With Fraud Risk, It’s Not Who You Know, It’s What You Know

The recent news that both Fidelity National Title and First American Title were both victims of a serious cyber breach has shocked many in the mortgage and real estate industries. Surely two large, public, well capitalized businesses would have the technology, staff and expertise to protect their business operations from ransomware and hacking right? Apparently not.

Too many lenders have assumed that addressing fraud risk is for the small, mom and pop businesses who are the backbone of our business community and turned away from objectively and aggressively holding larger companies accountable to the same risk management evaluations and monitoring programs. ”We know them, “ lenders said. ”They are major players,” associations said. ”They told us they do not have to be vetted because they vet themselves,” many insisted.

The truth is that risk management is for everyone. Every single third-party service provider whom a lender conducts its business with must be objectively evaluated for risk on an ongoing basis, because today’s good risk may be tomorrow’s bad risk. It’s that simple.

When Secure Insight first started back in 2012, we were told that the settlement industry did not need risk management and we would not last. We were chastised for implying that holding everyone accountable to a well- managed and objective risk management assessment program would hurt the industry. Since then, billions in wire fraud losses, millions in vendor risk compliance penalties, and a large number of operational losses have proven that those who turn their backs on a robust, objective risk management program applied equally and effectively to every vendor, will pay a steep price. In contrast those who have embraced our approach have avoided such losses and continue to thrive despite pervasive fraud schemes.

Cyber fraud can impact anyone, even a Fidelity and a First American. The criminal elements are that good. The lesson for lenders is that it is not who you know, but what you know that helps deter fraud. It is the quality of the data, the uniform application of the program, and the constant vigilance that gives you the best chance to avoid becoming a victim. It’s nothing personal. As we said when we launched our Closing Guard tool, our motto is “trust, but verify.” This is still true today.

Does Artificial Intelligence Have a Future In The Mortgage Industry?

The rise of AI-Artificial Intelligence is dominating industry and news headlines. Elon Musk has recently called AI the greatest tool for the advancement of civilization and the most dangerous technology that could transform mankind into a subservient lower life form. Others have decried the use of AI such as ChatGPI as a tool that could be used to spread disinformation. The drama regarding AI is real, but what about AI in mortgage transactions? Can AI lower costs, increase efficiencies and help make fair, objective and profitable business decisions for lenders? Some experts believe that AI can improve mortgage banking in several ways, including:

Streamlining the loan application process: AI can help automate and simplify the loan application process by automatically verifying income, assets, and credit scores. This can reduce the time and effort required for borrowers to submit their applications and help lenders process them more quickly.
Better risk assessment: AI can analyze data from various sources, such as credit reports, employment history, and property values, to accurately predict the likelihood of a borrower defaulting on their loan. This can help lenders make more informed decisions about loan approvals and pricing.
Personalization: AI can help mortgage lenders personalize their offerings based on the individual needs and preferences of borrowers. For example, AI algorithms can recommend specific loan products, interest rates, and terms based on a borrower’s credit history, income, and other relevant factors.
Fraud detection: AI can help mortgage lenders detect and prevent fraud by analyzing large amounts of data to identify patterns and anomalies that may indicate fraudulent activity.
Predictive analytics: AI can help lenders predict when borrowers may be at risk of defaulting on their loans, allowing them to take proactive steps to prevent or mitigate losses.
If used correctly, AI does have the potential to improve the efficiency, accuracy, and profitability of mortgage banking, while also providing a better customer experience for borrowers. As with any product or service that has the ability to help and harm, sufficient government regulation is likely needed to ensure that the application and use of the technology is governed by reasonable rules and standards. The future of AI is here already, however its ultimate application in our lives, and specifically with respect to financial transactions such as mortgage lending, is still developing. Consequently the time is now to be educated and have a voice regarding the use of AI in the industry.

If you thought this article was informative, note that 50% of it was written with the assistance of an AI research tool.

