Work with federal information systems? Responsible for risk management, continuous monitoring, or FISMA compliance? Check out my book: FISMA and the Risk Management Framework.

Wednesday, August 25, 2010

Proposed SEC rule on asset-backed securities calls for troubling amount of personal information disclosure

In the continuing aftermath of the financial industry meltdown and the contribution to that failure of insufficient oversight of large portions of the securities markets, the Securities and Exchange Commission has proposed significant changes to its Regulation AB, which provides rules for registration, disclosure, and reporting requirements for asset-backed securities, including mortgage-backed securities issued by entities other than government-sponsored agencies such as Fannie Mae, Ginnie Mae, and Freddie Mac. While the vast majority of mortgage-backed securities are issued through one of these agencies, the increase in data disclosure requirements are mirrored in some provisions applying to assets underlying government-backed securities as well. There have been valid concerns raised over the level of due diligence that goes into the securitization process, particularly given the recent problems with sub-prime lending and lender's willingness to offer mortgages to borrowers with little or no documentation. The proposed rules amending Regulation AB would, among other provisions, greatly increase the amount of asset-specific information that must be disclosed by an issuer in support of their asset-backed securities. In the case of securities backed by residential mortgages, the rules would require 137 discrete pieces of information, most of which relate to individual mortgages rather than groups of mortgages pooled for securitization, and many of which are personal data about mortgage holders. For example, information required to be disclosed about each obligor (person or persons responsible for repaying the mortgage to the issuer) would include:
  1. Credit scores and types of scores.
  2. Wage and other income and a code that describes the level of verification.
  3. A code that describes the level of verification of assets.
  4. Length of employment, with an indication of self-employment and a code that describes the level of verification.
  5. The dollar amount of verified liquid/cash reserves after the closing of the mortgage loan.
  6. The total number of properties owned by the obligor that currently secure mortgages.
  7. The amount of the obligor’s other monthly debt.
  8. Debt to income ratio used by the originator to qualify the loan.
  9. A code that describes the type of payment used to qualify for the loan, such as the payment under the starting interest rate, the first year cap rate, the interest only amount, the fully indexed rate or the minimum payment.
  10. The percentage of down payment from obligor’s own funds other than any gift or borrowed funds.
  11. The number of obligors on the loan.
  12. Any other monthly payment due on the property other than principal and interest.
  13. The number of months since any obligor bankruptcy or foreclosure.
  14. The obligor and co-obligor’s wage income, other income and all income.
This information is in addition details about the loan and data that must be provided about the property itself, including its location, purchase price, appraised value, and other attributes which, even if they are not explicitly attached to a named individual, make individual identification trivial. Numerous privacy advocacy organizations have decried the "unprecedented release of individual-level financial data" that would result should these rules take effect in their currently drafted form.

The intent of the proposed rules is clearly to increase the level and quality of information about the assets underlying asset-backed securities, particularly to provide more visibility into the financial soundness of the individual assets. Given the lessons learned in the past few years about the risks of not conducting more rigorous evaluations of these assets, the desire to improve the transparency of these securitized assets seems entirely appropriate, but so the privacy concerns are equally valid. The information the SEC would require will presumably be available to a wide variety of entities, particularly including investors of all types that might consider buying the asset-backed securities once they are offered. This practical consideration presents the SEC with a significant problem in terms of limiting the disclosure of personal information, presuming it has an interest in doing so.

No comments:

Post a Comment