House Flipping Is Back to Pre-Crisis Levels according to NY Times

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

An article just published by the New York Times trumpets the news that house flipping is popular again.  Those of us who have been in the mortgage industry for the past 10-15 years know that low interest rates and loose credit standards combined with property flipping  fever drove much of the housing bubble in 2003-2008.  That bubble eventually burst when many “flippers” encouraged by late night infomercials promising fast and easy profits in real estate, learned that the housing game can be more difficult than what can be explained in a 15 page pamphlet written by an “expert” and costing $300.00.

The focus on flipping for too many non-experts is profit maximization at all costs.  Profit driven flipping can mean short cuts, substandard renovation work and beyond that appraisal, seller and closing agent fraud involving straw buyers, inflated values, and hidden defects.  It can also create scenarios where unscrupulous investors prey upon inexperienced buyers and construct impossible or fraudulent sales scenarios where everyone but the seller walk away with a serious risk of loss.

In the mortgage industry it is common to state “everything old is new again,” and when we read articles like this one today we cannot help but remember the confluence of easy credit, low interest rates, lots of available inventory and many real estate “newbies” seeking to get rich quick flipping homes for profit.  Lender beware.

Conviction of Attorney and Title Agency CEO for $26 Million Fraud Crime Reinforces Need for Closing Agent Risk Management

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

According to an article published today in Mortgage Professional America, the former CEO of LandCastle Title, who also served as the managing partner of a real estate law firm, will spend 15 years in federal prison for orchestrating a scheme to bilk his firm out of millions of dollars.

Nathan E. Hardwick IV, 53, operated both LandCastle Title and Morris Hardwick Schneider, a law firm that specialized in residential real estate closings and foreclosures. He was convicted in October of wire fraud, conspiracy, and making false statements to a federally insured financial institution.

Real estate attorneys and title professionals have access to lender funds, lender loan documents (including the note and mortgage), are charged with satisfying liens and judgments and ensuring lien priority.  They also have direct access to consumers and all of the consumer’s personal and financial information.  One a scale of 1 to 10, with 10 being the highest risk tier, settlement agents are in Tier 10.

Lenders must have a comprehensive, ongoing program of evaluating, rating, monitoring such risk as well as taking immediately steps to alter or disengage in any relationship that may cause harm.

Title and closing fraud are, by most estimates, a nearly $1 Billion dollar annual problem.  If you add in wire fraud the numbers escalate.

Ignoring this risk will not make it go away.  The Nathan Hardwicks of the industry will make sure of that.  Be vigilant and remember our motto: “trust, but verify.”

eClosings: Now that they are HERE, do You Know HOW to Conduct Them?

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

Back in October 2014 the industry had an opportunity to attend a public information session in Washington, D.C. organized by the Consumer Financial Protection Bureau (CFPB).  The meeting was called to announce the results of a public commentary period regarding mortgage closing experiences as well as to announce details of the CFPB’s eClosing initiatives.

The eClosing pilot launched publicly at that time was part of the CFPB’s “Know Before You Owe” mortgage initiative, and the companies participating in the pilot were a mix of technology vendors providing eClosing solutions, and creditors that had contracted to close loans using those solutions. These included Accenture Mortgage Cadence, DocMagic, Inc., eLynx, Pavaso, Inc., and Pierson Patterson, LLP, as vendors, and Blanco National Bank, Boeing Employees Credit Union, Flagstar Bank, Mountain America Credit Union, Sierra Pacific Mortgage, and Universal American Mortgage Company, as lenders.  The participants agreed to work together to examine how electronic closings might help both consumers and lenders save time and money and establish a better, safer consumer experience.

Much has transpired since then, and as we pass the four year mark since that day the landscape regarding eClosings has changed drastically.  Today eClosings are a reality, with a growing number of mortgage lenders adopting the technology platform that allows a borrower to credibly review and execute closing documents electronically.  In addition advances in technology, along with a bit slower regulatory authorization among the states, has made digital and remote notarization an integral part of the eClosing experience.

