Does anyone outsource management of flood insurance policies to a third party service provider?

Lots of banks do. I'm surprised no one has responded to your post. Maybe it would help if you had a specific question about outsourcing.

Our bank does outsource management of flood insurance policies to a third party service provider. Ensure you have appropriate oversight controls in place as we have detected some issues (not major).

Timely question as I just came back from an OCC Compliance Officer Roundtable where the OCC stated that if you outsource this function, be aware that a prominent servicer used for monitoring for flood policy expiration was recently found to have poor controls...one such failure was that a policy was allowed to lapse for a year before it was detected, then a policy was force placed back to the date of lapse and the borrower was charged for that prior lapse time. The OCC said this is not allowed. The OCC did not divulge the provider's name but stated that the banks need to have appropriate monitoring controls in place to ensure the provider is doing what they should be doing.

We acquired a bank that outsourced management of flood policies. As a result, some of our flood loans (those acquired) are still managed by the third party. Loans originated by us are not. We have never outsourced flood, and I am trying to understand how this will work. If you outsource this function, do you obtain documentation from the third party for the bank's files, or is this maintained by the third party? As part of your flood review, are you reviewing the third party's compliance with flood regulations, making sure that required force place letters are given, and that flood insurance is force placed within 45 days? What is the expectation of the examiners (in our case, FDIC)?

Thank you

In general, the third party maintains the documentation (for example, flood policy renewal docs, force placement letters, etc.). Management will, on a monthly basis, receive reports and perform a spot check on a sample of loans for oversight (requesting documentation as needed). Compliance (2nd line of defense) performs quarterly testing of compliance with the FDPA and also selects a sample of loans and requests documentation from the third party to verify compliance (for example, policy renewals, force placement letters, force placed policies, refunds, etc.). Internal Audit performs an audit on an annual basis as well. During the audit, besides ensuring our oversight processes (1st and 2nd lines of defense) are in place, we also perform our own independent substantive testing for compliance (selecting samples, requesting documentation from the third party) and also obtain the third party's procedures, verify they have a training program in place, etc.