Editor’s Note: This piece originally appeared in the May issue of DS News, out now.
Each year, mortgage servicers design new audit provisions to assist law firms in risk mitigation. While the intent of such initiatives is designed to be favorable, they often leave firms struggling to accommodate cumbersome requests, ranging from extensive pre-audit questionnaires to the composition of monotonous quality control, capacity, and business continuity plans. The audit inquisition has become a routine, and frequently unfortunate, phenomenon for most firms.
In the past, the request for such microscopic detail only pertained to components of the firm, such as actions primarily related to the processing of client referrals. However, it is evident by trends in the industry over the last few years that compliance requirements are no longer an isolated nuisance of days past; these standards now incorporate various sectors of a firm, disseminating through the ranks.
One area that shares this heightened sense of scrutiny pertains to a practice known as “compliance mandated insurance.” Mandated insurance includes requirements presented by clients such as professional and employment practice liability, as well as cyber and crime coverages.
A Formidable Threat
Law firms in the current mortgage banking climate closely monitor their costs while being aware of what is required to remain operational. In “Cyber Threat is Huge for Small Businesses,” which appeared in USA Today, writer Steve Strauss, citing the Verizon Data Breach Investigation Report, notes that 61 percent of cyber breaches hit small business in 2016, a 13 percent increase from the previous year. Later in the article, Strauss shares data from UPS Capital that found cyber-related attacks cost small businesses between $84,000 to $148,000 on average.
It is not uncommon for law firms, particularly those with affiliated title companies, to fall victim to what is known as “social engineering.” An example of this is when a hacker accesses an employee’s email account—in many cases that of a managing partner’s—to send out fraudulent wiring instructions to individuals within the firm. In many instances, the stolen funds are unrecoverable.
For a nominal premium and a large corresponding sublimit, social engineering is preventable under most available cyber policies. Cyber coverage is not only a required expense, as mandated by a firm’s clients, but it is also a practical expenditure for the business.
A Crucial Plan
Professional liability, or errors and omissions (E&O), insurance is a required expense for law firms regardless of the operating industry, and most lawyers understand its necessity. In the default sector, such coverage protects firms from lawsuits, whether originating from a borrower, a regulatory agency, or a financial institution. On occasion, a disgruntled, foreclosed upon borrower may sue the firm and financial institution the firm represents. While there is little to no merit to such cases, there have been instances where a firm’s E&O insurance policy requires implementation. This problem has less to do with the need and more to do with the extent of coverage.
A source of contention and confusion arises when, instead of allowing the firm itself to determine appropriate protection, servicers intervene with a directive. Servicers will often issue a blanket insurance directive dictating the limits of coverage a law firm must purchase so that vendors can avoid a potentially catastrophic claim.
The core of the debate comes down to the aspect of practicality. Is it practical, for example, for a law firm of five lawyers to purchase the same degree of insurance as a firm with 50 lawyers? Too often, servicers issue insurance directives, having little understanding of how they may impact their law firm vendors. Keen to remain in the good graces of their clients, law firms will follow these directives and purchase unneeded policies, possibly even acknowledging this increase as a cost of doing business. Conversely, a firm may be naive as to what limits they should have, often due to not receiving appropriate advice from their carrier or broker. Whereas a firm may begrudgingly understand the need to have insurance under normal circumstances, a blanket directive adds unnecessary costs, contributing to the firm’s increasing expense to remain compliant.
Attorney Elizabeth Pophal noted in a 2016 issue of DS News that, “clients now expect firms to have substantial policies, procedures, and training schedules in place, with strict oversight and accountability to the client.” Pophal further notes, “regular audits are commonplace and default servicing law firms must be prepared to demonstrate to clients at any given time that the firm is in compliance with specific laws, rules, and regulations.”
Insurance requirements are clearly a key component in the audit process and it can be acknowledged that there exists a delicate balance when it comes to a firm’s handling of their servicer clients. If a client is satisfied and receives little pushback from the firm, perhaps referral volume increases, or as a sign of the times, remains consistent.
A Set of Solutions
There are, however, some ways in which firms may remain compliant without being forced to purchase a policy with excessively high limits. First, firms need to acknowledge that all carriers are not created equal. There are a number of carriers who have a particular appetite and appreciation for default services. This understanding simplifies the claims process, thus controlling any potential premium increase.
Second, a component to navigating compliance requirements is understanding that many are just blanket directives. This means that the issuing servicer has no individual understanding of a firm’s coverage needs, and it is therefore the responsibility of the firm to educate their client on what coverage is appropriate. One way to accomplish this is to send a letter to the servicer either from the firm or from the firm’s broker indicating why their current coverage limits are acceptable.
A firm can also volunteer to have an appropriate deductible and decline to invoke their policy. This tactic is highly advantageous for firms who wish to swiftly settle nuisance claims. Such action requires no notification to the firm’s carrier or client.
Though disagreement occurs as to how best to measure the cost of compliance, one thing that lawyers and business owners agree on is that it is staggering. While hard costs are discernibly present, soft costs contribute heavily to the firm’s bottom line. Even the distraction of an audit alone is costly.
While law firms in the default space can be susceptible when it comes to servicer directives, it is important to understand the intent behind them. High E&O requirements don’t discount the importance of having an effective E&O policy. After all, the policy intends to protect the firm from all measures of claims, rather than provide a seemingly unnecessary policy burden.
In the highly regulated environment of this industry, the cost of compliance will remain a burden for the foreseeable future. The focus, of course, is to better understand how to control these costs without creating exposure to the firm. Even so, in the case of mid-sized firms being charged upwards of six figures annually in insurance costs, insurance related directives can and should be challenged.