Issue Date April 28, 2009 Audit Report Number 2009-DE-1003 TO: Brian D. Montgomery, Assistant Secretary for Housing – Federal Housing Commissioner, H //signed// FROM: Ronald J. Hosking, Regional Inspector General for Audit, Denver, 8AGA SUBJECT: SecurityNational Mortgage Company, Murray, Utah, Did Not Follow HUD Requirements in Underwriting Insured Loans and Did Not Follow Quality Control Requirements HIGHLIGHTS What We Audited and Why We audited SecurityNational Mortgage Company (SecurityNational), a Federal Housing Administration (FHA)-approved direct endorsement lender, to determine whether it properly underwrote insured loans and whether its quality control plan met the U.S. Department of Housing and Urban Development’s (HUD) requirements. We audited SecurityNational because of its high default rate and the Office of Inspector General’s strategic goal to reduce fraud in single-family insurance programs. What We Found SecurityNational did not follow HUD regulations when underwriting 18 FHA loans. One of the loans contained significant underwriting deficiencies because the borrower overstated their self-employment income and SecurityNational did not detect the borrower’s misrepresentation. In addition, SecurityNational did not review early payment defaults or perform timely reviews. It did not review all FHA-insured loans that defaulted within the first six months, nor did it perform its monthly quality control reviews on time. What We Recommend We recommend that HUD require SecurityNational to reimburse it for the loss on the loan with a significant deficiency. We also recommend that HUD monitor SecurityNational to ensure that it effectively monitors its underwriters’ actions and properly performs its quality control reviews. For each recommendation without a management decision, please respond and provide status reports in accordance with HUD Handbook 2000.06, REV-3. Please furnish us copies of any correspondence or directives issued because of the audit. Auditee’s Response We provided the draft report to SecurityNational on April 16, 2009 and requested written comments to the report by May 1, 2009. SecurityNational provided verbal comments during the exit conference on April 23, 2009. SecurityNational concurred with the report and declined to provide formal written comments. 2 TABLE OF CONTENTS Background and Objectives 4 Results of Audit Finding 1: SecurityNational Did Not Follow HUD Requirements When 5 Underwriting 18 FHA Loans Finding 2: SecurityNational Did Not Follow Quality Control Requirements 7 Scope and Methodology 9 Internal Controls 10 Appendixes A. Schedule of Funds to Be Put to Better Use 11 B. Narrative Case Summary 12 C. Schedule of Minor Deficiencies 13 3 BACKGROUND AND OBJECTIVES SecurityNational Mortgage Company’s (SecurityNational) home office is located in Murray, Utah. The U.S. Department of Housing and Urban Development’s (HUD) Federal Housing Administration (FHA) approved SecurityNational as a nonsupervised mortgage company on September 7, 1993. SecurityNational is a sponsoring lender for Mortgage Financial Group Corporation and HMS Mortgage, Inc., which are loan correspondents. Mortgage Financial Group Corporation and HMS Mortgage, Inc., originate loans and then submit the loans to SecurityNational for underwriting. SecurityNational underwrote 1,393 FHA-insured loans originated by SecurityNational, Mortgage Financial Group Corporation, or HMS Mortgage, Inc., with beginning amortization dates from December 1, 2006, through November 30, 2008. The original mortgage amount of these loans totaled more than $113 million. Of the 1,393 loans, 111 (7.97 percent) defaulted within the first two years after closing. The original mortgage amount of the defaulted loans totaled more than $19 million. In comparison, 4.92 percent of the FHA-insured loans nationwide defaulted within the first two years after closing. The objectives of the audit were to determine whether SecurityNational properly underwrote insured loans and whether its quality control plan met HUD requirements. 4 RESULTS OF AUDIT Finding 1: SecurityNational Did Not Follow HUD Requirements When Underwriting 18 FHA Loans SecurityNational did not properly underwrite 18 FHA-insured loans. One of the loans contained deficiencies that affected the credit quality (insurability) of the loan. This condition occurred because SecurityNational’s management did not effectively monitor its underwriters’ actions. As a result, the FHA insurance fund incurred a loss of more than $92,000. SecurityNational Did Not Properly Underwrite FHA- Insured Loans SecurityNational did not properly underwrite 18 of 20 sampled FHA-insured loans. One loan contained significant underwriting deficiencies because the borrower overstated their self-employment income and SecurityNational did not detect the borrower’s misrepresentation. Specifically, SecurityNational inappropriately used income from a corporation and