Wire and Cyber Fraud Risks Reflected in Nationwide Mortgage Industry Survey

Secure Insight, the leading provider of technology solutions to prevent wire fraud and mortgage closing fraud, surveyed 48,356 nationwide settlement professionals over the period August 1, 2023, through August 18, 2023. Specifically, the survey asked whether attorneys, escrow officers and title agents had experienced wire fraud incidents in the past 12 months, had been a witness to fraud in a transaction (involving other parties), carried cyber insurance coverage, and conducted cyber fraud training.

With wire fraud and cyber-attacks dominating the news, and with conflicting and sometimes erroneous reports of the nature and magnitude of these events being published, SI wanted to hear the story straight from the professionals who are conducting closings and in the best position to observe and experience wire fraud and closing fraud.

A summary of the responses reflects very interesting statistics.

Twenty percent (20%) of the survey respondents had themselves been victims of wire fraud and attempted cyber fraud to intercept bank proceeds in the past 12 months, placing an estimated $560 Million dollars of lender funds at risk.
Thirty-one percent (31%) of respondents stated that they had witnessed fraud in a transaction where another party was victimized, frequently the seller or a real estate agent.
Although only twenty-four percent (24%) of settlement agents were asked by lenders to provide evidence of cyber insurance coverage, seventy-two percent (72%) have purchased and carry coverage in the event of a loss.
Most encouraging, the survey found that a full ninety-one percent (91%) of settlement agents conduct formal cyber fraud detection and prevention training for their employees.
Andrew Liput, SI CEO observed, “These survey reflects the significant dangers lurking in the mortgage industry with respect to the privacy of financial communications, the exposure of electronic funds transfers to potential man-in-the-middle hacking efforts, and the risk to lenders of losing all or a portion of their proceeds during the closing of a residential mortgage transaction. While the increase in cyber coverage is a positive step in offsetting losses, it is not risk management and only shifts the risk of loss to insurers who are rapidly increasing premiums and deductibles or no longer covering these risks.”

Education, training and adopting a risk management program through an internal process or outsourcing to a vendor remain the best bets to avoid these losses.

Secure Insight is a nationwide wire fraud and mortgage closing fraud risk management prevention company located in New Jersey. Founded in 2012, the company was the first to focus on wire fraud and vendor management risks experienced by mortgage lenders. Since 2012 it has supervised more than 20 million residential mortgage closings on behalf of lenders with zero fraud losses and maintains a database of thousands of professionals nationwide whom it monitors for fraud risk.

For more information, please visit http://www.secureinsight.com or contact Amanda Padd at ap***@se***********.com

SVB Failure Starts Aggressive Regulation Talk in Washington, IMBs Take Note

It did not take long after the Silicon Valley Bank failure for politicians in Washington to rush to the next available microphone and lament the “loosening of bank regulations”. Instinctively the finger pointing began, and in many quarters ended up in the direction of the prior administration’s policy to generally roll back stringent business regulations and allow free market decisions to govern various industries.

Chief among the complainants (no pun intended) was Sen Elizabeth Warren, who emerged out of the 2008 crisis as an architect and advocate for the Wall Street Reform Act and the creation of the vaunted Consumer Financial Protection Bureau ( CFPB), which she briefly directed.

Just yesterday in DC’s The Hill publication, Sen Warren was reported as blaming the the collapse of Silicon Valley Bank on Republicans in Congress, which in 2018 helped pass a law to ease bank regulations put in place following the 2008 financial crisis.  “No one should be mistaken about what unfolded over the past few days in the U.S. banking system: These recent bank failures are the direct result of leaders in Washington weakening the financial rules,” Warren is quoted as saying.

According to The Hill piece, Warren, who voted against the 2018 bank deregulation bill, said that the crises would have been avoided if the banks were required to hold more liquid assets because the bill exempted banks with less than $250 billion in assets from rigorous Fed stress tests. Warren and other Democrats say the old rules could have caught the issues at SVB sooner.

