A mortgage fund runs a portfolio of mortgage notes against a pooled investor base under a Reg D §506 offering and an Investment Company Act §3(c)(5)(C) real-estate exception. The fund runs the loans against the investor base under a preferred-return waterfall and runs the investor reporting against the fund’s operating agreement. The mechanical execution of the portfolio — payment posting, escrow administration, borrower communications, statutory reporting, and trust-account discipline — runs through a subservicer under 12 CFR §1024.31. This guide walks the subservicing framework from the master-subservicer split through the agreement terms, the SOC report framework, the investor-reporting framework, and the audit discipline that runs a fund subservicing arrangement done right.

The master-subservicer split under 12 CFR §1024.31

12 CFR §1024.31 — the RESPA Regulation X definitions section — runs the master servicer and the subservicer as two distinct roles on the same loan. The master servicer runs the legal ownership of the servicing right and runs the ultimate regulatory and investor-reporting responsibility on the loan. The subservicer runs the mechanical execution against the borrower under a subservicing agreement with the master servicer. A mortgage fund runs the master-servicer role on the portfolio — the fund holds the note, runs the legal owner framework, and runs the investor-reporting obligation to the fund’s lender-investor base — and contracts a subservicer for the mechanical execution. The fund runs the master-servicer accountability against the regulator and the investor base; the subservicer runs the mechanical compliance against the loan-level requirements.

The Subservicing Agreement framework

The Subservicing Agreement runs the contractual framework between the fund and the subservicer. The agreement runs four operational frameworks against the portfolio. First, the service-level framework — payment posting on a twenty-four-hour standard, call answer on a two-minute standard, payoff-statement turnaround on a five-to-seven business-day standard, and 1098 and 1099 issuance against the IRS deadline. Second, the trust-account framework — the subservicer holds borrower funds in a fiduciary trust account against the fund as beneficiary, runs the three-way reconciliation framework, and runs the audit record framework against the regulator. Third, the records framework — the original notes run with the fund’s collateral custodian under a separate custody agreement; the subservicer holds working copies and runs the loan-file framework against the audit rights. Fourth, the termination framework — termination for cause runs immediate, termination without cause runs on a thirty- to ninety-day notice with a deboarding fee schedule and a records-transfer protocol against the successor subservicer.

Indemnification and audit rights

The Subservicing Agreement runs an indemnification framework against the subservicer’s negligence and willful misconduct, with a carve-out for losses caused by the fund’s direction. The agreement runs the audit-rights framework against the subservicer’s loan files, trust-account records, and compliance documentation. The standard runs an annual on-site or virtual audit and runs a five-business-day access framework on loan-file requests during the audit cycle. The agreement runs the compliance-covenant framework against the federal Applicable Requirements — RESPA Regulation X, TILA Regulation Z, FDCPA, FCRA, GLBA and the Safeguards Rule — and runs a cybersecurity addendum against the GLBA written information security plan and the FTC thirty-day notification framework against a notifiable data security event.

SOC 1 Type II and SOC 2 Type II

A mortgage fund runs SOC 1 Type II as the baseline audit framework against the subservicer. SOC 1 Type II runs the Internal Controls over Financial Reporting framework across a six- to twelve-month period and runs the operating-effectiveness test against the subservicer’s controls. The fund runs the SOC 1 Type II report against the fund’s own audit framework — the fund’s auditor runs the subservicer’s controls into the fund’s financial-statement audit framework under AS 2601 service-organization audit standards. SOC 2 Type II runs the Trust Services Criteria framework — security, availability, processing integrity, confidentiality, and privacy — across the same six- to twelve-month period. After the 2024 GLBA Safeguards Rule notification amendment under FTC 16 CFR §314, the SOC 2 Type II framework runs as table stakes on a fund subservicing engagement.

Investor reporting framework

The fund runs the investor-reporting framework against the fund’s operating agreement and runs the framework on two cycles. The monthly cycle runs against the lender-investor base on a portfolio-level performance framework — loan-by-loan principal and interest received, escrow analysis, delinquency, and reserve framework. The quarterly cycle runs the waterfall distribution against the preferred-return framework, the catch-up framework, and the carried-interest split against the carry partner. The fund runs the K-1 framework against the lender-investor base on the annual cycle under partnership tax rules and runs the foreign-investor withholding framework against the foreign investors under FIRPTA and the non-resident-alien withholding framework. The subservicer runs the underlying loan-level data into the fund’s investor-reporting framework — the fund runs the K-1 against the partnership accounting framework, and the subservicer runs the loan-level remittance file against the fund’s fund-administrator framework.

Insurance and bonding framework

The Subservicing Agreement runs four insurance frameworks against the subservicer. The errors-and-omissions framework runs against the subservicer’s professional liability on the loan-servicing function — the standard runs a professional-liability floor against the engagement size. The cyber-liability framework runs against the subservicer’s data-security exposure under the GLBA Safeguards Rule and the state-level breach-notification framework — the standard runs a cyber-liability floor against the data-exposure profile. The fidelity-bond framework runs against the subservicer’s employee-dishonesty exposure on the trust-account framework — the bond runs against the maximum trust-account balance accessible by a signatory. The crime-coverage framework runs against third-party theft and forgery against the subservicer’s operations. The fund runs the insurance-certificate framework against the subservicer on the engagement cycle and runs the renewal-monitoring framework against the policy expiration cycle.

