According to figures published by the Federal Bureau of Investigation (FBI), the Financial Crimes Enforcement Network (FinCEN), Corelogic, Interthinx and LexisNexis, based upon filed SARS reports and other available data, California has been cited in the top ten fraud states nearly every year for the past decade.

In 2009 and 2010 California was 3^rd in the nation for the most mortgage fraud incidents.  In 2011 and 2012 California came in 7^th out of 50 states. In 2013 the state improved to 10^th place, then in 2014 crept back up to 2^nd place.  According to Bankrate, in 2017 California once again held 7th place, still prominent in the “Top Ten.”

California is a large state, with many investment properties, diverse communities, and a large and diverse housing stock, which ensures that it will also be a target for mortgage fraud.

California allows several different parties to handle and participate in a property’s escrow and closing process. Escrow companies licensed by the state’s corporation commission are the primary agents allowed to handle California real estate escrow and closings, however, property title companies frequently handle real estate escrow and closings and attorneys and real estate brokers may also be involved. In some instances California-licensed real estate brokers can handle escrow and real estate closings for their clients.

Who may conduct a closing may also differ geographically. In Northern California, property title companies traditionally handle escrow and closing activities. Southern California real estate processes are different, however, in that escrow companies as well as lenders deal with escrow and closing services. However, California is so large that the selection of escrow and closing services providers can vary even from county to county.

When fraud occurs, the State of California encourages government reporting however the ability to recover for losses when fraud has already taken place is limited.  Escrow officers are required have a stated $25,000 net worth and to maintain a $125,000 fidelity bond as well as a $25,000, $35,000, or $50,000 surety bond depending upon the volume of business passing through their trust accounts. Upon initial application, escrow officers must complete a fingerprint process and a criminal background check.  It is performed only once upon licensing; there is no ongoing monitoring or annual checks conducted.  In a state where the current median home price is $499,900 (according to Zillow) and the average mortgage is $347,652 (Experian)  these protections are helpful but will not prevent fraud nor cover a significant lender loss.

Attorneys are licensed when admitted to the bar and should be insured, however malpractice insurance is not required in California, it is only recommended.  Title agents who are not direct employees of an underwriter must maintain a $25,000 surety bond and are issued closing protection letters however the CPL does not cover all fraud incidents such as conspiracies and theft of NPI.

Of further concern to lenders in California is the perceived lack of a legal duty for closing agents to report fraud even if they have actual knowledge that it is taking place.  In 1999, in Vournas v. Fidelity National Title Co., the California Court of Appeals held that settlement agents have “no duty to police the affairs of a lender,” and have no obligation to “report fraud.” Similar results were reached in  Axley v. Transnational Title Ins. Co. and Lee v. Title Ins & Trust Co.  

CFPB vendor management rules require lenders to adopt policies to evaluate and monitor anyone who handles their documents, funds and borrower NPI for risk, not simple rely upon licenses and insurance.  Because of pressure from some professional associations in the state, California lenders have been slower in adopting new vendor management solutions to evaluate and monitor risk for closing professionals to deter and prevent fraud and the threat of harm before it occurs.

Greater risk management rules and vendor management programs may never knock California out of the list of top fraud states, but they very well may help deter the types of mortgage and settlement fraud risks that lenders and consumers in the state fear most.

Today the NJ Department of Banking and Insurance issued its advisory Bulletin No 18-04 addressing all banks in the state on the topic of wire fraud.

The notice explains the recent increase in fraud schemes involving the changing of wire instructions in an effort to steal mortgage loan proceeds.  It recommends that lenders do the following:

• Closely verify email addresses before using them. Scammers mimic legitimate
  addresses and subject lines, but they are not 100% identical.
• Avoid web-based email.
• Strictly follow your specific business procedures for confirming the validity of
  changes made to wire transfer instructions.
• Use a confirmation process, which may include verbal communication via a mutually agreed telephone number between the known parties, as well as mutually agreed code words designed to combat phone “porting.”

and most importantly…

• Get to know the fraud resistance capacity of your third-party service providers, especially closing agents; become sufficiently aware of the relevant parties’ normal wire transfer activity to recognize suspicious variations.