Given that politicians generally “never let a crisis go to waste,” many now suspect that the banking industry is about to be slammed with heightened regulatory scrutiny, tighter operational rules, more audits and exams, and larger and very public fines, penalties and consent orders.

What does this mean for independent mortgage bankers (IMBs)? It means that they have to get back to the compliance mindset they were frightened into adopting between 2008 and 2018, and before the bottoming out of interest rates led everyone to believe that easy money was here to stay and that self-regulation meant hiring more loan officers. Keep those risk management officers and compliance directors close by folks, we are all in for a bumpy ride on the regulatory roller coaster!

Why Compliance And Fraud Prevention Are Critical For Mortgage Lenders Right Now

Compliance is important to mortgage lenders because it helps ensure that they are following federal and state regulations related to lending, consumer protection, and fair lending practices. This helps minimize legal risk and protects the lender’s reputation, while also ensuring that borrowers receive fair and transparent loans.

Compliance is equally important regardless of the state of the business, whether it is doing well or facing difficulties. Failing to comply with regulations can result in legal and financial consequences, which can be even more severe when the business is struggling. Moreover, maintaining a good reputation for compliance can enhance the credibility and trust of the business, which is crucial for attracting and retaining customers, especially during tough times. Hence, compliance should always be a priority, regardless of the state of the business.

With statistics reflecting the rise of fraud in down economic markets, there are big risks to eliminating or scaling back fraud prevention and deterrence tools when revenue is down.  This is especially true for lenders where they have an obligation to protect consumers from fraud that can cause serious harm to them during a mortgage transaction.

Mortgage fraud can have serious consequences for consumers, including:

Financial loss: Consumers may lose their homes or their savings if they become victims of mortgage fraud.

Credit damage: Fraudulent mortgage activity can harm consumers’ credit scores, making it more difficult and expensive for them to obtain loans in the future.

Stress and emotional harm: The process of dealing with mortgage fraud can be stressful and emotionally draining for consumers, who may feel violated and vulnerable.

Legal trouble: Consumers may face legal action if they are found to have participated in or unknowingly facilitated fraudulent mortgage activity.

Overall, mortgage fraud can have a significant negative impact on consumers’ financial security, reputation, and well-being.

For those lenders committed to fighting fraud and protect consumers from harm, the decision then becomes how to do it effectively and affordably.  A critical point when making this determination involves the differences in the quality of data used for risk management. Some of the factors that can affect the quality of data include:

Data accuracy: The data used for risk management should be accurate and up to date to ensure that it reflects the current state of the business or market.

Data completeness: Data used for risk management should be complete and cover all relevant aspects of the business or market being analyzed.

Data consistency: The data used for risk management should be consistent, meaning that it should use the same definitions and units of measurement across different sources.

Data reliability: The data used for risk management should be reliable, meaning that it should come from trustworthy sources and be free from errors or biases.

Data relevance: The data used for risk management should be relevant to the specific risk being analyzed and provide actionable insights to help manage that risk.

Quality of data is important for effective risk management as it directly impacts the accuracy and reliability of risk assessments and decision-making.

Beyond the quality of data, what about the process used to evaluate and report on the risks associated with the data being managed?  If it acceptable to outsource?  Is it risky to outsource where the functions of data analysis and risk evaluation are conducted overseas?

Outsourcing itself involves little risk if a lender properly investigates the vendor, its process and its reliability in delivering the promised results. Outsourcing data to overseas companies however can pose several business risks, including:

Data privacy: Foreign companies may not be subject to the same privacy laws as those in the country where the data originates, which can put sensitive information at risk.

Cybersecurity: Outsourced data may be vulnerable to cyber-attacks, especially if the foreign company does not have robust security measures in place.

Data breaches: A breach of sensitive data at an overseas company can have serious consequences for the company and its customers, as well as damage its reputation.

