12 minute read
Mortgage Refinance Applications Triple from a Year Ago, But Will They All Fund?
By Colin Robertson, The Truth About Mortgage
While the mortgage market has become a bit of a mess lately, lenders are apparently still totally slammed and doing record business.
For example, Quicken Loans CEO Jay Farner told Bloomberg today that, “March will be the largest closing month in our company’s history and we imagine April will be even bigger.”
Amazingly, loan applications are only taking an extra day or two to process, with the average 30 or 31 days, per Farner. That’s significant because they are the nation’s top retail mortgage lender, so it bodes well for the industry as a whole. This despite some 98 percent of Quicken’s 18,000-strong workforce doing it from home, including Farner.
The reason is obvious—mortgage rates are super cheap, and had actually hit all-time record lows in early March before a flood of applications oddly crippled the market. Then came the coronavirus outbreak, which further complicated matters, forcing the Fed to take action and start a new round of quantitative easing known as QE4 to boost liquidity on the secondary market.
It has also forced Quicken to double its call center workforce in anticipation of the many calls it will receive from borrowers about loan forbearance and loan modifications as job losses surge.
LOTS OF MORTGAGE APPLICATIONS, BUT ALSO PLENTY OF QUESTIONS
Mortgage refinance applications have tripled from a year ago, per a new report released today by LendingTree. The company noted that it’s based on applications submitted on the LendingTree mortgage shopping platform, which includes more than 500 mortgage lenders nationwide.
In San Francisco, such requests were up a whopping 417 percent from a year earlier, which might explain why lenders are inundated.
On the state level, Nebraska surprisingly led the way with refi apps up 338 percent from the same period in 2019, granted loan volume is probably low relative to other states.
However, while the coronavirus may have initially led to a mortgage rate swoon, lenders are now grappling with issued related to the many stay-at-home orders enacted throughout the country.
NEW PROBLEMS MORTGAGE LENDERS FACE • Home appraisal issues as social distancing measures are in place • Rate lock issues due to disruptions in the secondary market • Fallout if mortgage rates rise from application to closing • Title insurance, real estate attorneys, and recordings as offices close • Poor liquidity for jumbo loans and non-QM loans
This makes it more difficult for appraisers to do their jobs, with alternatives now in place that no longer require them to enter the borrower’s home. The same goes for getting verifications of employment (VOEs), which ensure the borrower is still employed at the company they say they work for, an important consideration when handing out hundreds of thousands of dollars.
Then there’s the issue of title insurance, with some county recorder’s offices closed while the lockdown measures are in place. Similarly, notaries and real estate attorneys might be unable to do their work if remote solutions are not made available.
Another issue is rate locks—some lenders are now making borrowers wait until they’re effectively clear to close before allowing them to lock in a mortgage rate. This presents another risk to the loan, assuming pricing has worsened from the beginning of loan origination to closing. Aside from a higher mortgage rate potentially making a borrower ineligible for financing, depending on DTI constraints and affordability, it could also make the loan less favorable to the borrower. If they began the process expecting a rate of 3.25 percent on a 30-year fixed, only to be told they can lock at 3.75 percent or higher, they might balk and simply walk from the loan.
So while there’s been a flood of mortgage applications, we may see some higher fallout than usual if these friction points aren’t resolved. Let’s not forget non-agency loans, such as jumbo loans and non-QM, which are facing a liquidity crisis of their own. The Fed is buying agency mortgagebacked securities (MBS), but there’s nothing in place to help those selling jumbo MBS or nonQM MBS. Assuming a lender is still originating jumbo loans, expect mortgage rates to be higher, all else being equal.
Speaking of non-QM loans, scores of lenders have suspended operations, stopped rate locks, and basically pivoted to agency stuff until the dust clears. It feels like 2006, to the point where I could start a list of closed lenders again.