Build-vs-buy economics

The fund runs the build-vs-buy framework against the portfolio size and the loan complexity. A portfolio under five hundred loans runs the subservicing framework against the in-house framework on the fixed-cost burden — proprietary platform licensing, compliance officers, SOC audit engagement, and regulatory-grade compliance management system. The five-hundred- to five-thousand-loan range runs the subservicing framework as the operationally efficient framework against the in-house build, except where servicing runs as a core differentiation framework for the fund. The five-thousand-plus-loan range runs the in-house build against the breakeven framework on per-loan cost, against the scale-appropriate technology framework, and against the regulatory-grade compliance management framework. A mid-size mortgage fund runs the subservicing framework against the in-house build on the operational and economic framework.

Common audit findings on fund subservicing

Five audit findings run against a fund subservicing engagement on a recurring framework. The first runs the trust-account framework — the subservicer runs the trust account against the fund as beneficiary, and the audit finds the three-way reconciliation framework running outside the monthly cycle. The second runs the investor-reporting framework — the fund runs the reporting against the lender-investor base on the operating-agreement cycle, and the audit finds the reporting framework running against a stale or non-reconciled loan-level data set. The third runs the SOC report framework — the fund runs the engagement against the subservicer on the prior-year SOC 1 Type II, and the audit finds the current-year SOC engagement running outside the engagement cycle. The fourth runs the insurance framework — the fund runs the engagement against the certificate framework, and the audit finds the policy framework running outside the renewal discipline. The fifth runs the records framework — the fund runs the original notes with the collateral custodian, and the audit finds the working-copy framework running outside the loan-file completeness standard.

Frequently Asked Questions

What is the difference between a master servicer and a subservicer on a mortgage fund?

12 CFR §1024.31 runs the master servicer as the legal owner of the servicing right and the ultimate regulatory and investor-reporting responsibility on the loan. The subservicer runs the mechanical execution against the borrower under a subservicing agreement with the master servicer. A mortgage fund runs the master-servicer role on the portfolio — the fund holds the note, runs the investor-reporting obligation against the lender-investor base, and runs the regulatory accountability against the state and federal framework. The subservicer runs the loan-level execution under the Subservicing Agreement.

What SOC report does a mortgage fund need from a subservicer?

A mortgage fund runs SOC 1 Type II as the baseline audit framework against a subservicer. SOC 1 Type II runs the Internal Controls over Financial Reporting framework across the six- to twelve-month operating-effectiveness period. The fund’s financial-statement auditor runs the SOC 1 Type II report into the fund’s own audit framework under AS 2601 service-organization audit standards. SOC 2 Type II runs the Trust Services Criteria framework and runs as the table-stakes data security framework against the GLBA Safeguards Rule framework after the 2024 FTC notification amendment.

How does the subservicer handle the trust account for a mortgage fund?

The subservicer holds borrower funds in a fiduciary trust account on behalf of the fund. The fund runs as the beneficial owner of the trust account; the borrower runs as the source of the trust funds; the subservicer runs the fiduciary administration against the trust-fund framework. The subservicer runs the three-way reconciliation framework on the trust account monthly — bank statement against control record against beneficiary ledger. A California broker subservicer runs the trust-account framework under §10145 of the Business and Professions Code and the Title 10 §2830 through §2835 regulation framework.

What insurance does a subservicer need on a mortgage fund engagement?

The Subservicing Agreement runs four insurance frameworks against the subservicer — errors and omissions on the professional-liability framework, cyber liability on the data-security framework, fidelity bond on the employee-dishonesty framework against the trust account, and crime coverage on the third-party theft and forgery framework. The standard runs a professional-liability floor and a cyber-liability floor sized against the engagement profile. The fund runs the certificate-of-insurance framework on the engagement cycle and runs the renewal-monitoring framework on the policy-expiration cycle.

How often should a mortgage fund audit the subservicer?

The standard runs an annual on-site or virtual audit against the subservicer. The audit-rights framework runs against the subservicer’s loan files, trust-account records, and compliance documentation on a five-business-day access framework. The fund runs the SOC 1 Type II report against the subservicer on the annual cycle and runs the on-site audit framework against the trust-account reconciliation, the investor-reporting framework, and the compliance covenants. The fund runs the audit framework against a defined sample of loan files — performing, delinquent, modified, and in-foreclosure — and runs the finding framework against the Subservicing Agreement’s remediation framework.

When does a mortgage fund build servicing in-house?

A mortgage fund runs the in-house build at five thousand loans against the breakeven framework on per-loan cost. The five-hundred- to five-thousand-loan range runs the subservicing framework as the operationally efficient framework. The under-five-hundred-loan range runs the subservicing framework against the in-house build on the fixed-cost burden — proprietary platform licensing, compliance officers, SOC audit engagement, and regulatory-grade compliance management system. A mid-size mortgage fund runs the subservicing framework against the in-house build on the operational and economic framework.

Want to set up your fund subservicing the right way?

Mortgage fund subservicing runs across four operational frameworks — the Subservicing Agreement framework under 12 CFR §1024.31, the SOC 1 Type II and SOC 2 Type II framework, the investor-reporting framework against the operating agreement, and the trust-account framework against the fiduciary discipline. Note Servicing Center runs the fund subservicing framework against the master-subservicer split, the audit-rights framework, the SOC report framework, and the investor-reporting framework.

Explore the cluster

Related Topics

This article is educational and does not constitute legal advice. The fund subservicing framework runs under 12 CFR §1024.31 — RESPA Regulation X — and runs against federal frameworks including the GLBA Safeguards Rule and the FTC notification framework. State frameworks run against the California Department of Real Estate §10145 trust-fund framework and the equivalent state-level frameworks against the subservicer’s licensure. Consult qualified legal counsel and a qualified fund-administrator on the specific subservicing arrangement against any fund portfolio.

Sources