Lenders are embracing eClosings, slowly but surely and are now seeking to locate settlement professionals, attorneys, title agents and notaries who actually know how to manage an electronic closing transaction.  Consequently eClosing education and training has become a necessary and important resource to match lenders willing to embrace digital mortgages and eClosings with professionals trained to properly manage the process for them during the closing segment of the mortgage manufacturing process.

US Treasury Department Supports the Expansion of e-Closings and e-Notarizations in Mortgage Industry

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

Industry publications are reporting that after a period of research and review the US Treasury Department is encouraging lenders and states to pursue e-closing and e-notarization technology to make residential mortgage transactions more convenient for consumers.

The American Land Title Association (ALTA) also released a statement today indicating that its leadership recently met with Treasury officials to assist them in their evaluation of e-closing technology and its impact on consumers.

The focus of regulators has been on data integrity and security, document formatting and recordability, identity protection, and anti-fraud measures to ensure the closing process is not corrupted by users of the new technology.

Industry leaders such as DocMagic have been slowly gaining market penetration with e-closing software but the learning curve has been steep for some lenders and closing professionals.  Many professionals have heard of it but few have actually conducted an e-closing or supervised an e-notarization.

There is no doubt however that e-closings and e-notarization are a big part of the future  growth of the mortgage lending industry.

 

When Do Title and Settlement Services Constitute the Unauthorized Practice of Law? Rhode Island Gives Notice.

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

Sometimes the line between services provided by non-attorney title and settlement professionals and those by lawyers becomes blurred.  This happens in states where it is common practice for a title agent representative to appear at a mortgage closing and in the course of managing the title and disbursement side of things, fill in on a review and supervised execution of the bank documents as well.  In some cases this is to fill a void where a seller or buyer show up without legal representation (by choice), but in other cases it may be that no attorney is traditionally involved (a refinance closing).

Reviewing loan documents, answering questions about contract and mortgage agreement details often can be seen by some as merely elements within the broader “title and settlement” functions often performed by non-lawyers. However title and settlement agents who are not lawyers need to be very careful about crossing the line and creating liability for themselves and their companies, as well as possible civil or criminal penalties if the activity is reported.

Recently the Rhode Island Supreme Court Unauthorized Practice of Law Committee heard a complaint filed by an attorney against a title and settlement firm in that state where a non-layer owner of that firm appeared and gave advice to the seller in a sale transaction.  The advice, which went above and beyond title searches, title insurance and document recording, caused a legal issue that impacted the transaction.

The company appeared at a hearing to defend itself asserting that the services were “common practice” in the state and that the owner asserted throughout that he was “not a lawyer.”

The Committee took a different view, and although acknowledging that the State had carved out an exception in civil and criminal statutes for title agents for the “unauthorized practice of law” the carve out was not a blanket safe harbor for the performance of traditional attorney-client services.  After all, conducting property title transfer searches, public records searches, and issuing insurance is not the same thing as drafting and reviewing contracts, explaining legal documents, answering questions about legal issues, and negotiating the resolution of business and legal disputes (including short sales).

While not sanctioning the company (it had no power to do so) the Committee did unanimously agree that the actions of the title agent constituted “unauthorized practice of law” and referred the matter to the state legislature to strengthen existing statutes to close any real or perceived loopholes.

In its conclusion, the Supreme Court Committee stated:

“[T]he following acts constitute the practice of law and can only be performed by a
lawyer: (a) conducting a title examination to determine the marketability of title,
(b) conducting a real estate closing, (c) drafting a deed on behalf of a party to a real
estate transaction, (d) drafting a residency affidavit on behalf of a party to a real
estate transaction, and (e) drafting a power of attorney on behalf of a party to a real
estate transaction.

