Back in October I wrote that Wells Fargo Bank and the Federal Bureau of Investigation (FBI) had issued separate alerts throughout the industry regarding settlement agent wire fraud.  The reports provided details of a widespread scam whereby criminals are hacking attorney and title agent email addresses and changing wire instructions prior to closing.  When the new instructions are not validated the criminals make off with the mortgage proceeds.  Despite these warning, this crime scheme is spreading as title agents, lenders, attorneys and the consumers they serve are finding out to their great harm.

According to Wikipedia, Phishing is “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Although the FTC, through the Graham-Leach-Bliley Act, and the Consumer Financial Protection Bureau (CFPB) have broadcast the need for data security and privacy measures to protect consumer non-public, personal information (NPPI), many banks either are unable or unwilling to implement the steps required to root out and block criminal enterprises in the US and overseas who are busy hacking into email accounts.

Several incidents around the country in the past few months have reflected a similar theme.  Hackers accessed a lender’s email, either through a borrower’s address, a loan officer using a personal email domain not protected by a lender’s network, or an attorney’s email.  The scammers then sent an email, either to the title agent, attorney or to the closing department of the lender, including revised wiring instructions.  The wires were then sent to the criminal’s bank and not the intended recipient.  In one case, which is now the subject of litigation in Florida, a title company is accused of neglecting to conduct appropriate internal data security measures after it received a bogus wire instruction and sent it off to a consumer who then wired the seller’s proceeds to someone else.  With the money long gone, the seller is seeking recovery against the agency and the buyer for their alleged negligence.

Affirmative measures to combat this crime are being implemented by many in the industry.  For example many lenders are taking an extra step and checking the ABA routing number and bank account number with the Federal Reserve website to verify that the account is actually at the bank indicated.  Others are sending a verification of trust account to the settlement agent’s bank to verify that the account is truly a trust account in the name and for the business of the title agent, attorney or other closing professional.

Most title agents are now sending lenders and attorneys their title reports with cover letters containing language in red or bold black print with instructions such as:  We no longer send wiring instruction by email, please call our offices to verify the proper bank information!

Phishing is not a new problem.  In my research I found articles dating back to 2005 warning consumers and lenders about email phishing schemes designed to access and steal NPPI. It is clear that this is a serious problem that is getting more serious as technology has advanced and criminals have become more resourceful and bold.

Today, with the CFPB taking very firm positions on lender obligations to protect consumers from harm due to data security breaches, every lender is on notice that they very well could be the next victim of a scam, followed by the subject of an audit and/or enforcement action.

Now that the settlement industry has come to terms with the Consumer Financial Protection Bureau’s third party service provider directives (I admit, there are a few holdouts), the industry needs to take the management of settlement agent risk to the next logical step.  There is a need for the uniform certification of settlement professionals.

When I began to research and consider the issue of risk to banks and consumers at the closing table way back in 2002 the biggest issue that struck me was the lack of uniformity among those entrusted with funds and documents.  This problem stemmed from the fact that those empowered to manage the settlement of a residential mortgage loan closing were very diverse.  The group included lawyers, title and escrow agents, notaries, closers and real estate agents. Each of these disciplines had (and still does have) its own licensing, insurance, training, continuing education, and professional disciplinary process.  Some, like lawyers, are highly skilled, trained and supervised yet because closings are often conducted by real estate attorneys they include people who know allot about contracts but not much about mortgages.  Others, such as notaries, can face either a very stringent licensing process or merely file an application and pay a fee to gain access to a consumer’s records, closing table checks, and even a consumer’s living room. Licensed title producers are highly skilled, independent contractors they send to a closing may not be.

In the absence of a uniform set of expectations, standards and practices, the lending community has for years received varying degrees of professionalism in services, and their consumer clients have likewise observed uneven closing table experiences.  So how do we address the matter?

I believe that the various associations such as the American Bar Association, ALTA, Independent Escrow Association, and National Notary Association should come together to create a multi-disciplinary Certified Closing Professional program that takes into consideration the foundations of knowledge, training, experience and education relevant to each group.  The program should cover mortgage lending 101, how to spot, prevent and report mortgage fraud, preparing the closing disclosure, handling document review and closing table questions by consumers, typical closing table issues and problems and how to address them, data privacy and security expectations, and ethical and professional communications with borrowers, among other topics. The designation would require ongoing education and an annual re-certification.  Recipients would carry a photo ID card with their identification information and a unique identifier.

Some of these ideas have been addressed by ALTA but to be successful a program must cross all disciplines and establish uniform expectations for lenders and consumers.  Now that we all agree that settlement agents should be vetted for risk, the time is now to address their performance and professionalism.

