Out of ambition or necessity

The relationship between commercial fee appraisers and chief appraisers in banks has changed dramatically over the years. There’s a lot of established relationships, but there’s considerable stress on both sides of the fence. Commercial fee appraisers feel the compression of fees. Those in appraisal departments feel significantly overworked and understaffed. Vendor management creeping in may strain the relationship further.

True cost of bank work

Appraisers that lack workflow software don’t exactly know how much bank work they do. Their guess is usually 60% to 70% of the entire company revenue. First it would be good to know exactly how many reports and total dollar volume annually. Setting that aside, as the owner of an appraisal firm, what are you going to do about it? Worrying about it is has been the most common response, channeling Pink Floyd lyrics, “running over the same ground, and how we found, the same old fears.”

What’s vendor management?

Service organization control (SOC) 2 is an auditing procedure designed to ensure that third-party service providers or simply service organizations, can securely manage data to protect the interests and privacy of its clients.

There are a couple of different levels of SOC 2 audits. SOC 2 Type 1 report assesses the design of security processes at a specific point in time, while a Type 2 report assesses how effective those controls are over time by observing operations for six months. RealWired with our enterprise appraisal and environmental workflow platform called YouConnect, has Type 1 SOC 2 certification.

Why do I care?

The cost of vendor management compliance will cost fee appraisers two things. A lot of your personnel time and $$$. It’s expensive, it’s a lot of paperwork, there’s a ton of questions to answer. As a small appraisal firm you might just think, that’s it, I’m done with bank work. But unless you can magically replace that 60% – 70% revenue, you should take the time to know its impact on you and your people.

According to the video below with Paul Ping, vendor management compliance may not affect you next week. You also might be thinking, “I don’t do work for the biggest banks in the country, so I’m good.” That may be a mistake, as regulations often flow downward from the largest banks to the regionals and ultimately community banks.

Next steps

Consolidation of appraisal firms has been evident in the last couple years. Firms like BBG for example, aggressively expanding, hiring, providing a lucrative runway for appraisers. The majority of commercial appraisal firms in the US are not national firms. They’re home to arguably the best appraisers in the country. This is not a knock to the national firms at all. Rather this is a discussion to those small firms that can’t afford the time or cost of SOC compliance. Guess what? The national appraisal firms (for the most part) already have SOC compliance.

I suggest something that sounds crazy. Call your competing appraisal firms in your area and have a discussion. Talk about the potential of sharing in the cost and knowledge base to obtain whatever level of SOC your bank client may request of you.

Not a personal endorsement, but I hear good things about practicalassurance.com (compliance for startups and SMBs SOC2 readiness and penetration testing) and secureframe.com that aims to streamline your security compliance.

Here’s what I hear from other people

  1. Don’t provide every client access to your SOC2 audit.
  2. Pragmatically it will involve appraisal premium pricing to get some cost recovery.
  3. SOC2 will make your firm more secure and systemized. You will be FORCED to do things you SHOULD be doing.
  4. Lots of work to do and no one in your office will like it. The upside may help you get bigger assignments.
  5. Saying you’re working on a SOC2 may allow banks to keep you on the approved appraiser list.
  6. Getting on approved appraiser list is an arduous journey for both fee appraisers and those in appraisal departments. That said, compliance provides a barrier to entry.
  7. You’re going to have to fill out a bunch of security questionnaires even though the answers are often in your SOC2.
  8. SOC2 certification is a ton of work.
  9. Don’t bother using large accounting firms like Deloitte or you will be looking at $60k plus a TON of your key staff’s resource time.
  10. Make compliance part of your marketing and sales messaging.

Data security isn’t going away

If you haven’t already, those in appraisal departments will feel the pressure to communicate compliance to their fee panel. These will include discussions and verification of confidentiality, process integrity, security and privacy.

How does your third-party vendor (insert your appraisal firm name) collect and use personal information? Do they take into consideration the disclosure and disposal of data in line with the privacy notice of your bank?

I didn’t know there was going to be a test

Can your appraisal office really successfully complete a pen test? An authorized simulated cyberattack on your computer systems for most any firm results in numerous security and process issues. Old Window boxes never updated, the same password used everywhere, open wireless devices, personal laptops not vetted by your IT, haphazard antivirus, no documented security process when appraisers leave the firm, the list is endless.

The solution

Appraisal firm owners should start TALKING to one another. This seems like a strange concept, but coming together sharing cost and knowledge base will serve two main purposes: 1. keep your current revenue intact and 2. continue to provide your awesome valuation skills to financial institutions. It’s a win-win, but it will take time, money, involvement and change.

Call or email me if you would like to continue this discussion. Maybe we can start a national group, association, whatever. Let’s make it happen. Out of ambition or necessity, we’ll find a way.

Listen to our Podcast Thumbnail