Corporate governance for covered institution servicers

Ark. Code Ann. § 23-39-520 — under Mortgage Loan Companies and Loan Brokers.

Ark. Code Ann. § 23-39-520

(a) A covered institution servicer shall establish and maintain a board of directors who are responsible for the oversight of the covered institution servicer.

(b) For a covered institution servicer that is not approved to service loans by a government-sponsored enterprise, the Federal National Mortgage Association and the Federal Home Loan Mortgage Corporation, or the Government National Mortgage Association, or when these federal agencies have granted approval for a board alternative, a covered institution servicer may establish a similar body constituted to exercise oversight and fulfill the board of directors' responsibilities under subsection (c) of this section.

(c) The board of directors shall be responsible for:(1) Establishing a written corporate governance framework, including appropriate internal controls designed to monitor corporate governance and assess compliance with the corporate governance framework, available to the Securities Commissioner upon request;(2) Monitoring and ensuring the covered institution servicer's compliance with the corporate governance framework and this subchapter; and(3) Accurate and timely regulatory reporting, including without limitation the requirements for filing the mortgage call report.

(1) Establishing a written corporate governance framework, including appropriate internal controls designed to monitor corporate governance and assess compliance with the corporate governance framework, available to the Securities Commissioner upon request;

(2) Monitoring and ensuring the covered institution servicer's compliance with the corporate governance framework and this subchapter; and

(3) Accurate and timely regulatory reporting, including without limitation the requirements for filing the mortgage call report.

(d) (1) The board of directors shall establish internal audit requirements that are appropriate for the size, complexity, and risk profile of the covered institution servicer, with appropriate independence to provide a reliable evaluation of the covered institution servicer's internal control structure, risk management, and governance.(2) Internal audit requirements established by the board of directors and the results of internal audits shall be made available to the commissioner upon request.

(1) The board of directors shall establish internal audit requirements that are appropriate for the size, complexity, and risk profile of the covered institution servicer, with appropriate independence to provide a reliable evaluation of the covered institution servicer's internal control structure, risk management, and governance.

(2) Internal audit requirements established by the board of directors and the results of internal audits shall be made available to the commissioner upon request.

(e) (1) A covered institution servicer shall receive an external audit, including audited financial statements and audit reports, conducted by an independent certified public accountant annually.(2) The external audit required under subdivision (e)(1) of this section shall:(A) Be available to the commissioner upon request; and(B) Include at a minimum:(i) Annual financial statements including a balance sheet, statement of operations income statement and cash flows, notes, and supplemental schedules, prepared according to generally accepted accounting principles;(ii) An assessment of the internal control structure;(iii) A computation of tangible net worth;(iv) Validation of mortgage servicing rights valuation and reserve methodology, if applicable;(v) Verification of adequate fidelity and errors and omissions insurance; and(vi) Testing of controls related to risk management activities, including compliance and stress testing, if applicable.

(1) A covered institution servicer shall receive an external audit, including audited financial statements and audit reports, conducted by an independent certified public accountant annually.

(2) The external audit required under subdivision (e)(1) of this section shall:(A) Be available to the commissioner upon request; and(B) Include at a minimum:(i) Annual financial statements including a balance sheet, statement of operations income statement and cash flows, notes, and supplemental schedules, prepared according to generally accepted accounting principles;(ii) An assessment of the internal control structure;(iii) A computation of tangible net worth;(iv) Validation of mortgage servicing rights valuation and reserve methodology, if applicable;(v) Verification of adequate fidelity and errors and omissions insurance; and(vi) Testing of controls related to risk management activities, including compliance and stress testing, if applicable.

(A) Be available to the commissioner upon request; and

(B) Include at a minimum:(i) Annual financial statements including a balance sheet, statement of operations income statement and cash flows, notes, and supplemental schedules, prepared according to generally accepted accounting principles;(ii) An assessment of the internal control structure;(iii) A computation of tangible net worth;(iv) Validation of mortgage servicing rights valuation and reserve methodology, if applicable;(v) Verification of adequate fidelity and errors and omissions insurance; and(vi) Testing of controls related to risk management activities, including compliance and stress testing, if applicable.

(i) Annual financial statements including a balance sheet, statement of operations income statement and cash flows, notes, and supplemental schedules, prepared according to generally accepted accounting principles;

(ii) An assessment of the internal control structure;

(iii) A computation of tangible net worth;

(iv) Validation of mortgage servicing rights valuation and reserve methodology, if applicable;

(v) Verification of adequate fidelity and errors and omissions insurance; and

(vi) Testing of controls related to risk management activities, including compliance and stress testing, if applicable.

