated Underwriting and Servicing (DUS) and Multifamily Credit Insurance Risk Transfer (MCIRT) programs, in an effort to expand the types of loans covered and promote the continued growth of the credit risk transfer market. The reference pool for MCAS Series 2019-01 consists of approximately 340 multifamily mortgage loans with an outstanding unpaid principal balance of approximately $17 billion. The reference pool includes first lien fixed-rate and adjustable-rate multifamily loans comprised of collateral underwritten according to Fannie Mae’s standards and acquired by Fannie Mae from April 2018 through December 2018. The loans have unpaid principal balances equal to or greater than $30 million that have terms less than or equal to 12 years, in addition to other select eligibility requirements. Pricing for the four tranches is as follows. The $80.7 million Class M-7 will have 3.785 percent expected initial credit support and will be priced at 1-month LIBOR plus 170 bps. The $327.1 million Class M-10 will have 1.17 percent expected initial credit support and will be priced at 1-month LIBOR plus 325 bps. The $41.3 million Class B-10 will have 0.840 percent expected initial credit support and will be prices at 1-month LIBOR plus 550 bps. Finally, the $23.6 million Class C-E will have 0.651 percent expected initial credit support and will be priced at 1-month LIBOR plus 875 bps. Fannie Mae will retain a portion of the M-7, M-10, B-10 and C-E reference tranches in order to align its interests with investors throughout the life of the offering, and will retain the first loss tranche. More information on Fannie Mae’s credit risk transfer activities is available at: https://www.fanniemae.com/portal/funding-the-market/credit-risk/index.html.

 

Fannie Mae priced Connecticut Avenue Securities (CAS) Series 2019-R07, a $998 million note offering as part of Fannie Mae’s benchmark issuance program designed to share credit risk on its single-family conventional guaranty book of business. The reference pool for CAS Series 2019-R07 consists of approximately 102,000 single-family mortgage loans with an outstanding unpaid principal balance of approximately $26.6 billion. The reference pool includes one group of loans comprised of collateral with loan-to-value ratios of 60.01 percent to 80.00 percent, the majority of which were acquired from April through June 2019. The loans included in this transaction are fixed-rate, generally 30-year term, fully amortizing mortgages. With the completion of this transaction, Fannie Mae will have brought 37 CAS deals to market, issued $43 billion in notes, and transferred a portion of the credit risk to private investors on more than $1.3 trillion in single-family mortgage loans, measured at the time of the transaction. Since 2013, Fannie Mae has transferred a portion of the credit risk on close to $1.9 trillion in single-family mortgages, measured at the time of the transaction, through all of its credit risk transfer programs. Pricing for the deal is as follows. Class 1M-1 ($249.58 million) is expected to have a Fitch rating of BBB-sf and is priced at 1-month LIBOR plus 77 bps. Class 1M-2 ($524.11 million) is expected to have a Fitch rating of Bsf and is priced at 1-month LIBOR plus 210 bps. Finally, Class 1B-1 ($224.62 million) will not be rated but will have pricing of 1-month LIBOR plus 340 bps. Fannie Mae will retain a portion of all offered tranches in order to align its interests with investors throughout the life of the deal. CAS REMIC notes are issued by a bankruptcy-remote trust. The amount of periodic principal and ultimate principal paid by Fannie Mae is determined by the performance of a large and diverse reference pool. For more information on individual CAS transactions, visit Fannie’s credit risk transfer website. Fannie plans to return to market in late November for their final transaction of the year with a new series of CAS notes referencing loans originated under Fannie Mae’s Refi Plus and HARP initiative, as part of ongoing capital management efforts.

Freddie Mac priced several “K-Deals” recently. Freddie priced a new $489 million offering of Structured Pass-Through K-Certificates (K-G02 Certificates), backed by multifamily mortgage-backed securities that were expected to settle on or about October 18. K-Deals, which typically feature a wide range of investor options with stable cash flows and structured credit enhancement, transfer a portion of the risk of losses away from taxpayers to private investors who purchase the unguaranteed subordinate bonds. KG-Deals are the environmental and social impact series of Freddie Mac’s K-Deal program, exclusively securitizing workforce housing loans made through the company’s Green Advantage program. Pricing for the deal is as follows. Class A-1 has principal of $74.73 million, a weighted average life of 6.80 years, a coupon of 2.044 percent, a yield of 1.9528 percent, and a $100.4938 price. Class A-2 has principal of $415.0 million, a weighted average life of 9.64 years, a coupon of 2.412 percent, a yield of 2.0101 percent, and a $102.9923 price. Class X1 has principal of $489.73 million, a weighted average life of 8.97 years, a coupon of 1.144 percent, a yield of 3.27078 percent, and a $8.1616 price. Class X3, which will not be offered, has principal of $54.41 million and a weighted average life of 9.60 years.

 

Freddie priced another new offering of K-Certificates (K-J26 Certificates) that are backed by underlying collateral consisting of supplemental multifamily mortgages. The company expects to issue approximately $259 million K-J26 Certificates, which were expected to settle on or about October 24. The K-J26 Certificates are backed by corresponding classes issued by the FREMF 2019-KJ26 Mortgage Trust (KJ26 Trust) and guaranteed by Freddie Mac, which will also issue certificates consisting of class B and class R certificates, which will not be guaranteed by Freddie Mac and will not back any class of K-J26 Certificates. Pricing for the deal is as follows. Class A-1 has principal of $98.0 million, a weighted average life of 3.71 years, a coupon of 2.135 percent, a yield of 2.1043 percent, and a $99.9994 price. Class A-2 has principal of $161.968 million, a weighted average life of 6.49 years, a coupon of 2.606 percent, a yield of 2.2571 percent, and a $101.9945 price. Class X, which will not be offered, has principal of $324.96 million and a weighted average life of 5.46 years. The multifamily investors section of the Freddie’s Web site at https://mf.freddiemac.com/investors/ will be updated with any information on material developments or other events that may be important to investors, and we encourage investors to access this website on a regular basis for such updated information.

 

It was the day after Thanksgiving and a little old man shuffled slowly into an ice cream parlor and pulled himself slowly, painfully, up onto a stool.

After catching his breath, he ordered a banana split.

The waitress asked kindly, “Crushed nuts?”

“No,” he replied, “Arthritis.”

Visit www.robchrisman.com for more information on our industry partners, access archived commentaries, or to subscribe to the Daily Mortgage News and Commentary. If you’re interested, visit my periodic blog at the STRATMOR Group web site. The current blog is, “Fannie & Freddie: A Snapshot” If you have both the time and inclination, make a comment on what I have written, or on other comments so that folks can learn what’s going on out there from the other readers.

Rob

(Market data provided in partnership with MBS Live. For free job postings and to view candidate resumes visit LenderNews. Currently there are hundreds of mortgage professionals looking for operations, secondary and management roles. For up-to-date mortgage news visit Mortgage News Daily. For archived commentaries, or to subscribe, go to www.robchrisman.com. Copyright 2019 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)