did not develop a two-year trend of self-employment income. HUD Handbook 4155.1, REV-5, provides the basic underwriting requirements for single-family mortgages. Chapter 2 discusses self-employment income. When analyzing self-employment income, the lender must establish the borrower’s earning trend over the previous two years and include or exclude the income based on the type of business. SecurityNational did not follow these requirements when it analyzed the borrower’s self-employment income. Of the 20 sampled FHA-insured loans, 17 contained minor underwriting deficiencies. These deficiencies did not affect the overall insurability of the loans. However, the lender needs to ensure that it follows all facets of HUD requirements when underwriting FHA loans. We provided details of these deficiencies to SecurityNational during our review. Appendixes C and D summarize the deficiencies in each of the 18 loans. Underwriters Lacked Effective Supervision SecurityNational’s management did not effectively monitor the underwriters’ actions. However, within the last year, SecurityNational’s management has created a new department to provide additional oversight and training to its underwriters. 5 The majority of the loans we reviewed closed before SecurityNational’s creation of the Credit Policy department. HUD’s Insurance Fund Was at Risk SecurityNational placed HUD’s insurance fund at risk by not following HUD underwriting requirements. The FHA insurance fund incurred a loss of more than $92,000 for the one loan with significant deficiencies. Recommendations We recommend that the Assistant Secretary for Housing – Federal Housing Commissioner 1A. Require SecurityNational to indemnify HUD for the loss on the one loan for which HUD has already paid claims and the property has been sold. The loss to the FHA insurance fund was $92,693. 1B. Review loans recently underwritten by SecurityNational to verify that the underwriting deficiencies noted during our review are no longer an issue and SecurityNational’s Credit Policy department is providing effective monitoring of the underwriters’ actions. 6 Finding 2: SecurityNational Did Not Follow Quality Control Requirements SecurityNational did not review all FHA-insured loans that defaulted within the first six months, nor did it perform its monthly quality control reviews in a timely manner. This condition occurred because management reassigned some of its quality control staff for a short period of time to help in another department during a period of increased loan volume. As a result, the lender left the FHA insurance fund vulnerable to increased risk and could not ensure the accuracy, validity and completeness of the loan originations. SecurityNational Did Not Review Early Payment Defaults or Perform Timely Reviews SecurityNational did not review all FHA-insured loans that defaulted within the first six months, nor did it perform its monthly quality control reviews in a timely manner. All of the 20 loans reviewed defaulted within the first six payments, but the lender did not review any of these loans as part of its quality control process. Additionally, of the 22 quality control reports SecurityNational should have completed for loans that were funded during our audit period, it only completed 17 (78 percent) of the required reports. Of the 17 reports completed, 16 (94 percent) were generated past the required 90 days from the end of the month in which the loan closed. These quality control reports were generated between 91 and 173 days after the end of the month in which the loan closed. HUD Handbook 4060.1, REV-2, chapter 7, section 7, states that lenders must ensure that quality control reviews are performed on a regular and timely basis, specifically within 90 days of closing. It also requires lenders to review all loans going into default within the first six payments. As identified above, SecurityNational did not meet these requirements. SecurityNational Reassigned Staff SecurityNational reassigned some of its quality control staff for a short period of time to help in another department during a period of increased loan volume. This change left the quality control department shorthanded and led to the quality control reviews not being performed in a timely manner. The lender skipped several months of quality control reviews to focus on reviews of more recent loans, but it had been working to perform its quality control reviews in a more timely manner. 7 The FHA Insurance Fund Was Vulnerable SecurityNational left the FHA insurance fund vulnerable to increased risk. The lender could not ensure that it complied with HUD’s and its own underwriting requirements consistently and in a timely manner; protected itself and HUD from unacceptable risk; and guarded against errors, omissions, and fraud. Recommendations We recommend that the Assistant Secretary for Housing – Federal Housing Commissioner 2A. Review SecurityNational’s monthly quality control reports to ensure that they include all FHA-insured loans that defaulted within the first six months and that all monthly quality control reviews are timely. 