Tag: mortgage compliance

With Fraud Risk, It’s Not Who You Know, It’s What You Know

The recent news that both Fidelity National Title and First American Title were both victims of a serious cyber breach has shocked many in the mortgage and real estate industries. Surely two large, public, well capitalized businesses would have the technology, staff and expertise to protect their business operations from ransomware and hacking right? Apparently not.

Too many lenders have assumed that addressing fraud risk is for the small, mom and pop businesses who are the backbone of our business community and turned away from objectively and aggressively holding larger companies accountable to the same risk management evaluations and monitoring programs. ”We know them, “ lenders said. ”They are major players,” associations said. ”They told us they do not have to be vetted because they vet themselves,” many insisted.

The truth is that risk management is for everyone. Every single third-party service provider whom a lender conducts its business with must be objectively evaluated for risk on an ongoing basis, because today’s good risk may be tomorrow’s bad risk. It’s that simple.

When Secure Insight first started back in 2012, we were told that the settlement industry did not need risk management and we would not last. We were chastised for implying that holding everyone accountable to a well- managed and objective risk management assessment program would hurt the industry. Since then, billions in wire fraud losses, millions in vendor risk compliance penalties, and a large number of operational losses have proven that those who turn their backs on a robust, objective risk management program applied equally and effectively to every vendor, will pay a steep price. In contrast those who have embraced our approach have avoided such losses and continue to thrive despite pervasive fraud schemes.

Cyber fraud can impact anyone, even a Fidelity and a First American. The criminal elements are that good. The lesson for lenders is that it is not who you know, but what you know that helps deter fraud. It is the quality of the data, the uniform application of the program, and the constant vigilance that gives you the best chance to avoid becoming a victim. It’s nothing personal. As we said when we launched our Closing Guard tool, our motto is “trust, but verify.” This is still true today.

Wire and Cyber Fraud Risks Reflected in Nationwide Mortgage Industry Survey

Secure Insight, the leading provider of technology solutions to prevent wire fraud and mortgage closing fraud, surveyed 48,356 nationwide settlement professionals over the period August 1, 2023, through August 18, 2023. Specifically, the survey asked whether attorneys, escrow officers and title agents had experienced wire fraud incidents in the past 12 months, had been a witness to fraud in a transaction (involving other parties), carried cyber insurance coverage, and conducted cyber fraud training.

With wire fraud and cyber-attacks dominating the news, and with conflicting and sometimes erroneous reports of the nature and magnitude of these events being published, SI wanted to hear the story straight from the professionals who are conducting closings and in the best position to observe and experience wire fraud and closing fraud.

A summary of the responses reflects very interesting statistics.

Twenty percent (20%) of the survey respondents had themselves been victims of wire fraud and attempted cyber fraud to intercept bank proceeds in the past 12 months, placing an estimated $560 Million dollars of lender funds at risk.
Thirty-one percent (31%) of respondents stated that they had witnessed fraud in a transaction where another party was victimized, frequently the seller or a real estate agent.
Although only twenty-four percent (24%) of settlement agents were asked by lenders to provide evidence of cyber insurance coverage, seventy-two percent (72%) have purchased and carry coverage in the event of a loss.
Most encouraging, the survey found that a full ninety-one percent (91%) of settlement agents conduct formal cyber fraud detection and prevention training for their employees.
Andrew Liput, SI CEO observed, “These survey reflects the significant dangers lurking in the mortgage industry with respect to the privacy of financial communications, the exposure of electronic funds transfers to potential man-in-the-middle hacking efforts, and the risk to lenders of losing all or a portion of their proceeds during the closing of a residential mortgage transaction. While the increase in cyber coverage is a positive step in offsetting losses, it is not risk management and only shifts the risk of loss to insurers who are rapidly increasing premiums and deductibles or no longer covering these risks.”

Education, training and adopting a risk management program through an internal process or outsourcing to a vendor remain the best bets to avoid these losses.

Secure Insight is a nationwide wire fraud and mortgage closing fraud risk management prevention company located in New Jersey. Founded in 2012, the company was the first to focus on wire fraud and vendor management risks experienced by mortgage lenders. Since 2012 it has supervised more than 20 million residential mortgage closings on behalf of lenders with zero fraud losses and maintains a database of thousands of professionals nationwide whom it monitors for fraud risk.

