Tag: loan quality assurance

Wire and Cyber Fraud Risks Reflected in Nationwide Mortgage Industry Survey

Secure Insight, the leading provider of technology solutions to prevent wire fraud and mortgage closing fraud, surveyed 48,356 nationwide settlement professionals over the period August 1, 2023, through August 18, 2023. Specifically, the survey asked whether attorneys, escrow officers and title agents had experienced wire fraud incidents in the past 12 months, had been a witness to fraud in a transaction (involving other parties), carried cyber insurance coverage, and conducted cyber fraud training.

With wire fraud and cyber-attacks dominating the news, and with conflicting and sometimes erroneous reports of the nature and magnitude of these events being published, SI wanted to hear the story straight from the professionals who are conducting closings and in the best position to observe and experience wire fraud and closing fraud.

A summary of the responses reflects very interesting statistics.

Twenty percent (20%) of the survey respondents had themselves been victims of wire fraud and attempted cyber fraud to intercept bank proceeds in the past 12 months, placing an estimated $560 Million dollars of lender funds at risk.
Thirty-one percent (31%) of respondents stated that they had witnessed fraud in a transaction where another party was victimized, frequently the seller or a real estate agent.
Although only twenty-four percent (24%) of settlement agents were asked by lenders to provide evidence of cyber insurance coverage, seventy-two percent (72%) have purchased and carry coverage in the event of a loss.
Most encouraging, the survey found that a full ninety-one percent (91%) of settlement agents conduct formal cyber fraud detection and prevention training for their employees.
Andrew Liput, SI CEO observed, “These survey reflects the significant dangers lurking in the mortgage industry with respect to the privacy of financial communications, the exposure of electronic funds transfers to potential man-in-the-middle hacking efforts, and the risk to lenders of losing all or a portion of their proceeds during the closing of a residential mortgage transaction. While the increase in cyber coverage is a positive step in offsetting losses, it is not risk management and only shifts the risk of loss to insurers who are rapidly increasing premiums and deductibles or no longer covering these risks.”

Education, training and adopting a risk management program through an internal process or outsourcing to a vendor remain the best bets to avoid these losses.

Secure Insight is a nationwide wire fraud and mortgage closing fraud risk management prevention company located in New Jersey. Founded in 2012, the company was the first to focus on wire fraud and vendor management risks experienced by mortgage lenders. Since 2012 it has supervised more than 20 million residential mortgage closings on behalf of lenders with zero fraud losses and maintains a database of thousands of professionals nationwide whom it monitors for fraud risk.

For more information, please visit http://www.secureinsight.com or contact Amanda Padd at

ap***@se***********.com











When a Closing Attorney’s E&O Policy is not Actually Insurance and Why a Lender Should Care

If you are merely collecting a “Certificate of Coverage” on behalf of a closing attorney and passing them through your loan process as meeting your internal risk management protocols you may be in for an unpleasant surprise if a claim arises.

At Secure Insight we do more than collect insurance certificates, we review policies and validate coverage and payment directly at the source: the insurance agency or insurer where the policy originated.  We ask important questions about the validity and extend of coverage, and exclusions, because in the event of an incident a lender needs to know they can offset risk by filing a claim that will be processed and paid under a valid policy of insurance.

Recently we have discovered a rise in offshore, low cost risk-shared E&O coverage plans.  These companies and policies are designed to exploit the high cost nature of E&O for real estate attorneys and other professionals by offering ridiculously low fees for coverage. Notice I said “coverage” and “fees” and not “insurance” and “premiums.”  That is because these policies are not traditional insurance and are likely not worth the paper on which they are written.

Risk sharing groups in the E&O space are based upon the concept of cooperative pooled risk arrangements.  The idea, which has found success in the health insurance area, relies upon the pooling of all plan participant fees to cover expected losses from claims.  The problems with this arrangement  in the E&O space are numerous.

First, the plan is not an insurance product, and therefore is not governed by insurance laws or regulators.  It is not filed or supervised in the United States.  Second, the companies arranging these risk sharing pools are inevitably based outside the legal jurisdiction of the United States making the enforcement of any lawful claim highly improbable and definitely costly.  We are talking Belize by the way, not Canada, by way of example.  Third these companies have no obligation to publish financials or provide any accounting of the fees being collected and supposedly held in a risk pool for the payment of claims.  Fourth, the policies of coverage (they cannot use terms such as insurance and deductible) usually limit the covering company’s obligations significantly.  One policy issued in Belize that I reviewed recently denied any obligation to defend a covered attorney in the event of a lawsuit and created a right on their part to access the attorneys personal and bank records, tax returns, finances and assets so they can recover their losses directly from the covered party!