8 SCOPE AND METHODOLOGY SecurityNational underwrote 1,393 FHA-insured loans originated by SecurityNational, Mortgage Financial Group Corporation, and HMS Mortgage, Inc., with beginning amortization dates from December 1, 2006, through November 30, 2008. SecurityNational is a sponsoring lender for Mortgage Financial Group Corporation and HMS Mortgage, Inc. We reviewed 20 of the 111 loans that defaulted within the first two years after closing. We reviewed the 20 loans that had the least number of payments made before the lender reported the first 90-day default. To accomplish the audit objectives, we • Reviewed HUD regulations and reference materials related to single-family requirements. • Reviewed Security National’s underwriting and quality control policies and procedures. • Reviewed SecurityNational’s loan case files. • Reviewed SecurityNational’s quality control reports and corrective actions taken. • Interviewed SecurityNational staff to obtain information regarding its policies and procedures. We used data maintained by HUD in the Single Family Data Warehouse and Neighborhood Watch systems for background information and in selecting our sample of loans. We did not rely on the data to reach our conclusions. Therefore, we did not assess the reliability of the data. We classified $92,693 as funds to be put to better use. This is the amount of loss to HUD for the one loan for which we recommend that HUD require SecurityNational to indemnify it. We performed the on-site review work in Murray, Utah, during January 2009. We conducted the audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. 9 INTERNAL CONTROLS Internal control is an integral component of an organization’s management that provides reasonable assurance that the following controls are achieved: • Program operations, • Relevance and reliability of information, • Compliance with applicable laws and regulations, and • Safeguarding of assets and resources. Internal controls relate to management’s plans, methods, and procedures used to meet its mission, goals, and objectives. They include the processes and procedures for planning, organizing, directing, and controlling program operations as well as the systems for measuring, reporting, and monitoring program performance. Relevant Internal Controls We determined that the following internal controls were relevant to our audit objectives: • Management’s controls to ensure that it underwrites FHA-insured loans in accordance with HUD requirements. • Management’s policies and procedures to ensure that it implements a quality control plan and performs related reviews in accordance with HUD requirements. We assessed the relevant controls identified above. A significant weakness exists if management controls do not provide reasonable assurance that the process for planning, organizing, directing, and controlling program operations will meet the organization’s objectives. Significant Weaknesses Based on our review, we believe that the following items are significant weaknesses: • SecurityNational did not have adequate procedures to ensure that it followed HUD requirements in the underwriting of FHA-insured loans (finding 1). • SecurityNational did not follow its quality control plan in monitoring the underwriting of FHA-insured loans (finding 2). 10 APPENDIXES Appendix A SCHEDULE OF FUNDS TO BE PUT TO BETTER USE Recommendation Funds to be put number to better use 4/ 1A $92,693 1/ Recommendations that funds be put to better use are estimates of amounts that could be used more efficiently if an Office of Inspector General (OIG) recommendation is implemented. These amounts include reductions in outlays, deobligation of funds, withdrawal of interest, costs not incurred by implementing recommended improvements, avoidance of unnecessary expenditures noted in preaward reviews, and any other savings that are specifically identified. Implementation of our recommendation to require SecurityNational to indemnify HUD for the one materially deficient loan will reduce the risk of loss to the FHA insurance fund. The amount above reflects the amount of loss HUD incurred for the one loan. 11 Appendix B NARRATIVE CASE SUMMARY HUD case number: 5216383061 Loan amount: $221,523 Closing date: April 13, 2007 Status at time of review: First 90-day default reported after no payments Current status: Property conveyed to insurer Loss to HUD: $92,693 SecurityNational underwrote and approved the mortgage based on overstated income. Specifically, the lender inappropriately used income from a corporation and did not use a two- year average of self-employment income to qualify the borrower. Additionally, we noted the following deficiencies with the loan: • The liability amounts listed on the mortgage