You may read the bulletin here: http://www.state.nj.us/dobi/bulletins/blt18_04.pdf

At Secure Insight our closing agent risk management platform not only verifies the source and ownership of an agent’s trust account, we also verify the status of the account and ensure it is a true trust account.  To find out more about our solutions visit: www.secureinsightsales.com

Just when lenders were expecting the CFPB in Washington to fade silently into the mist of the night, there were rumblings that states were considering enacting their own CFPB organizations and regulations to prevent the Trump Administration from killing consumer protection oversight.  Today those rumors have gained serious traction.

According to the New Jersey Mortgage Banker’s Association today, New Jersey’s Attorney General announced that Governor Murphy will nominate Paul R. Rodriguez as Director of the New Jersey Division of Consumer Affairs to fulfill the Governor’s promise to create a state-level CFPB in New Jersey. Attorney General Grewal said that, “As the federal government abandons its responsibility to protect consumers from financial fraudsters, it is more important than ever that New Jersey picks up the mantle to protect its own residents.”

Pennsylvania’s Attorney General has already created a CFPB at the state level and it seems that this could be a trend in other states as well.

Lenders had hoped that a new Trump appointed director at CFPB would begin the move to reduce lender oversight and compliance obligations and early indications were that they may have been correct.  With today’s announcement from New Jersey however, and with Pennsylvania as a model, it is a sure bet that other states will soon follow the effort to ensure that stringent oversight remains in place.

What does this means for mortgage lenders?  Don’t disband your compliance departments or cancel those compliance tools just yet.

Fraud is pervasive in virtually every industry.  The reason is that fraud is the consequence of a human condition that exploits the opportunity to gain assets through rationalization and need.  Every one of us is vulnerable to committing a fraud crime given the right circumstances and the opportunity.  Mortgage lenders and banks need to understand the underpinnings of the Fraud Triangle to design programs, policies and procedures to identify risk and deter fraud before it makes them a victim.

Risk managers and CPAs specializing in forensic accounting work to root out fraud have for many years relied upon the Fraud Triangle diagram, first created by renowned criminologist Donald R. Cressey,  to effectively identify the three “legs” of fraud and the human behavior that predict the propensity to commit fraud.  Then applying internal and external policies and procedures designed to identify behaviors and practices that may lead to fraud, these experts minimize the risk of harm to organizations.

The theory postulates that in order for fraud to take place there are three key elements which must be present.

The first is “motivation” or “need.” A person finds themselves in a situation where they are, perhaps unexpectedly, facing financial stress, personal pressures or psychological issues caused by external forces.  Some examples are an IRS audit, a divorce, a gambling debt, a reduction of employment hours or wages causing a need to maintain a high lifestyle, and greed.

The second is “rationalization.” Since it is against human nature to break the law, most people need rationalization to boost their confidence to commit fraud.  Examples include feeling underpaid, a sense of entitlement (“I deserve that”), and a sense of unfairness (“he has more than me”).

Last and most important is “opportunity.”  A perpetrator of fraud needs access to money and some control over the means of getting to it (or a loophole or lapse in controls that enables easy access).  In the mortgage industry opportunity exists in (a) trust account access (mortgage proceeds theft) and (b)access to personal financial information of borrowers (identity theft).

Risk management experts, like those at our firm, focus on the three legs of the Fraud Triangle to design vetting and monitoring programs to spot possible fraud characteristics before an event takes place.  The SSI risk metrics evaluation system was built on the basis of years of analysis of typical mortgage fraud events.