(f) (1) A covered institution servicer shall establish a risk management program under the oversight of the board of directors that is available to the commissioner upon request that identifies, measures, monitors, and controls risk sufficient for the level of sophistication of the covered institution servicer.(2) The risk management program required under subdivision (f)(1) of this section shall:(A) Have appropriate processes and models in place to measure, monitor, and mitigate financial risks and changes to the risk profile of the covered institution servicer and assets being serviced; and(B) Be scaled to the complexity of the covered institution servicer, but be sufficiently robust to manage risks in several areas, including without limitation:(i) Credit risk, including the potential that a borrower or counterparty will fail to perform on an obligation;(ii) Servicing liquidity risk, including the potential that the covered institution servicer will be unable to meet the covered institution servicer's obligations as the obligations come due because of an inability to liquidate assets or obtain adequate funding or that it cannot easily unwind or offset specific exposures;(iii) Operational risk, including the risk resulting from inadequate or failed internal processes, people, and systems or from external events;(iv) Market risk, including the risk to the covered institution servicer's condition resulting from adverse movements in market rates or prices;(v) Compliance risk, including the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a covered institution servicer;(vi) Legal risk, including the potential that actions against the covered institution servicer that result in unenforceable contracts, lawsuits, legal sanctions, or adverse judgments can disrupt or otherwise negatively affect the operations or condition of the covered institution servicer; and(vii) Reputation risk, including the risk to earnings and capital arising from negative publicity regarding the covered institution servicer's business practices.

(1) A covered institution servicer shall establish a risk management program under the oversight of the board of directors that is available to the commissioner upon request that identifies, measures, monitors, and controls risk sufficient for the level of sophistication of the covered institution servicer.

(2) The risk management program required under subdivision (f)(1) of this section shall:(A) Have appropriate processes and models in place to measure, monitor, and mitigate financial risks and changes to the risk profile of the covered institution servicer and assets being serviced; and(B) Be scaled to the complexity of the covered institution servicer, but be sufficiently robust to manage risks in several areas, including without limitation:(i) Credit risk, including the potential that a borrower or counterparty will fail to perform on an obligation;(ii) Servicing liquidity risk, including the potential that the covered institution servicer will be unable to meet the covered institution servicer's obligations as the obligations come due because of an inability to liquidate assets or obtain adequate funding or that it cannot easily unwind or offset specific exposures;(iii) Operational risk, including the risk resulting from inadequate or failed internal processes, people, and systems or from external events;(iv) Market risk, including the risk to the covered institution servicer's condition resulting from adverse movements in market rates or prices;(v) Compliance risk, including the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a covered institution servicer;(vi) Legal risk, including the potential that actions against the covered institution servicer that result in unenforceable contracts, lawsuits, legal sanctions, or adverse judgments can disrupt or otherwise negatively affect the operations or condition of the covered institution servicer; and(vii) Reputation risk, including the risk to earnings and capital arising from negative publicity regarding the covered institution servicer's business practices.

(A) Have appropriate processes and models in place to measure, monitor, and mitigate financial risks and changes to the risk profile of the covered institution servicer and assets being serviced; and

(B) Be scaled to the complexity of the covered institution servicer, but be sufficiently robust to manage risks in several areas, including without limitation:(i) Credit risk, including the potential that a borrower or counterparty will fail to perform on an obligation;(ii) Servicing liquidity risk, including the potential that the covered institution servicer will be unable to meet the covered institution servicer's obligations as the obligations come due because of an inability to liquidate assets or obtain adequate funding or that it cannot easily unwind or offset specific exposures;(iii) Operational risk, including the risk resulting from inadequate or failed internal processes, people, and systems or from external events;(iv) Market risk, including the risk to the covered institution servicer's condition resulting from adverse movements in market rates or prices;(v) Compliance risk, including the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a covered institution servicer;(vi) Legal risk, including the potential that actions against the covered institution servicer that result in unenforceable contracts, lawsuits, legal sanctions, or adverse judgments can disrupt or otherwise negatively affect the operations or condition of the covered institution servicer; and(vii) Reputation risk, including the risk to earnings and capital arising from negative publicity regarding the covered institution servicer's business practices.

(i) Credit risk, including the potential that a borrower or counterparty will fail to perform on an obligation;

(ii) Servicing liquidity risk, including the potential that the covered institution servicer will be unable to meet the covered institution servicer's obligations as the obligations come due because of an inability to liquidate assets or obtain adequate funding or that it cannot easily unwind or offset specific exposures;

(iii) Operational risk, including the risk resulting from inadequate or failed internal processes, people, and systems or from external events;

(iv) Market risk, including the risk to the covered institution servicer's condition resulting from adverse movements in market rates or prices;

(v) Compliance risk, including the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a covered institution servicer;

(vi) Legal risk, including the potential that actions against the covered institution servicer that result in unenforceable contracts, lawsuits, legal sanctions, or adverse judgments can disrupt or otherwise negatively affect the operations or condition of the covered institution servicer; and

(vii) Reputation risk, including the risk to earnings and capital arising from negative publicity regarding the covered institution servicer's business practices.

(g) (1) A covered institution servicer shall conduct a risk management assessment on an annual basis concluding with a formal report to the board of directors and be available to the commissioner upon request.(2) Evidence of risk management activities throughout the year shall be maintained and made part of the report, including findings of issues and the response to address the findings made in the report.

(1) A covered institution servicer shall conduct a risk management assessment on an annual basis concluding with a formal report to the board of directors and be available to the commissioner upon request.

(2) Evidence of risk management activities throughout the year shall be maintained and made part of the report, including findings of issues and the response to address the findings made in the report.