The Committee further recommends that the aforementioned services, as the practice of law, can only be performed by lawyers in either an unincorporated law firm or as a law firm licensed by the Supreme Court….”

As a result all settlement professionals not licensed to practice law (title agents, escrow officers, notaries and real estate agents) take heed.  Crossing the fine line between your regulated role and the traditional role played by attorneys in the real estate transaction may create legal liability for your and your company.

Protecting Borrower Data in An Age of Hacking and Phishing Schemes

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

“Data privacy” and “data security” are terms most lenders are hearing over and over again these days.  The reasons for this are numerous but include federal and state regulator focus on the issue, increased publicity over wire fraud and data storage breaches in business and industry, and heightened concern by consumers about how their sensitive non-public information is being managed by banks.

Although data privacy and data security are terms that are commonly used interchangeably, they in fact mean different things.  A data security policy is required to ensure that data privacy is protected.  When a lender is entrusted with a borrower’s highly private information, the business must develop, implement and manage a security policy to protect this data.   So data privacy identifies that personal and private information which must be protected and how it may be used in a business in an appropriate manner, while data security includes the means and methods used to ensure the security of the data both internally (from employee breaches) and externally (from third party breaches).

Data privacy rules mean that lenders must define and police the appropriate use of borrower data within their walls.  This includes what data is gathered (relevance to services), who has access (need to know), and where data is stored (how long and how safe).  Both the CFPB and the Federal Trade Commission have jurisdiction over the mishandling and misuse of consumer data, and each may enforce penalties against lenders that have failed to ensure the privacy of a borrower’s data.  At a minimum, lenders must screen employees with access to private data regularly, have an appropriate policy in place regarding handling of data, and test these policies on an ongoing basis.

Data security encompasses your company’s practices and processes that are in in place to ensure data is not being used or accessed by unauthorized individuals or parties. It ensures sensitive data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. A data security policy is simply the means to the desired end, which is data privacy. However, no data security policy can completely overcome the efforts of third parties bent on hacking into databases and seeking access to consumer data to monetize for improper and illegal purposes. At a minimum, lenders must develop written data security policies that include safe storage of data and penetration testing of their backup systems (local and/or cloud) to search for gaps and leakage.

Knowing that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals, lenders must demonstrate a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring, testing and visibility into every access point with insurance back-up when things go wrong.

If The Table Starts Rockin’, Who’s Gonna Come Knockin’?

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

One of the biggest concerns that mortgage lenders have had for years is that they send their mortgage funds and collateral security documents to complete strangers who gather together and manage a process where there is no seat for them at the table.

Even though the closing of a mortgage loan involves significant sums of money important legal agreements and disclosures, and sensitive personal information, the lender must wait and hope that the event took place on time, with the proper parties present, and without incident.  Then the lender must wait and hope that money was properly disbursed and the documents properly executed, recorded and returned.

When mistakes are made or outright fraud takes place who can a lender rely upon to notice and to take measures to protect its interests and those of its borrowers?

The men and women who manage the closing of mortgage loans are generally experienced, honest and trustworthy.  However a lender has little idea whether the person assigned to handle its funds and documents and manage the process for any one transaction is going to also be its advocate against errors and fraud.

One of the problems for a lender is that there are no uniform rules or education and training requirements to establish common expectations of professionalism.  A closing can be managed by an attorney, a notary, a title agent employee, an escrow officer or even a real estate agent in some states.  Each of these have different levels of minimum education, training, licensing standards, insurance and bonding requirements.

Lenders are also hampered by the absence of generally accepted principals of agency and fiduciary duty.  Title agencies who issue closing protection letters disclaim any agency relationship established by the letter between the closing agent and the lender or borrower. Courts have no universal opinion whether a closing agent acts as an agent of the lender or the title company beyond their duties to act for their buyer or seller clients.

Where does all of this leave lenders?  Waiting patiently post-closing hoping that the loan package returns completed and the mortgage proceeds went where they were intended to go.  After years with increasing numbers of title and closing fraud incidents, it seems about time that the lender has an advocate and seat at the closing table.