Loss of control: Outsourcing data to a foreign company means giving up control over the data, which can limit the ability to manage the data or access it when needed.

Compliance: Foreign companies may not be subject to the same regulations or standards as those in the country where the data originates, which can make it more difficult to ensure compliance with regulations such as data protection laws.

Reliability: There may be concerns about the reliability of the foreign company, such as the ability to deliver quality services or meet contractual obligations.

In summary, outsourcing data to overseas companies can expose businesses to a range of risks, from data privacy and security to reliability and compliance, and it is important to carefully assess the risks and benefits before making a decision.

What then about ROI?  Many lenders view compliance as a drain on their budget and not a revenue enhancement.  Decisions are often made to trim fraud tools when revenue is off, perhaps because the risk of a fraud loss outweighs the need to maintain cash flow.  Yet that decision can ultimately be fatal to a company’s existence.

The return on investment (ROI) of operational risk management is the increase in financial performance or cost savings that result from implementing an effective operational risk management program. Yet, the ROI of operational risk management can be difficult to quantify, as it depends on a variety of factors, including the size and complexity of the organization, the nature of its operations, and the specific risks being managed.

However, some of the benefits of operational risk management that can contribute to a positive ROI include:

Cost savings: By identifying and mitigating risks before they materialize, organizations can reduce the costs associated with losses, legal fees, and other expenses.

Improved efficiency: An effective operational risk management program can help organizations streamline their processes and improve their overall efficiency.

Better decision-making: With a better understanding of the risks they face, organizations can make more informed and effective decisions.

Enhanced reputation: Organizations that are seen as responsible and risk-averse can enhance their reputation and increase customer trust.

Ultimately, the ROI of operational risk management will depend on how well the program is designed and implemented, as well as the specific risks and challenges faced by the organization.

The bottom line is this: lenders cannot simply turn off or turn away from compliance, especially compliance that involves fraud prevention and deterrence when revenue is off.  Often the key to maintaining your business in a down market is compliance and fraud prevention.  Reduced cash flow only makes a lender more vulnerable to financial harm and even insolvency when a fraud event occurs.

While fraud tools are not immediate revenue enhancers, they are always revenue protectors, preserving lenders’ hard earned profits from poaching by criminal elements, and from depletion from fines and penalties for regulatory non-compliance.

NCUA Releases 2023 Guidelines for Credit Unions on Fraud Prevention, Cybersecurity and Consumer Protection

NCUA Releases 2023 Guidelines for Credit Unions on Fraud Prevention Cybersecurity and Consumer Protection

The National Credit Union Administration, which issues regulations and guidance for credit union operations nationwide, released its 2023 guidelines today covering key topics for its members. High on the list of items credit unions need to be focused on are: fraud prevention and detection tools, cyber security defense plans, and consumer protection policies.

Credit Unions tend to be more customer sensitive, which makes sense as the customer relationship typically precedes and extends beyond a mortgage transaction. Protecting the experience of their credit union members in all aspects of their business relationship is critical to maintaining their overall success, including growth and retention of their membership. This is very different from the typical mortgage broker or mortgage lender experience where a relationship will not usually extend beyond one or perhaps two transactions in a lifetime.

Consequently credit unions must be more laser-focused on the issues of compliance relating to fraud, cyber security and consumer protection. One bad event can close a credit union’s doors for good.

Because many credit unions are multi-faceted business enterprises, mortgage lending is often managed through the outsourcing of the lending workflow to a CUSO (credit union servicing organization) and to experienced vendors in areas such as cybersecurity and fraud prevention. At Secure Insight we have helped many credit unions manage the risk of wire fraud and closing table mortgage fraud for years, and it is an effective partnership.

