Michael Steer: Coronavirus Highlights Need for Pandemic Planning

Michael Steer is president of Mortgage Quality Management & Research LLC (MQMR), Los Angeles. Contact him at msteer@mqmresearch.com.

Michael Steer

Nearly all companies have engaged in some form of business continuity planning. Generally, this exercise centers around developing contingency plans for maintaining normal operations in the face of a natural disaster or IT outage. However, with concerns surrounding coronavirus sending shockwaves throughout the U.S. and global economies, mortgage companies would be well advised to add pandemics to their list of events that could disrupt normal operations, as this specific type of incident poses unique challenges.

At this point, mandatory quarantines are in effect in major cities around the U.S., and it is not outside the realm of possibility that a nationwide mandatory quarantine may become necessary to slow the spread of infection. Furthermore, many lenders and vendors outsource work to India and other locations outside the U.S., which have instituted similar measures to combat the spread of the disease within their borders. Thus, lenders and vendors need to put a plan in place to limit disruption to their delivery of services.

When it comes to this specific type of planning, several key elements must be addressed. First and foremost, lenders and vendors need to consider the impact of a pandemic on their respective workforces. It is not uncommon for companies, but especially lenders, to have employees located in areas outside of company headquarters. Outbreaks of infectious diseases are generally regional at the outset so knowing the geographic distribution of all employees ensures organizations can quickly assess the potential impact of a pandemic on their employees and respond accordingly.

Given the decentralized nature of most companies’ workforces, teleworking is not an uncommon or unfamiliar practice. However, not all companies allow employees to work remotely and even those that do allow it may have only done so for a small portion of their overall workforce. In the case of a pandemic when teleworking becomes necessary for a company’s entire workforce, those policies may have to be adjusted not only to accommodate such a dramatic increase in remote employees, but also to address changes such as the implementation and use of new communication tools like group instant messenger and video chat, adding guidance to telecommuting policies on do’s and don’ts of working from home and organizational efforts to manage employee engagement in a remote environment.

Companies will also need to address key person dependencies (KPDs) within their organization. Over-reliance on individual employees to perform certain tasks or hold specific organizational knowledge puts companies at risk, especially in situations where those individuals may be unable to work for extended periods due to illness or the need to serve as a caregiver for loved ones. To mitigate this risk, organizations need to map out where KPDs may lie within their company and implement cross-training and succession planning. This helps ensure the organization is not hamstrung by the unexpected absence of individuals within the company.

After personnel-related issues, infrastructure is next on the list of concerns organizations need to address in a pandemic plan. The first step is to map out the company’s entire supply chain to determine where possible vulnerabilities lie and what the potential impact of disruptions to that supply chain could be in terms of ability to provide support, services or products to customers. This could include bans or restrictions on travel if face-to-face or on-site visits are required to complete certain services, such as document custodian audits, document recording in non-eRecording jurisdictions or closing ceremonies in states where remote online notarization (RON) is not legally allowed.

Of course, a discussion on infrastructure in today’s digitally focused climate must include IT. Most companies have addressed IT/network infrastructure in their general disaster recovery plans but may not have taken into consideration an event where 100% of the workforce may be working from home rather than a secondary back-up location, as most business continuity plans address. As such, lenders should be explicit in setting out policies for securing work devices in a work-from-home setting, as well as stressing the importance of protecting any non-public personal identifiable information (NPPI) they may be required to use in the execution of their duties.

With the proper, secure infrastructure and policy, organizations can adequately address any perceived risks in working from home while maintaining the productivity of their workforce. With cloud virtual desktop offerings (“VDIs”) from the like of Amazon Web Services and Citrix, secure remote desktops from premier vendors are a great solution. These VDIs can be connected to network resources over VPN and VDI, and images can be created with pre-installed software to be deployed to many users at once. Additionally, most voice over IP (VoIP) telephone systems allow users to take home secondary desk phones or use an application on their smartphone or computer to make and receive calls. Confirming the functionality of this feature and having a policy in place for deployment is vital in successfully migrating on-site workers to a work-from-home set-up.

With both personnel and infrastructure issues addressed, organizations must then conduct a service level risk assessment to determine the overall degree to which their ability to meet previously established service level agreements (SLA) may be impacted. Using a rating scale of low-medium-high, this assessment not only provides an easy-to-understand overview of where risk lies from a customer/client perspective, but also provides organizations with an opportunity to develop contingency plans to address their highest risk tiers and, thereby, minimize disruption.

Unlike natural disasters, pandemics present unique challenges to organizations in maintaining operations, and there needs to be some flexibility in previously unpermitted practices, such as caring for dependents while on the clock or going with the flow when unannounced visitors (crying babies, furry friends, or sibling conflict) decide to make a guest appearance on video conference calls. As the current situation has amply demonstrated, incorporating pandemics into overall business continuity planning ensures organizations are as prepared as possible, regardless of what comes their way.

(Views expressed in this article do not necessarily reflect policy of the Mortgage Bankers Association, nor do they connote an MBA endorsement of a specific company, product or service. MBA NewsLink welcomes your submissions. Inquiries can be sent to Mike Sorohan, editor, at msorohan@mba.orgor Michael Tucker, editorial manager, at mtucker@mba.org.)