It appears many attorneys and others are being misled into believing that they can actually receive $2 Million in aggregate insurance coverage for $400 annually rather than $4,000 annually and they will meet their own risk needs and those of their counter-parties in the mortgage industry.  This is certainly not the case.

At Secure Insight we do more than just collect documents, we do real analysis, assign risk ratings, and monitor risk 24/7.  Reviewing E&O “coverage” is just one way we accomplish that and ensure that our lender clients have a real source to offset potential losses and not one that looks like insurance but is really something else.

To our attorney friends: buyer beware!  As my mother used to say, “If it appears too good to be true it usually is dear.”

New Attorney E & O Exclusion Exposes Lender Closing Table Risk in Massachusetts

We have noticed that in Massachusetts, insurance carriers providing attorney errors and omissions coverage have been quietly adding a new exclusion to their new and renewal policies.  This exclusion is known as the “Disbursement of Funds” exclusion, and it creates enhanced risk for lenders in that state in the event an attorney fails to properly disburse funds.  Any “negligence” in this regard will not be covered as it had been traditionally in the past.

The exclusion reads as follows:

“The following acts are EXCLUDED from coverage under this policy: the disbursement or transfer of funds related to (a) the deposit of a counterfeit check or a check with insufficient funds; (b) the lack of a written verification from the issuing bank that the funds are available and valid, (c) a fraudulent scheme, or (d) the failure of any funds reaching the proper party or the intended recipient, for any reason.”

In a discussion with a Massachusetts agent we learned that some insurers are doing this because (i) the cost of wire fraud is becoming unbearable for them and (ii) they want to push attorneys to pay for cyber liability coverage which would help cover some (but not all) of the risk now being excluded.  Cyber coverage is not mandated for attorneys in Massachusetts.

The problem for lenders is that this new exclusion means that there is NO COVERAGE they can attach for reimbursement for a claim where an attorney disburses funds before a deposited check clears (which occurs far too often) or where an attorney fails to follow the closing instructions and disburses the proceeds to the wrong party or in the wrong amount.  Although these acts/omissions rise to the level of negligence, with this new exclusion there will be no coverage.

At Secure Insight we are encouraging attorneys in Massachusetts whom we monitor to acquire cyber liability coverage and also to certify to the adoption of internal policies and practices avoiding the risks inherent in the excluded matters.

As always, it is critical to keep abreast of all changes in all matters which may affect your mortgage lending business.  At Secure Insight we are watching for you, 24-7, 365 days a year to help prevent losses from title and closing fraud.

Stay vigilant and stay clear of fraud!

NYSAR Reports Up Market for Sales in NY, with No CPL Lenders Face More Purchase Mortgage Closing Table Fraud Risk

Lending in New York?  Purchase money business always carries closing fraud risk, however New York business tends to be riskier for many lenders.  The state has high average loan amounts, features instrument recording procedures that delay evidence of mortgage and deed recordings for long periods of time following the closing, and there is no CPL (closing protection letter) in the state.  Lenders doing business in New York should be pleased business is on the uptick, however if they do not have a closing table fraud prevention tool in their arsenal they may be facing more risk of potential losses due to fraud.

The NYSAR report released today stated in part:

“With 46,883 new listings and 29,100 pending sales across the Empire State in the first quarter, the real estate market is trending upwards, according to the housing market report released today by the New York State Association of REALTORS®. New listings were up 4.1 percent from the first quarter of 2018 while pending sales rose 0.8 percent.

Median sales prices were also up in a quarter-over-quarter analysis, rising 6.8 percent to $275,000. The average home sales price increased 1.5 percent as well to $360,526.

While closed sales declined from the first quarter of 2018, dropping 6.2 percent to 24,405 homes, other factors are allowing potential home buyers to remain optimistic. According to Freddie Mac, the 30-year fixed rate mortgage rate has steadily decreased since the beginning of 2019, falling to 4.27 percent, its lowest rate since January 2018.