For more detailed information on NCUA’s new regulatory supervision letter for 2023, please use this link:

https://www.ncua.gov/regulation-supervision/letters-credit-unions-other-guidance/ncuas-2023-supervisory-priorities

Share this post

Recent Posts

Continue reading

The AOL Title Insurance Alternative: Real or Hype?

In April 2022, Fannie Mae (FNMA) made industry news by publishing a decision that it would accept attorney opinion letters (AOL) in lieu of and as a suitable replacement for title insurance. Freddie Mac soon followed with a similar decision. The actions by these agencies were allegedly due to dissatisfaction by lenders and consumers with the value and cost of traditional title insurance policies.

The emergence of the AOL service and product has created waves in the title industry which has never had any real competition to its products in the past and has resulted in significant push back and objection by title insurers and their agents. This is understandable given ALTA reported title insurers earned $26.2 Billion in title insurance premiums in 2021.

Consideration of an industry monopoly in title insurance products has been the subject of Congressional hearings, academic analysis and industry platform debates for many decades. Yet to date the AOL has been the first real effort to adopt any alternative to either title insurance or the closing protection letter, which is not insurance but a form of warranty packaged and sold like insurance to consumers. Can the AOL become a widespread alternative and disrupt the industry? The jury is still out, and may it take a long time to deliver that verdict.

An attorney opinion letter is just that, a letter of opinion, following (presumably and hopefully) a thorough review of land records and public records searches, to determine ownership challenges, liens and so forth. Like any legal opinion, it must and does have limitations. In addition unlike a title insurance policy, a form of property and casualty product, which is issued, priced and governed (including a managed claims process) by government regulation, an AOL is a subjective formal opinion that if wrong provides little alternative but to initiate a lawsuit for damages. In addition, the opinion must be backed by an errors and omissions policy which itself will have limitations of coverage and damage limits per occurrence and per insured. Rather than create a simpler method of maintaining title risk it seems to create more layers of complexity which, when it fails can cause lender and consumer heartache and headache.

When it comes to the closing protection letter, the exact opposite is true. The current CPL offered by title insurers and paid for by consumers is not an insurance policy. Like the AOL it is merely an opinion letter in the form of a watered down warranty, and yet consumers pay upwards of $75 for it each time there is a closing. An alternative to the CPL would be welcomed as a true insurance product, separate and distinct from the title insurance policy. Secure Insight has been advocating for years for a better CPL alternative and the opening created by the AOL may just be the opportunity to establish a replacement for the CPL that will not just look like insurance but provide actual insurance protection to lenders, investors, warehouse banks and consumers.

The title industry is changing. With RON, blockchain, and now title insurance alternatives, the landscape is being remolded. Whether the AOL is a real honest to goodness improvement remains to be seen, however the market will supply the answer soon enough. Until then it is wise to become educated and informed as to the differences.

FBI Reports Increase In Cyber Fraud, Mortgage Lenders Prime Targets

Recently, the Federal Bureau of Investigation (FBI) released its annual Internet Crime Report.

(Read it here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf)

The annual report which catalogues data on various cyber crimes estimates that in 2021 overall losses were nearly $7 billion dollars, noting that “America experienced an unprecedented increase in cyber attacks and malicious cyber activity.”

On March 21st, the Biden Administration issued a further warning to all consumers and business owners to expect the possibility of even further cyber attacks originating from Russia and Eastern Europe. (Read the White House Statement here: https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/)

Mortgage lenders have far too often been prime victims of cyber fraud due to the relative ease which many criminals have had in impersonating parties to a mortgage transaction and intercepting proceeds and payoffs in the closing process. While many participants in the mortgage lending process have heard about cyber fraud and some companies have taken measures to educate, warn and seek to prevent losses, the fact remains that wire fraud in particular has had catastrophic effects on the finances of lenders, borrowers, attorney and title agents.