credit analysis worksheet did not agree with the documentation in the file, • Incorrect gift and appraisal amounts were listed on the mortgage credit analysis worksheet, • The gift was not listed on the HUD-1 settlement statement, and • The wrong gift amount was entered into Neighborhood Watch. Therefore, HUD insured the loan based on SecurityNational’s inaccurate representation that the borrower met HUD qualifying guidelines. Overstated Income HUD Handbook 4155.1, REV-5, CHG-1, paragraph 2-9C, requires the lender to establish the borrower’s earnings trend over the previous two years. The lender did not use a two-year average of self-employment income. Unsupported Liabilities HUD Handbook 4155.1, REV-5, chapter 2, section 4, discusses liabilities. The liability amounts listed on the mortgage credit analysis worksheet did not agree with the documentation in the file. No explanation for the discrepancies was documented in the loan file. 12 Appendix C SCHEDULE OF MINOR DEFICIENCIES *mortgage credit analysis worksheet Unsupported Income HUD Handbook 4155.1, REV-5, chapter 2, section 2, discusses income. SecurityNational did not document the computation used to determine the effective income, and the OIG auditor could not replicate the amount used to qualify the borrower. According to HUD Handbook 4155.1, REV-5, paragraph 2-7A, the lender must develop an average of bonus or overtime income for the past two years. Periods of less than two years may be acceptable provided the lender justifies and documents in writing the reason for using the income for qualifying purposes. SecurityNational did not develop a two-year average of bonus or overtime income and did not provide written justification in the loan file for using less than a two-year average. Unsupported Employment History According to HUD Handbook 4155.1, REV-5, paragraph 2-6, the lender must verify the borrower’s employment for the most recent full two years. The borrower also must explain any gaps in employment spanning one month or more. SecurityNational did not verify a full two years of employment history or document the reason for gaps in employment. According to HUD Handbook 4155.1, REV-5, paragraph 3-1E, to verify employment, the lender must obtain a verification of employment and the borrower’s most recent pay stub. As an alternative to obtaining a verification of employment, the lender may obtain the borrower’s original pay stubs covering the most recent 30-day period, along with original Internal Revenue Service W-2 forms from the previous two years. SecurityNational did not obtain all of the documentation required to verify current employment. Unsupported Assets HUD Handbook 4155.1, REV-5, paragraph 3-1F, states that a verification of deposit and most recent bank statements are to be provided. As an alternative to obtaining a verification of deposit, the lender may obtain original bank statement(s) covering the most recent three-month 13 period. Provided the bank statement shows the previous month’s balance, this requirement is met by obtaining the two most recent consecutive statements. SecurityNational did not obtain the verification of deposit and current bank statement or the alternative documentation. Unsupported Credit History HUD Handbook 4155.1, REV-5, paragraphs 2-3A and 3-1J, state that a verification of rent or payment history of mortgage is required as part of the application and can be used to analyze a borrower’s credit history. SecurityNational did not obtain a verification of rent or mortgage payment history. HUD Handbook 4155.1, REV-5, paragraph 2-3, requires a written explanation from the borrower for major indications of derogatory credit, including judgments and collections. SecurityNational did not obtain written explanations for the borrower’s derogatory credit. Unsupported Liabilities HUD Handbook 4155.1, REV-5, chapter 2, section 4, discusses liabilities. The liabilities used to qualify the borrower did not agree with documentation, and there was no explanation for the discrepancies in SecurityNational’s loan files. Compensating Factors Not Documented HUD Handbook 4155.1, REV-5, chapter 2, section 5, states that debt-to-income qualifying ratios can be exceeded when significant compensating factors are documented. SecurityNational did not provide compensating factors when the qualifying ratios exceeded the allowable limits. Unsigned Documents HUD Handbook 4155.1, REV-5, paragraph 3-1, states that applications and addendums must be signed by all the borrowers and the lender. The application addendum was not signed by the loan officer. 14
SecurityNational Mortgage Company, Murray, Utah, Did Not Follow HUD Requirements in Underwriting Insured Loans and Did Not Follow Quality Control Requirements
Published by the Department of Housing and Urban Development, Office of Inspector General on 2009-04-28.
Below is a raw (and likely hideous) rendition of the original report. (PDF)