With the typically strong spring season just around the corner, inventory continues to rise, increasing 3.4 percent to 63,504 homes for sale across the state.  The month’s supply of homes for sale was up 5.6 percent in year over year comparisons to 5.7 month’s supply. A 6-month to 6.5-month supply is considered to be a balanced market.”

 

 

House Flipping Is Back to Pre-Crisis Levels according to NY Times

An article just published by the New York Times trumpets the news that house flipping is popular again.  Those of us who have been in the mortgage industry for the past 10-15 years know that low interest rates and loose credit standards combined with property flipping  fever drove much of the housing bubble in 2003-2008.  That bubble eventually burst when many “flippers” encouraged by late night infomercials promising fast and easy profits in real estate, learned that the housing game can be more difficult than what can be explained in a 15 page pamphlet written by an “expert” and costing $300.00.

The focus on flipping for too many non-experts is profit maximization at all costs.  Profit driven flipping can mean short cuts, substandard renovation work and beyond that appraisal, seller and closing agent fraud involving straw buyers, inflated values, and hidden defects.  It can also create scenarios where unscrupulous investors prey upon inexperienced buyers and construct impossible or fraudulent sales scenarios where everyone but the seller walk away with a serious risk of loss.

In the mortgage industry it is common to state “everything old is new again,” and when we read articles like this one today we cannot help but remember the confluence of easy credit, low interest rates, lots of available inventory and many real estate “newbies” seeking to get rich quick flipping homes for profit.  Lender beware.

If The Table Starts Rockin’, Who’s Gonna Come Knockin’?

One of the biggest concerns that mortgage lenders have had for years is that they send their mortgage funds and collateral security documents to complete strangers who gather together and manage a process where there is no seat for them at the table.

Even though the closing of a mortgage loan involves significant sums of money important legal agreements and disclosures, and sensitive personal information, the lender must wait and hope that the event took place on time, with the proper parties present, and without incident.  Then the lender must wait and hope that money was properly disbursed and the documents properly executed, recorded and returned.

When mistakes are made or outright fraud takes place who can a lender rely upon to notice and to take measures to protect its interests and those of its borrowers?

The men and women who manage the closing of mortgage loans are generally experienced, honest and trustworthy.  However a lender has little idea whether the person assigned to handle its funds and documents and manage the process for any one transaction is going to also be its advocate against errors and fraud.

One of the problems for a lender is that there are no uniform rules or education and training requirements to establish common expectations of professionalism.  A closing can be managed by an attorney, a notary, a title agent employee, an escrow officer or even a real estate agent in some states.  Each of these have different levels of minimum education, training, licensing standards, insurance and bonding requirements.

Lenders are also hampered by the absence of generally accepted principals of agency and fiduciary duty.  Title agencies who issue closing protection letters disclaim any agency relationship established by the letter between the closing agent and the lender or borrower. Courts have no universal opinion whether a closing agent acts as an agent of the lender or the title company beyond their duties to act for their buyer or seller clients.

Where does all of this leave lenders?  Waiting patiently post-closing hoping that the loan package returns completed and the mortgage proceeds went where they were intended to go.  After years with increasing numbers of title and closing fraud incidents, it seems about time that the lender has an advocate and seat at the closing table.

 

 

CFPB: No More Regulation by Enforcement? An Analysis

According to Mortgage Professional America, the acting director of the Consumer Financial Protection Bureau, Mick Mulvaney, recently told industry leaders that the CFPB will no longer practice “regulation by enforcement.”

“The regulation by enforcement answer is really simple – we aren’t doing it anymore,” Mulvaney said. “It’s a fairness issue. If you’ve done something for so long and the government wants to change the rules, shouldn’t’ the government have to tell you they are changing the rules before they fine you?”

Mulvaney said further, “We are not out to make you look like a bad guy if you are not. We are out to enforce the law, not become the law.”

On its face some might see this as a reprieve from Dodd-Franks post-2008 regulatory expansions.  However this is not what Director Mulvaney is saying.  He is not indicating to lenders that existing regulations and laws will not be enforced.  He is implying that his agency (and only his agency) will no longer aggressively seek to enforce ambiguous or unwritten regulations in an effort to “find a crime” where none exists on its face.

In the absence of specific Congressional action, Dodd-Frank is alive and well and unless the CFPB issues writings specifically retracting its published bulletins and directives lenders still must be certain to meet every single compliance rule that they have been struggling to address over the past several years.