Recently while attending the Lender’s One Conference in Arizona, our staff had occasion to speak to many lenders, including warehouse banks. From these meetings a misconception arose. Lenders sometimes avoid managing closing table and wire fraud risk because they assume their warehouse bank is managing the risk for them. However warehouse banks are not doing that at all, rather they are protecting their limited risk of loss of funds and in no way are indemnifying or permitting a risk of loss by a lender or consumer to be shifted to them. This misconception leaves many lenders fully exposed to the risks of cyber fraud and closing table fraud generally.

Another interesting development which we learned at the L1 Conference is that insurers are beginning to request that lenders prove they have a robust wire fraud and closing fraud program in place at the time of a renewal of commercial errors and omissions policies. Relying on your warehouse bank is not proof of the required fraud deterrent and prevention measures.

Anyone with more than a decade of experience in the mortgage industry knows that when the market falls, as it has with the increase in interest rates and gradual slide towards a recession, that criminal fraud rises. Lenders experiencing the pain of reduced volume and increased expenses to originate loans need to be fully prepared to weather the storm of the likely explosion in fraud attacks. One bad closing can put an unprepared lender out of business.

As always if you do not have a solution to address wire and closing fraud, or if you are unhappy with your current solution, call us for a demo. With over 100 satisfied lender clients nationwide, and over 17 million closings without one cyber or other closing table loss, our solution is what you need for peace of mind.

http://www.secureinsight.com

I Can Close That Loan In 30 Minutes?

The mortgage industry has been embracing the concept of speed as a marketing feature in the past several years. The idea that a mortgage loan can transition from application to closing in a flash is something that loan officers and business owners have become convinced will make them more attractive to clients. Hey who doesn’t want to apply for a loan while making their morning coffee and get approved before they have finished their bowl of cereal right? Maybe not.

About twenty years ago, the typical mortgage loan took 45-60 days to close. It was a deliberate process, intensive on paper collection and review, and devoid of many current digital tools that make credit analysis and document collection much more efficient today. Over time the process has become more dependent on technology as lenders have worked to reduce time through automation and operational efficiencies. Ten year ago lenders were touting closings in as little as fifteen days. In the past few years the number has dropped to seven days, then 72 hours and now even a 30 minute mortgage is being promoted. Is the need for speed a good idea? Does it enhance operational risk management as well as the bottom line (loans closed faster means more loan overall). Do consumers even care?

There have been many surveys taken of potential borrowers to determine the top things on their wish list. The key issues on the minds of most borrowers are (a) interest rate, (b) fees and costs, and (c) the complexity of the process (i.e. how hard to I have to work?). The speed from application to closing is not at the top of the list.

The danger of course with speed is that it can be terribly inefficient in the long run, because lending is supposed to be a deliberative process. Besides credit worthiness and collateral value, the lending process is governed by rules which are designed to prevent arbitrary and potential harmful practices that violate HMDA, Fair Lending, RESPA, TILA, and CFPB rules protecting consumers from discrimination and negligent underwriting practices. In addition lenders are much more likely to experience fraud losses, loan defects, repurchases and indemnity situations when they rush a process without ensuring that quality control and risk management are a major focus of their business.

In a mortgage market seeing volume drop 60-70% below this same time two years ago, and 40% less than last year, their is justifiable panic in some quarters. Yet the prize belongs to those who keep a cool head, plan for the long term, and do not change their business model to weaken operations, thereby taking their eyes off of the goal of quality loan production.

Rather than rushing to close the next loan, it might be better to evaluate your current operations and determine if layoffs and downsizing has not forced you to abandon sensible lending practices and operational controls critical to your financial survival.

At Secure Insight we were founded and are operated by mortgage industry insiders. We understand the pressures and stresses of operating in a down market. Ask us how we can help ensure your operations will not be impacted by wire fraud and closing fraud, two areas of great concern today. If you have a need for speed, we can promise you instant reports to provide current risk data so that your closings will never be delayed trying to determine whether a wire should be sent to an unknown party.

Let’s be careful out there folks!