WEEKLY MORTGAGE APPLICATIONS TANKED • Refinance apps fell 34 percent from a week ago as mortgage rates increased Home purchase apps decreased 15 percent as buyers sit on the sidelines Purchase activity has slowed tremendously in hard-hit area like CA and NY Silver lining might be a more resilient and adaptive mortgage industry going forward
Meanwhile, the MBA said this morning that home loan applications plummeted 29.4 percent from a week earlier as mortgage rates climbed higher due the issues mentioned above. That pushed refinance apps down a massive 34 percent, though considering how busy lenders are, it’s probably a good thing, at least temporarily.
The bigger issue is home purchase applications, which fell 15 percent from a week ago, a sign that the spring home buying season is essentially frozen thanks to COVID-19. The numbers have really tanked in California (-23 percent), New York (-17 percent), and Washington (-15 percent), areas severely impacted by coronavirus. And it’s bound to get worse as more states and municipalities declare emergencies and shelter in place directives. Sure, you might be able to attend a virtual showing on your tablet or smartphone, but it’s pretty tough to really get a feel for a home remotely.
This partially explains why all the major iBuyers put their own home purchases on hold earlier this week. Everyday Americans will probably follow suit, which means we might wind up with a fall home buying bonanza. That’s the upside at least. The other potential silver lining here is the mortgage industry might evolve as it’s forced to embrace new technologies. This could make it more resilient and better able to handle all types of different scenarios/crises in the future. It could also make the process of obtaining a home loan a lot less painful.
Editor's note: This article was originally published in The Truth About Mortgage.
The Best Benefit of Cloud Adoption: Security
By Russell Mosley, TISTA Science & Technology
Financial institutions realize they must invest in security to avoid costly breaches and protect their customers’ data. The cost of security will continue to rise because threats and regulatory requirements are moving targets. Most businesses can no longer justify the nonstrategic expense of maintaining security at the required levels with internal resources. A core asset of cloud services is securing data.
A significant way to reduce security concerns in the financial industry is to consider migrating applications to the cloud. Outsource the protection of data and the increasing workload to meet privacy regulations and data security requirements to the experts who maintain cloud services. It might seem counterintuitive at first, although migrating your applications to the cloud, for most companies, will result in better data security and easier compliance. Whether you are looking to move your application to a cloud infrastructure or migrate to a cloudbased Software as a Service (SaaS), this article will demonstrate how security and compliance should be leading drivers in the move to cloud adoption, and give you knowledge to help evaluate which cloud providers have the best security program in place.
WHAT MAKES CLOUD PROVIDERS SO SECURE?
The entire business model of cloud service providers depends on providing highly reliable and secure services. Cloud vendors are forced to approach security differently. They have poured billions of dollars into research and development because a major breach would irreparably damage their reputation. They architect cloud infrastructure with redundancy, performance, and security at the core of the offering. Custom applications, especially those built more than ten or twenty years ago, aren’t
comparable in the level of security planning, architecture, redundancy, and layers of defenses included in today’s cloud infrastructure.
Information security teams are expensive to maintain. Thanks to their size and scale, cloud service providers have more resources, including security experts, than their general client base. During a disruption of service or natural disaster, localized or widespread, cloud adoption allows you to disperse the resources and responsibility to keep systems available and secure. CLOUD MAKES COMPLIANCE EASIER.
In order to comply with government security and privacy regulations, controls must be established to protect the processing and the storage of sensitive data, network connectivity, and applications, which have access to that data. Generally, the systems and networks where the data are processed or stored are “in scope” for audit and compliance. When financial data is stored and processed on inhouse applications, the site must maintain expensive controls around this environment, the systems, the storage, and backups; and, even your company’s operational networks may be in scope. When you migrate applications to the cloud, you can isolate the scope and inherit the controls the cloud provider has in place to protect the data. Cloud service providers undergo annual audits which you can use to supplement your compliance requirements.
The Payment Card Industry Data Security Standard (PCI DSS) evolved in the mid 2000s applicable to organizations that process credit card payments. Every online business used to process credit cards. Hackers targeted poorly maintained, low-budget sites and there were massive credit card breaches. The credit card industry announced the PCI DSS and most businesses realized it was cost prohibitive to become “PCI compliant” since it requires a tremendous investment in security controls and review. As a result, most companies outsource credit card processing to dedicated card processing vendors and transfer the risk. Similarly, cloud services will transfer some of the risk and compliance regulations in the mortgage and finance industry. CLOUD ADOPTION DOES NOT RELINQUISH YOUR RESPONSIBILITY TO PROTECT THE DATA.