In addition, as I have written about previously, where the federal government leaves a vacuum the states often rush in to fill up.  Thus several states including New Jersey, Pennsylvania and others have recently announced the creation of state-level consumer financial protection agencies whose mission is no doubt designed to compensate for any actual or perceived erosion of the prior policies of the Cordray-led CFPB.  Because mortgage lenders are creatures of state licensing, unlike federally chartered banks and depository institutions, it does not seem very much will be changing any time soon for these businesses.

CFPB loosening its regulatory grip?  Don’t lay-off those compliance managers nor reallocate their budgets just yet.

 

Data Breaches from Email Phishing Scams Still Rocking Mortgage Industry: WEI Mortgage latest victim.

Just today the industry learned that WEI Mortgage has discovered a data breach from an email phishing scam last Fall that appears to have exposed loan file information and borrower personal identifying data such as Social Security numbers to outside parties.

Back in October 2016 I wrote that Wells Fargo Bank and the Federal Bureau of Investigation (FBI) had issued separate alerts throughout the industry regarding settlement agent wire fraud.  The reports provided details of a widespread scam whereby criminals are hacking attorney and title agent email addresses and changing wire instructions prior to closing.  When the new instructions are not validated the criminals make off with the mortgage proceeds.  Despite these warning, this crime scheme is spreading as title agents, lenders, attorneys and the consumers they serve are finding out to their great harm. WEI is only the latest victim.

According to Wikipedia, Phishing is “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Although the FTC, through the Graham-Leach-Bliley Act, and the Consumer Financial Protection Bureau (CFPB) have broadcast the need for data security and privacy measures to protect consumer non-public, personal information (NPPI), many banks either are unable or unwilling to implement the steps required to root out and block criminal enterprises in the US and overseas who are busy hacking into email accounts.

Several incidents around the country in the past year have reflected a similar theme.  Hackers accessed a lender’s email, either through a borrower’s address, a loan officer using a personal email domain not protected by a lender’s network, or an attorney’s email.  The scammers then sent an email, either to the title agent, attorney or to the closing department of the lender, including revised wiring instructions.  The wires were then sent to the criminal’s bank and not the intended recipient.  In one case in Florida a title company is accused of neglecting to conduct appropriate internal data security measures after it received a bogus wire instruction and sent it off to a consumer who then wired the seller’s proceeds to someone else.  With the money long gone, the seller sought recovery against the agency and the buyer for their alleged negligence.

Affirmative measures to combat this crime are being implemented by many in the industry.  For example many lenders are taking an extra step and checking the ABA routing number and bank account number with the Federal Reserve website to verify that the account is actually at the bank indicated.  Others are sending a verification of trust account to the settlement agent’s bank to verify that the account is truly a trust account in the name and for the business of the title agent, attorney or other closing professional.

Most title agents are now sending lenders and attorneys their title reports with cover letters containing language in red or bold black print with instructions such as:  We no longer send wiring instruction by email, please call our offices to verify the proper bank information!

Phishing is not a new problem.  I have located articles dating back to 2005 warning consumers and lenders about email phishing schemes designed to access and steal NPPI. It is clear that this is a serious problem that is getting more serious as technology has advanced and criminals have become more resourceful and bold.

Today’s announcement by WEI Mortgage is yet another acknowledgement that electronic innovation in society generally and in the mortgage banking industry specifically, while offering tremendous benefits also offers serious perils.   With federal and state regulators very firm positions on lender obligations to protect consumers from harm due to data security breaches, and lawyers lining up to file lawsuits for damages, every lender is on notice that they very well could be the next victim.  Cyber liability insurance coverage carriers are surely experiencing a booming sales period.

 

Why Settlement Agents Pose the Greatest Risk to Mortgage Lenders and Borrowers

Settlement agents, the men and women who manage the closing of residential mortgage loans, carry a great burden with them.  Each time they close a loan they have access to mortgage proceeds, lender documents including the important collateral security instruments (note and mortgage) and borrower personal and financial information (in the final 1003 and other closing table documents). No other third party that participates in the mortgage loan assembly-line process has greater authority, greater responsibility and greater opportunity to commit fraud.

Because fraud risk is elevated during periods of high purchase volume, as opposed to a boom in rate and term refinances, lenders are faced with the potential for serious losses when the managing of closing agent risk fails to occur.