 

 

CFPB: No More Regulation by Enforcement? An Analysis

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

According to Mortgage Professional America, the acting director of the Consumer Financial Protection Bureau, Mick Mulvaney, recently told industry leaders that the CFPB will no longer practice “regulation by enforcement.”

“The regulation by enforcement answer is really simple – we aren’t doing it anymore,” Mulvaney said. “It’s a fairness issue. If you’ve done something for so long and the government wants to change the rules, shouldn’t’ the government have to tell you they are changing the rules before they fine you?”

Mulvaney said further, “We are not out to make you look like a bad guy if you are not. We are out to enforce the law, not become the law.”

On its face some might see this as a reprieve from Dodd-Franks post-2008 regulatory expansions.  However this is not what Director Mulvaney is saying.  He is not indicating to lenders that existing regulations and laws will not be enforced.  He is implying that his agency (and only his agency) will no longer aggressively seek to enforce ambiguous or unwritten regulations in an effort to “find a crime” where none exists on its face.

In the absence of specific Congressional action, Dodd-Frank is alive and well and unless the CFPB issues writings specifically retracting its published bulletins and directives lenders still must be certain to meet every single compliance rule that they have been struggling to address over the past several years.

In addition, as I have written about previously, where the federal government leaves a vacuum the states often rush in to fill up.  Thus several states including New Jersey, Pennsylvania and others have recently announced the creation of state-level consumer financial protection agencies whose mission is no doubt designed to compensate for any actual or perceived erosion of the prior policies of the Cordray-led CFPB.  Because mortgage lenders are creatures of state licensing, unlike federally chartered banks and depository institutions, it does not seem very much will be changing any time soon for these businesses.

CFPB loosening its regulatory grip?  Don’t lay-off those compliance managers nor reallocate their budgets just yet.

 

The Fraud Triangle

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

Fraud is pervasive in virtually every industry.  The reason is that fraud is the consequence of a human condition that exploits the opportunity to gain assets through rationalization and need.  Every one of us is vulnerable to committing a fraud crime given the right circumstances and the opportunity.  Mortgage lenders and banks need to understand the underpinnings of the Fraud Triangle to design programs, policies and procedures to identify risk and deter fraud before it makes them a victim.

Risk managers and CPAs specializing in forensic accounting work to root out fraud have for many years relied upon the Fraud Triangle diagram, first created by renowned criminologist Donald R. Cressey, to effectively identify the three “legs” of fraud and the human behavior that predict the propensity to commit fraud.  Then applying internal and external policies and procedures designed to identify behaviors and practices that may lead to fraud, these experts minimize the risk of harm to organizations.

A visualization of the “Cressey Triangle” appears below:

Related image

The theory postulates that in order for fraud to take place there are three key elements which must be present. The first is “motivation” or “need.” A person finds themselves in a situation where they are, perhaps unexpectedly, facing financial stress, personal pressures or psychological issues caused by external forces.  Some examples are an IRS audit, a divorce, a gambling debt, a reduction of employment hours or wages causing a need to maintain a high lifestyle, and greed.

The second element is “rationalization.” Since it is against human nature to break the law, most people need rationalization to boost their confidence to commit fraud.  Examples include feeling underpaid, a sense of entitlement (“I deserve that”), and a sense of unfairness (“he has more than me”).

Last and most important is “opportunity.”  A perpetrator of fraud needs access to money and some control over the means of getting to it (or a loophole or lapse in controls that enables easy access).  In the mortgage industry opportunity exists in (a) trust account access (mortgage proceeds theft) and (b) access to personal financial information of borrowers (identity theft).

