Suggesting that loan servicers develop and implement robust vendor management programs for foreclosure counsel would likely have surprised many servicers 24 months ago. Today, law firms, consultants and in-house servicer teams with specialized default firm audit training crisscross the country conducting extensive on-site visits of default firms, examining everything from locks on the doors and filing cabinets to sufficiency of notary policies and procedures. We have, indeed, come a long way and, while law firm vendor management continues to evolve at a break-neck speed, a few basic lessons may be drawn from the experience to date. In today’s column, we touch on five such lessons.

1. Don’t start from scratch. Particularly for small servicers, developing a default firm vendor management program from scratch may seem daunting. However, the fundamentals of the program need not vary greatly from non-legal vendor management risk management programs. A variety of government agencies have published guidance on vendor risk management that provides a solid starting point for building a program. Key documents include the following: CFPB Bulletin 2012-03 OCC 2011-29; FDIC FIL-44-2008; and OCC 2001-47.

Additionally, because the servicer may well have been following these principles on the general procurement side for some time, it may already have developed internal expertise that can be leveraged in the creation of the default firm vendor management program.

2. Begin with the basics. While no two default firm vendor management programs are identical, certain structural similarities exist at the proverbial 30,000-foot level. In particular, it has been our experience that most programs include a set of tools used to standardize and reduce the subjectivity of the evaluation process. More often than not, these tools include a lengthy questionnaire (completed in advance of the onsite visit), a scorecard (used to rate the firms), a memorandum summarizing, in narrative format, the audit findings and a remediation letter (to advise the firm of changes requested by the servicer).

3. More is sometimes less. There is a natural temptation to create tools that are exhaustive and delve deeply into every nook and cranny of the default firm’s operations. These days, default firms likely feel like they are suffering the audit equivalent of “death by a thousand cuts.” In response, some firms now respond in kind: producing thousands of pages of documents. Such avalanche audit responses can actually put the servicer in worse shape than it was before because regulators will likely assert that the servicer should have reviewed all that material and noted defects contained within. Accordingly, it may be preferable to develop a process that balances tight, targeted questions to elicit specific information with a number of open-ended questions designed to trigger disclosures opening the door to further investigation.

4. Do your homework. Nothing is more frustrating and less productive than an audit that begins with the auditor asking questions like “is your state non-judicial?” or “why don’t you ask for attorneys fees in your complaints?” Basic questions should be answered in advance and seldom produce information beneficial to the overall audit. Moreover, the firm being audited will recognize that the auditor is inexperienced and/or ignorant about the applicable law and may well take the entire process less seriously.

We have found that, once the audited firm recognizes that the auditors know the fundamentals of the applicable law and are interested in having a meaningful discussion about how the firm handles files, the firm becomes more cooperative, the audits proceeds more efficiently, and the information obtained is more valuable. Put simply: background work must be done before the onsite audit.

5. Monitor matters to conclusion. Some audit programs start strong but fade as they approach the finish line. If items for remediation are identified, those matters must be tracked through to satisfactory resolution. As discussed above, identifying a problem and not ensuring it is fixed can, in the long run, be worse than never knowing about the problem. The program should be “cradle to the grave”. And, as a corollary, if the servicer identifies weaknesses or problems with a default firm, the servicer must be willing to take action where those issues are not remediated. An audit program without meaningful penalties for non-compliance—including termination—is not much of a program at all.

Given how far we’ve come, it would be folly to predict the lay of the land 24 months from now. Perhaps audits will be even more exhaustive than they are today. Perhaps all servicers will handle their audits in-house or perhaps a standardized audit process will exist allowing multiple servicers to rely upon a single, joint audit. One thing that seems certain, however, is that default firm auditing is here to stay.