A regional bank recently announced that it was filing a lawsuit against a vendor who, without warning, shutdown its services due to a malware issue. The sudden cessation in services occurred in June 2022, and left the bank scrambling to fill the void for services the vendor had been providing for its customers.
The story is instructive for title agents, who often use third party service providers for a plethora of services, from notaries who handle closings, to a slew of fintech applications, to marketing, accounting and reconciliation services and most significantly, IT services.
Vendors make us operationally more efficient and have been a boon to small agents who in the past found themselves trying to wear several hats in running their businesses.
But it’s important to have some guardrails in place when working with them to make sure if something goes south for your partner, you have a backup plan.
Know who you are hiring
Enough cannot be said about the vetting process when taking on a new service provider or technology. Thoroughly research the company’s background, ownership and experience. Ask who their clients are and be very suspicious if they appear less than transparent.
Most of the long-term and experienced vendors that serve the title insurance industry are well known. Do an informal poll among your colleagues in the business to find out if there have been any issues in the past with the company or individual you want to hire.
Question everything
Before signing on the dotted line, make sure you question everything and walk through every scenario you can imagine arising.
Your potential partner may be taken aback by your “what if” questions, but if they have been in the business long enough, they probably have encountered plenty of “what if” situations and should be able to supply answers and examples of how they have dealt with challenges in the past.
Document everything
ALTA Best Practices require that title agents document everything they do to comply with the Best Practices framework and present that written documentation during the assessment.
This is especially true when hiring third party service providers. It is not enough to take a vendor’s word for it that they have a disaster recovery plan or an incident response plan – you need to see it in writing.
This is critically important when you are working with a third-party entity that has access to your client’s NPI. Specifically, ALTA Best Practice include the following requirements when working with service providers:
- Provide evidence that you have taken information security into consideration when performing due diligence on a third-party provider.
- Verify that you have controls to monitor security procedures of service providers to safeguard customer information (e.g., review of Background Checks, audits, security reviews or tests, intrusion logs).
- Verify that the third-party is maintaining adequate cyber and breach insurance.
Create a back-up plan
Before you hire an outside vendor, know what your options are before you come face to face with a situation similar to that faced by the bank we discussed. It’s important to have not only a short-term “band-aid” fix but also a long-term solution should the provider be out for the count for an extended period of time. And make sure your vendor back-up plan is part of your disaster recovery plan.
We pride ourselves on providing expert, compliant, and professional services to all of our clients. Contact our experienced team at Closingsuite.com today to see how we can help with all your business needs.