Risk management experts, like those at our firm, focus on the three legs of the Fraud Triangle to design vetting and monitoring programs to spot possible fraud characteristics before an event takes place.  The SSI risk metrics evaluation system was built on the basis of years of collaborative analysis of typical mortgage fraud events working with risk analysts at Lloyds of London. While evidence shows that the mere existence of an independent fraud deterrence process, such as vetting and monitoring, creates a significant perception of oversight and controls that deters potential fraudsters, SSI’s process does much more by studying a person’s background details to reasonably estimate the propensity for fraud.

As the science of risk management and fraud detection and deterrence matures, more advances will be made.  For example, we are developing both enhanced technological analytics as well as highly focused personality testing modules to enhance the future vetting process and give the industry key risk data available nowhere else.     The ultimate goal for any risk management process is the total elimination of fraud losses.  While total elimination is unlikely, at SSI we spend all of our time seeking new ways to approach that lofty goal for our clients.

 

Data Breaches from Email Phishing Scams Still Rocking Mortgage Industry: WEI Mortgage latest victim.

Written by Andrew Liput on . Posted in Secure Insight Blog. Leave a Comment

Just today the industry learned that WEI Mortgage has discovered a data breach from an email phishing scam last Fall that appears to have exposed loan file information and borrower personal identifying data such as Social Security numbers to outside parties.

Back in October 2016 I wrote that Wells Fargo Bank and the Federal Bureau of Investigation (FBI) had issued separate alerts throughout the industry regarding settlement agent wire fraud.  The reports provided details of a widespread scam whereby criminals are hacking attorney and title agent email addresses and changing wire instructions prior to closing.  When the new instructions are not validated the criminals make off with the mortgage proceeds.  Despite these warning, this crime scheme is spreading as title agents, lenders, attorneys and the consumers they serve are finding out to their great harm. WEI is only the latest victim.

According to Wikipedia, Phishing is “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Although the FTC, through the Graham-Leach-Bliley Act, and the Consumer Financial Protection Bureau (CFPB) have broadcast the need for data security and privacy measures to protect consumer non-public, personal information (NPPI), many banks either are unable or unwilling to implement the steps required to root out and block criminal enterprises in the US and overseas who are busy hacking into email accounts.

Several incidents around the country in the past year have reflected a similar theme.  Hackers accessed a lender’s email, either through a borrower’s address, a loan officer using a personal email domain not protected by a lender’s network, or an attorney’s email.  The scammers then sent an email, either to the title agent, attorney or to the closing department of the lender, including revised wiring instructions.  The wires were then sent to the criminal’s bank and not the intended recipient.  In one case in Florida a title company is accused of neglecting to conduct appropriate internal data security measures after it received a bogus wire instruction and sent it off to a consumer who then wired the seller’s proceeds to someone else.  With the money long gone, the seller sought recovery against the agency and the buyer for their alleged negligence.

Affirmative measures to combat this crime are being implemented by many in the industry.  For example many lenders are taking an extra step and checking the ABA routing number and bank account number with the Federal Reserve website to verify that the account is actually at the bank indicated.  Others are sending a verification of trust account to the settlement agent’s bank to verify that the account is truly a trust account in the name and for the business of the title agent, attorney or other closing professional.

Most title agents are now sending lenders and attorneys their title reports with cover letters containing language in red or bold black print with instructions such as:  We no longer send wiring instruction by email, please call our offices to verify the proper bank information!

Phishing is not a new problem.  I have located articles dating back to 2005 warning consumers and lenders about email phishing schemes designed to access and steal NPPI. It is clear that this is a serious problem that is getting more serious as technology has advanced and criminals have become more resourceful and bold.

Today’s announcement by WEI Mortgage is yet another acknowledgement that electronic innovation in society generally and in the mortgage banking industry specifically, while offering tremendous benefits also offers serious perils.   With federal and state regulators very firm positions on lender obligations to protect consumers from harm due to data security breaches, and lawyers lining up to file lawsuits for damages, every lender is on notice that they very well could be the next victim.  Cyber liability insurance coverage carriers are surely experiencing a booming sales period.