While evidence shows that the mere existence of an independent fraud deterrence process, such as vetting and monitoring, creates a significant perception of oversight and controls that deters potential fraudsters, SSI’s process does much more by studying a person’s background details to reasonably estimate the propensity for fraud.

As the science of risk management and fraud detection and deterrence matures, more advances will be made.  For example, we are developing both enhanced technological analytics as well as highly focused personality testing modules to enhance the future vetting process and give the industry key risk data available nowhere else.

The ultimate goal for any risk management process is the total elimination of fraud losses.  At SSI we spend all of our time seeking new ways to achieve that lofty goal for our clients.

Th election of President Donald Trump signaled for many in the mortgage industry that finally something would be done to reign in federal regulation and allow lenders to make more loans.  There was also a secret desire that the potential elimination of the super federal regulator would mean that the millions spent on building out compliance programs and purchasing compliance software would mercifully come to an end.

Like many other things we have learned about President Trump, one cannot easily predict his actions.  Today nearly 500 days into a Trump presidency the CFPB is still alive and well, albeit with a new director, and although some of the most cumbersome regulations, those attaching “too big to fail” labels on lenders who clearly were not that big, have in fact been watered down or eliminated altogether, the King is not yet dead.

The bulk of the CFPB’s regulations and their regulatory oversight functions remain firmly in place. So what does this all mean?  What does a Trump presidency actually mean when it comes to the CFPB and the environment of heightened regulations lender’s have experienced over the past decade?

What it means is that no one in government is about to allow lenders to retreat back to the heady days of unfettered and unprincipled lending activities.  Quality loan origination and consumer protection rules are not easily removed once in place because the public has a long memory of the financial meltdown that occurred between 2007 and 2008.  Dodd-Frank was a reaction to a serious problem, perhaps an overreaction in hindsight, but it was an honest attempt to address real operational flaws.

CFPB where for art thou?  Still sitting comfortably in Washington DC with millions of dollars in its operating budget and thousands of staff members including investigators who remain committed to preventing the next mortgage meltdown.

So for now, lenders, it would be advisable not to lay off your compliance staff or terminate your compliance vendors.

When the CFPB issued Bulletin 2102-3 (reaffirmed again in 2015), forever changing the way that banks and lenders nationwide look at third party relationships, they offered only a bare outline of detail regarding what that risk management should include.  The general directive included: risk evaluation, ongoing monitoring, and verification of internal controls. Since then lenders have tended to interpret these requirements in ways that reflect their own risk appetite and compliance culture.  Some seek to merely “check the box,” while others are intent on crossing every “t” and dotting every “i.”

Clearly not all vendors are alike, and while there has not been much detailed guidance on the matter, comments from the CFPB seem to imply that a company should address the risk of a third party vendor in relation to the level of potential harm they might cause to a consumer.  Therefore it is logical to assume that there is a qualitative measurement of risk that a lender can perform and thereby place third parties in different risk buckets, applying different risk management standards to each bucket in relation to the risk level associated with the activity.  For example a vendor who has no access to a lender’s consumer data and records should obviously be evaluated differently than one who did.

The highest risks are generally third parties who have access to consumer data as well as those who interact directly with consumers in the loan process.  This group should include IT consultants, appraisers, mortgage brokers, and settlement agents, among others.  The lowest risks should include very large, well-capitalized and highly managed entities such as investors, national title underwriters, and large accounting firms.   Space does not permit me to expound further and discuss all the different risk levels and groups however it is worth noting that our research makes it clear to us that settlement agents are the highest risk third party vendor a lender will encounter.  The reasons for this are logical and easy to enumerate.

Settlement professionals, including attorneys, escrow agents, title closers, notaries and others who handle funds disbursement and documents at a closing, have access to more sensitive data and documents than anyone else, while also having access to the mortgage proceeds. This places them in perhaps the most critical, and therefor the highest risk area in the loan process.  The fact that most lenders have fraud technology which helps them identify bad actors and other risk factors at the front end of the manufacturing process (origination, processing and underwriting) and rarely any type of tool at the back end (closing and post-closing) makes the vetting and monitoring of settlement agents perhaps the highest priority for any lender today.