Particularly when migrating in-house applications to cloud-based systems, keep in mind that using cloud services does not relinquish your responsibility to protect the data. Cloud security is based on a shared responsibility model. You inherit the cloud provider’s controls over the infrastructure, and your application has to have proper security built-in and be well maintained to protect the access to that data. You also can’t use the cloud provider’s audit report to avoid a complete audit of your system and your organizational governance. Yes, the cloud provider’s report will reduce the scope of your audit, but you will still need to show governance (policies, management reviews), risk assessments, and security controls at your organization and in your application.
HOW DO I EVALUATE THE SECURITY OF CLOUD PROVIDERS?
Standards like ISO/IEC 27001 and CMMI are important, and have their value, although these certifications can be provided by audit firms that don’t hold vendors to the standards. Use cloud vendors that have a third-party conduct an annual SSAE SOC 2 audit, preferably a Type 2 audit. A SOC 2, Type 1 audit is a point-in-time audit that you can pass by proving you have safeguards in place at the time of the audit. A SOC 2, Type 2 audit covers a time period, typically the twelve months since the last SOC 2, Type 2 audit. In order to pass, you have to provide evidence that you have ongoing processes and procedures that you follow which meet the standard.
WHAT ABOUT THE PRIVACY OF OUR DATA?
Look for cloud vendors with a simple, transparent, easy to read Privacy Policy that’s linked right on its homepage. It should basically say, ‘we don’t use your data for anything other than the application, and we don’t sell your data.’ If the privacy policy doesn’t explicitly say ‘we don’t sell your data,’ guess what? They probably sell your data. I recently reviewed
DOC PREP, FULFILLMENT, REG COMPLIANCE, & DEFAULT
S E R V I C E S F O R M O R T G A G E L E N D E R S N A T I O N W I D E
DOCUMENT PREPARATION
Multi-state service using the firm ' s proprietary Docs on Demand® software. We provide accurate on-time documents to meet your closing needs.
FULFILLMENT
Funding Services (funds request & funding review) and Post-Closing Services including shipping, purchase conditions, trailing docs, and more
REGULATORY COMPLIANCE
Attorneys on Demand Services Support your compliance officer with access to Attorneys on Demand legal expertise
DEFAULT LEGAL SERVICES
Foreclosure, loss mitigation, loan modification, bankruptcy, eviction, and deceased mortgagor default solutions
LEARN MORE AT RAVDOCS.COM SBERTRAND@RAVDOCS.COM - 972.459.7286
the application, SnapComms, that has a good Privacy Policy that clearly explains everything (https://www.snapcomms.com/privacy-policy), and the mobile app “Lockdown,” (https:// lockdownhq.com/privacy) which is even simpler. Compare these privacy policies to your cloud vendors’ privacy policies.
Lastly, these are a few more technical details worth consideration as you assess potential cloud vendors:
On whose cloud does the application
actually run? Stick with applications that run on AWS or Microsoft Azure. They are the most mature cloud providers today. Where is the data stored? Cloud providers store copies or fragments of your data across data centers and geographic areas for redundancy, which sometimes includes other countries. Ask if any of your data will live outside of the U.S. and consider if that’s a risk you're willing to take.
How is your data segmented from other
customer data? This is a big one. You don’t want any chance of another customer having visibility into your data in the event of a bug or breach. Your data should be physically or logically separate from other customer’s data. You might want to ask an information security pro to help you review the responses to this question.
How frequently do they perform backups, where are the backups stored, and are
they encrypted? Online backups are at risk of loss in the event of a ransomware attack. It’s best to maintain offline backups at a geographically-disparate location. And back to my earlier suggestion, ask them to provide you with a third-party audit report in order to assess the controls they have in place.
I hope this article has been helpful and you will use this information to assess potential cloud vendors and to improve the security and privacy within your organization. MBM