A frequent question I often hear from lenders who have a claim related to a title or closing agent is “What is the insured closing letter all about?”  When I turn the tables and ask them what they think it is, the answers I usually receive are (a) a part of the title insurance, (b) an insurance policy covering the settlement agent, and more typically (c) “I have no idea.”

Considering that in many states title insurers may charge a borrower between $25 and $100 for the privilege of the issuance of this letter in connection with a transaction, it seems that lenders should make it a point to become educated regarding the matter.

Title insurers are licensed by states to issue insurance policies, just like any insurance provider.  However the nature of title insurance is a form of property and casualty product.  It covers for losses incurred where real property is impaired by claims against title.  In an era of electronic records and recording this rarely happens; title claims are not very common today.  When they do occur most instances involve minor defects, such as mis-recorded documents or missed liens which can be remedied without a total loss or major claim.

Title insurers are not licensed to issue fidelity coverage or errors and omissions insurance, the type of coverage one would look to when a person or firm engages in intentional or negligent acts causing harm. This includes losses from stolen funds, coordinated fraud, looking the other way, or selling consumer private data.  Thus the insured closing letter was born.  In some states it is known as the closing protection letter.  It is merely a letter from the title insurer warranting that in certain circumstances they may cover a lender and (and if they are named) the borrower from losses actual caused by the settlement agent who may or may not an employee of the title company.

Simple right?  Not really.  A warranty letter is not an insurance policy. It is not governed by insurance laws and contract laws in the same way.  It is not subject to the same insurance claim procedures and statutory rights governing bad faith claims practices.  In the case of a serious claim coverage will likely be excluded (theft of funds is an exception) and may require costly litigation to resolve issues of liability and damages.

The takeaway from all of this is the following:  the insured closing letter is not insurance and it is not a substitute for good risk management.  Settlement agents are in a lender’s highest risk bucket.  Manage that risk carefully, because if you are hoping that a CPL will protect you chances are it will not do so.

You are about to wire closing funds to the table, into the hands of a lawyer, title agent or escrow company employee you have never met before, but no worries because you have a Closing Protection Letter right? Wrong.

Take a good look at the language in this warranty letter.  The majority of CPLs insure against two events: (1) outright theft of the mortgage proceeds, and (2) any other event that impairs the invalidity or unenforceability of the lien of the mortgage.

But what happens when the closing agent engages in a conspiracy with others to commit fraud such as the borrower, seller, realtor or all three?  Or, the agent is “willfully blind” ignoring fraud taking place in their presence, such as undisclosed intervening property flips, cash outside closing, straw buyers, identity theft, fake POAs?  These issues can create a loan defect (triggering future repurchase) but not impair title because you can still foreclose.

When you try and file a claim in these circumstances you may get one of these responses, taken from actual claims denial letters:

“Although the borrower’s identity was stolen and she never signed the loan documents or mortgage at the closing, your lien remains enforceable.”  No coverage!

            “We can find no evidence to support your claim that [XYZ] Title acted with fraud or dishonesty, or that it did anything in a manner giving rise to our obligations under the Closing Protection Letter.”  No coverage!

“The mere fact that there was fraud at the closing does not support a claim that {ABC} Title was implicit in any fraud.”  No coverage!

Title underwriters naturally approach CPL claims in the same manner as any insurance company.  They are inclined to avoid paying through the letter’s coverage limitations.  It is rare for a lender to recover 100% of its losses on defective loans in a CPL claim and/or resulting litigation.

In addition, there is no uniform approach to vetting by underwriters. Some may conduct “one and done” background checks on title agency owners but they do not work with one another nor share information publicly.  Rarely if ever do they examine the backgrounds of agency employees, let alone the independent closers, mobile notaries and attorneys who are delegated much of the actual closing table functions.  It involves little or no ongoing monitoring discounting its effectiveness as an indicator of the clear and present danger of fraud losses the day you wire funds to the closing table. Random audits of trust accounts are a standard practice for some, but that’s like checking the barn after the horse has already run off.

Lenders must initiate policies to verify settlement agents are legitimate, experienced, and trustworthy, before the closing takes place. A reliable third party can do the vetting for you. Today, despite early objections, third party agent vetting firms are accepted as a necessary and reliable fraud tool. Lenders know the risk from escrow and settlement fraud is manageable through emerging technology and deterrence programs, and is a key component of overall loan quality assurance.

Still not convinced that the CPL is not a reliable tool for deterring or insuring against fraud at a mortgage closing? I will leave you with an actual claims response from California:

“Our title agent has no legal obligation to even report any fraud it may suspect at a closing, and we deny any responsibility for how funds were brought to the closing table, or to whom they were disbursed, as long as the closing instructions were followed.”  No coverage!