Need more proof?  An independent study conducted by FinCEN, the Financial Crimes Enforcement Network, which is the official repository for industry SARS filings, found that over the past five years escrow and settlement services are the largest and fastest growing areas of mortgage fraud.  Given the fact that the industry has embraced complex and effective front end fraud deterrence and prevention tools for years but is only now beginning to embrace closing and settlement fraud programs, the report is not surprising.  However the good news remains the continued progression towards widespread settlement agent vetting, monitoring and reporting that is currently transforming the settlement industry.  It is weeding out bad actors, encouraging best practices, and providing lenders with critical data to help them make better choices for closing services. Everyone wins in the end: lenders, agents and consumers.

“Data privacy” and “data security” are terms most lenders are hearing over and over again these days.  The reasons for this are numerous but include the CFPB’s focus on the issue, increased publicity over data breaches in business and industry, and heightened concern by consumers about how their sensitive non-public information is being managed by banks.

Although data privacy and data security are terms that are commonly used interchangeably, they in fact mean different things.  A data security policy is required to ensure that data privacy is protected.  When a lender is entrusted with a borrower’s highly private information, the business must develop, implement and manage a security policy to protect this data.   So data privacy identifies that personal and private information which must be protected and how it may be used in a business in an appropriate manner, while data security includes the means and methods used to ensure the security of the data both internally (from employee breaches) and externally (from third party breaches).

Data privacy rules mean that lenders must define and police the appropriate use of borrower data within their walls.  This includes what data is gathered (relevance to services), who has access (need to know), and where data is stored (how long and how safe).  Both the CFPB and the Federal Trade Commission have jurisdiction over the mishandling and misuse of consumer data, and each may enforce penalties against lenders that have failed to ensure the privacy of a borrower’s data.  At a minimum, lenders must screen employees with access to private data regularly, have an appropriate policy in place regarding handling of data, and test these policies on an ongoing basis.

Data security encompasses your company’s practices and processes that are in in place to ensure data is not being used or accessed by unauthorized individuals or parties. It ensures sensitive data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. A data security policy is simply the means to the desired end, which is data privacy. However, no data security policy can completely overcome the efforts of third parties bent on hacking into databases and seeking access to consumer data to monetize for improper and illegal purposes. At a minimum, lenders must develop written data security policies that include safe storage of data and penetration testing of their backup systems (local and/or cloud) to search for gaps and leakage.

Knowing that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals, lenders must demonstrate a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring and visibility into every access point and with insurance back-up.

In October an independent opinion poll was conducted by American Money Services of NY seeking public input on issues surrounding mortgage closings. The results were nothing less than fascinating, and should serve as a wake-up call for the settlement industry.

An overwhelming majority of respondents believe that only attorneys should be permitted to act as settlement agents.  That the attorneys should be more carefully regulated, that providing for their independent certification based on criteria including experience, is essential to establishing public faith in the process. Furthermore, 79% indicated that they were unaware settlement agents are not all required to have E&O coverage when handling their real estate matters, 92% believe that settlement agents should meet minimum uniform standards or experience and skill besides being licensed, 93% believe that banks need programs to better identify people who may commit fraud in mortgage closing transactions, 97% believe banks need policies and procedures to ensure that whoever handles the closing funds and documents is trustworthy, 44% believe banks giving mortgage loans are doing enough to protect consumers from losses for fraud, while 56% say they are NOT doing enough.

Interestingly, in contrast to public positions taken by some agent groups, 93% of the public polled in the survey stated that they would feel more comfortable at a closing with someone who had an independent, vetted designation.  Finally, 70% of those polled believe that with improvements such as additional protections from fraud at closing, lenders can rebuild the public’s trust in financial industry without government intervention.