We may be unable to protect our technology or keep up with the technology of our competitors.
We rely on proprietary and licensed software, and other technology, proprietary information and intellectual property to operate our business and to provide us with a competitive advantage. However, we may be unable to maintain and protect, or prevent others from misappropriating or otherwise violating, our rights in such software, technology, proprietary information and intellectual property. In addition, some competitors may have software and technologies that are as good as or better than our software and technology, which could put us at a disadvantage. Some of our systems are based on old technologies that are no longer in common use, and it may become increasingly difficult and expensive to maintain those systems. Our failure to maintain, protect and continue to develop our software, technology, proprietary information and intellectual property could adversely affect our business, financial condition or results of operations.
Any failure of our internal security measures or those of our vendors, or breach of our privacy protections, could cause harm to our reputation and subject us to liability.
In the ordinary course of our business, we receive and store certain confidential nonpublic information concerning borrowers including names, addresses, social security numbers and other confidential information. Additionally, we enter into third-party relationships to assist with various aspects of our business, some of which require the exchange of confidential borrower information. Breaches of security may occur through intentional or unintentional acts by those having authorized or unauthorized access to our systems or our clients' or counterparties' confidential information, including employees and customers, as well as hackers, and through electronic, physical or other means. If such a compromise or breach of our security measures or those of our vendors occurs, and confidential information is misappropriated, it could cause interruptions in our operations and/or expose us to significant liabilities, reporting obligations, remediation costs and damage to our reputation. Significant damage to our reputation or the reputation of our clients could negatively impact our ability to attract or retain clients. Any of the foregoing risks could adversely affect our business, financial condition or results of operations.
While we have obtained insurance to cover us against certain cybersecurity risks and information theft, there can be no guarantee that all losses will be covered or that the insurance limits will be sufficient to cover such losses.
We have obtained insurance coverage that protects us against losses from unauthorized penetration of company technology systems, employee theft of customer and/or company private information, and company liability for third-party vendors who mishandle company information. This insurance includes coverage for third-party losses as well as costs incidental to a breach of company systems such as notification, credit monitoring and identity theft resolution services. However, there can be no guarantee that every potential loss due to cyber-attack or theft of information has been insured against, nor that the limits of the insurance we have acquired will be sufficient to cover all such losses.
Our vendor relationships subject us to a variety of risks.
We have vendors that, among other things, provide us with financial, technology and other services to support our businesses. With respect to vendors engaged to perform activities required by servicing or originations criteria or regulatory requirements, we are required to take responsibility for assessing compliance with the applicable servicing or originations criteria or regulatory requirements for the applicable vendor and are required to have procedures in place to provide reasonable assurance that the vendor’s activities comply in all material respects with servicing or originations criteria or regulatory requirements applicable to the vendor. We have taken steps to strengthen our vendor oversight program, but there can be no assurance that our program is sufficient. In the event that a vendor’s activities do not comply with the servicing or originations criteria or regulatory requirements, it could materially negatively impact our business.
In addition, we rely on third-party vendors for certain services important or critical to our business, such as Black Knight Financial Services, LLC, with whom we have signed a long-term loan servicing agreement for the use of MSP. If our current vendors, particularly the vendors that provide important or critical services to us, were to stop providing such services to us on acceptable terms, or if there is any other material disruption in the provision of such services, we may be unable to procure such services from other vendors in a timely and efficient manner and on acceptable terms, or at all. Further, we may incur significant costs to resolve any such disruptions in service and this could adversely affect our business, financial condition and results of operations.
We have also increased the use of offshore vendors generally, especially with respect to certain of our technology functions. Our reliance on third-party vendors in other countries exposes us to disruptions in the political and economic environment in those countries and regions. Further, any changes to existing laws or the enactment of new legislation restricting offshore outsourcing by companies based in the U.S. may adversely affect our ability to outsource functions to third-party offshore service providers. Our ability to manage any such difficulties would be largely outside of our control, and our inability to utilize offshore service providers could have a material adverse effect on our business, financial condition, results of operations, cash flows and securities.