Being a sales oriented business, mortgage lending resists anything that creates roadblocks, no matter how temporary, to the loan closing.  The attitude is understandable, however short sighted it might be when facing a crisis or potential crisis.  Some might say in fact that the industry ignored warning signs of potential financial liability and consumer harm before the last banking crisis.  The passage of Dodd-Frank and the creation of the Consumer Financial Protection Bureau (CFPB) were reactions to that widespread belief.

The inability to recognize danger and do something about it is frequently referred to as the “Titanic Syndrome.”  As one commentator explained it, “OK so say the world was about to explode. Instead of trying to do something about it, you spent the night partying, getting drunk, and just having fun….”

Next year is going to be a game changer for many lenders.  Those unable or unwilling to play by the CFPB’s new rules will find it difficult to survive.  The one-two punch of QM’s 3% costs and fees rule together with the need to adopt more compliance and risk management functions could very well result in a winnowing of the industry where only the strongest, best managed, quality originators survive.  To make it worse, the market is down thanks to rising interest rates, the death of the refinance boom, and low inventory of homes for sale nationwide.

The choice then, for many, becomes this:  do we spend the money and effort in a down market to adopt procedures and acquire tools to prepare for CFPB in January , or do we cut costs, get down and dirty and hope we fly under the radar?  Do we don the life vests offered through compliance tool vendors and quality control firms and “check the box” for CFPB compliance despite the short term costs, or continue to party like its 1999 and hope that the ship stays afloat long enough for us to get back to a better balance sheet before incorporating regulatory changes? The risks may to be too great to wait.

The CFPB has made it clear that they have no intention of delaying the rollout of final rules, especially for QM.  In addition the agency has shown that it is serious about audits and enforcement penalties.  In the past 12 months there have been more than $600 Million in fines and penalties assessed or agreed to following CFPB enforcement actions.

How can a lender avoid the Titanic Syndrome and save their business in 2014?

• Educate yourself and your staff about the new rules
• Conduct a front to back (origination through closing) analysis of risk and compliance holes. Enterprise risk management needs to be your new watch-word.
• Adopt a written operating plan incorporating the appropriate policies, procedures and third party tools to assist in filling those risk and compliance holes.
• Contract for third party verification of best practices, QC and compliance. Auditors will want to know: how are you evaluating your own performance?
• Spend the money now, a worthwhile investment, to prepare for January 2014. The dollars spent today may very well guarantee you will be around to enjoy the fruits of the next year’s business cycle.

Don’t go it alone.  Find a risk management partner. At SSI, we not only provide our clients

with a life jacket and a boat we actually do the rowing for them too!

Never heard of “blockchain” technology?  Well then you better start Googling it, because like the fax machine, personal computer and the Internet, blockchain data authentication, storage and sharing technology promises to change the way financial transactions occur in a transformational way. Along the way the way banks make loans, and the way we access public data (including property title information) could be radically changed, many say for the better.

A blockchain facilitates secure online transactions. It refers to a decentralized and distributed digital ledger that records transactions across many computers in such a way that the registered transactions cannot be altered retroactively.  Data can be distributed but not copied, can be shared but not stolen, can be personal but because any confidential data will be registered in a unique code to you.  This code or “keys” as referred to in blockchain lingo, consists of a long, randomly-generated string of numbers and characters that one day you may carry with you in an Orwellian manner so that you can unlock all of your own personal information in this database structure. (“Hi there, I am number 679K0iYZX56!34721#, what is your code?”)

Information held on a blockchain exists as a shared and continually reconciled database over a global network of computers that makes it nearly impossible to be corrupted and hacked.. Data is not stored in any single location, meaning the records it keeps are truly public and easily verifiable. Hosted by millions of computers simultaneously, its data is accessible to anyone on the internet.

There has been some talk about how blockchain technology could prevent financial fraud, reducing that risk for lenders, and also to manage public property records.  This latter idea could radically alter the title industry by eliminating the need for a “middle man” to verify authenticated property information and thereby making that information available to everyone using a simple blockchain data search tool.

In May 2016, Forbes Magazine published an article titled “How Blockchain Technology Could Change the World.”    Author  Bernard Marr wrote “We have become used to sharing information through a decentralized online platform (the internet). But when it comes to transferring value – for example money – we are usually forced to fall back on old fashioned, centralized financial establishments such as banks.  Even online payment methods [such as} Paypal… generally require integration with a bank account or credit card to be useful.  Blockchain technology [could] eliminate this [need] by filling three important roles – recording transactions, establishing identity and establishing contracts – traditionally carried out by the financial services sector.”