It was not until about 2011 that the FBI and FINCen began to report title and closing fraud as a subset of overall mortgage fraud.  Since that time the numbers have consistently demonstrated that fraud at the closing table is more than 20% of overall fraud.  With the annual reported mortgage fraud numbers in excess of $4 Billion this means that the actual reported losses are in the $800,000-$1 Billion range.  This is an enormous problem for the industry and one which only recently has been addressed with heightened vendor management scrutiny.

While it is certainly true that the vast majority of settlement agents (attorneys, title agents, escrow officers and notaries) are professional, competent and trustworthy there are many who are not.  One reason for this is that the different disciplines have varied education, training, licensing, insurance and bond requirements.  The second is that there are no performance standards or uniform, cross-disciplinary training programs to ensure that everyone has a base of key knowledge about all things consumer protection, mortgage loan and title insurance. Another issue is the lack of required training in regulatory and compliance for this group of professionals so that they have an understanding of what investors, the GSEs, HUD, the CFPB and state regulators expect from lenders in the nature of risk compliance and loan quality assurance.

While the industry has come a very long way since Secure Insight began in 2012 and created a storm of controversy over settlement agent vetting, much has yet to be done to assure lenders and borrowers that the single largest financial transaction of their lives has been fully vetted and managed for risk.   We continue to strive to enhance our tools and to find means and methods to assure both of these groups that they can trust a process that poses so much potential for financial harm.

For more information reach out to us at

in**@se***********.com











and visit our website at www.secureinsightsales.com

 

 

 

Enterprise Risk Management: What’s in Your MROM?

Increasing regulatory pressures on banks and lenders to adopt greater risk management systems and processes are aimed at establishing a more uniform approach to quality control industry-wide.  At the same time these pressures seek to protect consumers from the type of non-managed business decisions that were at the root of the financial industry collapse several years ago. Consequently federal regulators and the GSEs are requiring mortgage makers to demonstrate that they have adequate policies addressing full enterprise risk management, stem to stern, and that these policies are more than just window dressing.  Audits are requiring that proof be provided that such policies are being used, adapted and modified as needed in response to threats and actual loss events.

At SSI we call this broad-based approach to total risk management the Mortgage Risk Operations Model, or MROM.  An MROM implies that banks and lenders have conducted an internal audit and analysis of all of their procedures and operating systems throughout the mortgage manufacturing cycle.  Lenders have then identified key touch points where regulatory, compliance, quality control and risk management issues arise. Once these touch points are establish, then appropriate controls were developed for each issue, backed by guidelines, overlays, training, technology, ongoing monitoring and management oversight.  Testing, revisions and enhancements are conducted regularly in response to perceived and actual threats.  An MROM committee or team meets weekly or monthly (depending upon an organizations size) to review issues and ensure the MROM is operating properly. Records and reports are maintained in the event of an audit to demonstrate commitment to managing enterprise risk.

The key touch points in developing an MROM will likely involve the following stages of the mortgage cycle: loan origination, processing, underwriting, pre-funding QC, closing, post-closing, 3rd party post funding QC, and ongoing QC/QA training. At these stages the evaluation may address such things as employment screening, best practices, employee performance valuations, quality control plans, automated fraud tools, third party service provider risk and company-wide training. It will also necessarily require ensuring a culture of accountability, self-evaluation, risk reporting, and adequate response.

Adopting an MROM fulfills the expectations of regulators that mortgage makers have an appropriate strategy to manage risk and changes in a volatile business environment, integrating a uniform but flexible approach to maximizing business success through quality production.  Such an approach also fulfills expectations that internal company cultures will embrace accountability and consumer protection.

SSI is a third party service provider managing closing table risk.  We partner with banks, lenders and credit unions to provide an outsourced solution to evaluating risk, monitoring it on an ongoing basis, and issuing reports.  Our services typically assist these entities in their MROM at the processing, underwriting, and closing stages of the manufacturing cycle.  Quality service provider risk management at these touch points ensures that in the event of an audit a bank may demonstrate that their approach is Independent, comprehensive, includes ongoing monitoring, provides a method to respond to high risk individuals and events, and engages the proper technology to assure data security, data privacy and uniform regular reporting.

What’s in your MROM?  If you are not asking that question then you are missing an important compliance evaluation that may limit your future business success.