A September 2015 World Economic Forum report predicted that by 2025 10% of GDP will be stored on blockchain technology.   That is twenty billion ($20B) reasons to pay attention.

First American Data Solutions recently released a report indicating that mortgage fraud has increased almost 6% in the first quarter.  The rise in fraud is tied to the recent shift from refinance business to primarily purchase money mortgages.  As everyone knows the purchase market is much riskier than rate and term refinance transactions. Whenever the market adjusts, rates increase, and home sales spike, then fraud rears its ugly head.

What type of fraud are First American and others seeing? : Unfortunately the same kind of fraud that has plagued the mortgage industry for years.  These schemes continue seemingly impervious to the adoption of front end borrower fraud deterrence and detection tools.  It seems as long as there is money to be made, criminal schemers, working with or fooling loan originators, have an unending stream of weapons available to cause havoc within a mortgage lender’s operations.

Fraud generally takes two forms: fraud for housing and fraud for profit. Fraud for housing involves efforts by an applicant with or without loan originator assistance, to fudge income, asset and employment numbers to qualify for a home purchase they otherwise would not be able to afford.  The applicant intends to occupy the premises and pay the mortgage.  Fraud for profit is far more insidious and usually is coordinated in an organized conspiracy involving multiple parties that may include a seller, buyer, settlement agent, attorney, real estate agent, appraiser and others.  Motives are typically foreclosure avoidance and outright intent to steal the mortgage proceeds.

According to the FBI the most prevalent schemes they see, which have not changed in a decade, include: loan origination fraud, foreclosure rescue fraud, equity skimming, short sale fraud, illegal flipping, builder bailouts and straw buyers. At the lender level these schemes are fueled by income and employment misrepresentation, occupancy fraud, undisclosed transactions, undisclosed third parties, appraisal inflation, title policy substitution (fraudulent removal of actual liens) and wire fraud.

They key for lenders?:  Training, diligence, full-time quality control staff, pre and post-closing audits, and well documented accountability for aiding, participating or willfully ignoring fraud at any stage of the mortgage process.

Mortgage fraud is not a victimless crime.  It causes financial harm for lenders through non-saleable loans, loan repurchases, first and early payment defaults, and foreclosure costs.  For honest consumers it can mean delays, transactions unwound, clouds on title, as well as legal fees and expenses.  As costs increase for a lender, consumers may also feel those through higher rates, higher loan costs and more stringent underwriting guidelines.

At Secure Insight we have a motto, “Trust, but Verify.” Feel free to use it!

Last year Wells Fargo reached a $185 million settlement  for what the Consumer Financial Protection Bureau and other federal officials called a widespread practice among employees of creating fake customer accounts, PIN numbers and emails in order to meet sales targets and earn bonuses.  Details reveal that Wells Fargo employees may have opened as many as 1.5 million bank accounts and another half million credit card accounts not authorized by consumers.  The penalty resulted after the CFPB became aware of the details from the bank’s own investigation that reviewed accounts between 2011 and 2015.

Further details revealed publicly indicate that Wells Fargo employees issued debit cards with fake PINs and used phony email addresses to secretly sign up customers for online banking. They then temporarily transferred customers’ money to the bogus bank accounts, sometimes leaving a low balance and triggering overdraft or other charges. Many customers also were charged annual fees and interest on the credit cards.

Although more than 5000 Wells Fargo employees were terminated because of their roles in this widespread scheme, and the bank acted on its own initiative in rooting out and ending the practice, the news has added to consumer fears about how their non-public personal information is being handled by bankers generally.

The Wells Fargo incident raises some key issues that are worth considering by all banks and mortgage lenders:

• Enforcing corporate policies in locally managed branch offices is a daunting task that requires constant supervision and accountability.
• Determining who may access consumer private data and for what purpose requires careful consideration and technological checks and balances.
• Creating an environment where non-licensed and regulated employees can benefit financially by “upselling” financial products to unsophisticated consumers is dangerous.
• Tying manager income or bonuses to branch financial goals could create an untenable conflict of interest that may result in consumer harm.
• Viewing consumers as vehicles for advancement and financial reward rather than as individuals, neighbors, and members of your community violates the George Bailey –Bailey Savings and Loan Golden Rule: bankers are to help lift people up, not use people to lift themselves up!

Wells Fargo did the right thing by conducting an internal investigation and holding wrongdoers accountable for consumer privacy violations and unauthorized banking transactions.  The CFPB has planted a stake in the ground on privacy rights that every lender of any size will do well to heed.