For more information, please visit http://www.secureinsight.com or contact Amanda Padd at

ap***@se***********.com











Successful Risk Management Requires Proper Top-Down Governance

Any organization seeking to adopt appropriate operational risk management policies and procedures must ensure that they have met the five step process to ensure success.  This process focuses on proper governance.  It is not enough to simply “check the box” and hope that wire fraud, mortgage fraud and closing fraud never reach the organization.

The first step is LEADERSHIP BUY-IN.  Unless the “C Suite” decides to make risk management a priority no effective tools or policies will succeed.  There must be top down leadership in this area.  If your chief risk officer (CRO) or chief security officer (CSO) have to “push” their agenda, then the organization is in trouble.  Effective leadership is not only embracing the issue though, it also means effectively communicating it throughout the organization so that even the receptionist and the part-time employees know where you stand on the issue.

The second step is DEFINED HEAD OF COMPLIANCE.  Someone must be placed in charge.  Studies show that management by committee on risk issues results in failure.  Decide who is in charge  and let them manage with minimal interference.

The third step is ORGANIZATIONAL CULTURE.  As mentioned above, everyone has to buy into the  importance of risk and the method chosen to manage the risk.  Frequently in the mortgage industry sales and operations staff push back on risk management and compliance rules and tools because they are viewed as “disruptive” to their departmental goals (more sales, quick closings).  Without the buy-in of these departments measures to address risk of fraud and cyber crimes will not be successful.  Attitudes and behaviors must fall into line with processes and procedures.

The fourth step is CLEAR PROCESSES AND PROCEDURES.  Putting a process into place or using a tool only works if you go beyond the simple framework itself and successfully implement them.  We have seen lenders engage a tool or service and then never use it or only use it occasionally, without any clear policy directives.  Beyond implementation is testing and oversight.  Someone must be regularly making sure that your risk management tools actually work.

The fifth and last step is having a RESPONSE PLAN.  This is important to understand: No risk management tool or policy is foolproof. When an event occurs, whether a cyber breach, wire fraud or other loss, how you react, how quickly you react, and how you learn from the event can be more important than the event itself.  More than one lender recently has found that reputation risk and litigation risk arise when an organization fails to properly react following an event.

The last point to make is that cyber risk and fraud risk must be an “untouchable” line item in your operating budget.  Addressing these issues cannot be the “last in, first out” business decision we see too often.  When business is down, the risk of harm is GREATER because you do not have the economic cushion to absorb a loss. Good leaders, who manage an effective top-down process and set the proper tone about operational risk will not sacrifice protective tools and policies at the first sign of a market slow down.

We spent 12 years studying closing table risk, including 5 years working with risk analysts at Lloyds. Our closing table risk management tool is designed to meet your operational needs, with little disruption, while providing effective management of the risk of loss from cyber crimes that evolve in wire fraud, and all manner of closing and title fraud.  If you are a business leader concerned about closing table risk, please reach out and ask us how we can provide a solution you and your risk team will embrace.

 

 

When a Closing Attorney’s E&O Policy is not Actually Insurance and Why a Lender Should Care

If you are merely collecting a “Certificate of Coverage” on behalf of a closing attorney and passing them through your loan process as meeting your internal risk management protocols you may be in for an unpleasant surprise if a claim arises.

At Secure Insight we do more than collect insurance certificates, we review policies and validate coverage and payment directly at the source: the insurance agency or insurer where the policy originated.  We ask important questions about the validity and extend of coverage, and exclusions, because in the event of an incident a lender needs to know they can offset risk by filing a claim that will be processed and paid under a valid policy of insurance.

Recently we have discovered a rise in offshore, low cost risk-shared E&O coverage plans.  These companies and policies are designed to exploit the high cost nature of E&O for real estate attorneys and other professionals by offering ridiculously low fees for coverage. Notice I said “coverage” and “fees” and not “insurance” and “premiums.”  That is because these policies are not traditional insurance and are likely not worth the paper on which they are written.

Risk sharing groups in the E&O space are based upon the concept of cooperative pooled risk arrangements.  The idea, which has found success in the health insurance area, relies upon the pooling of all plan participant fees to cover expected losses from claims.  The problems with this arrangement  in the E&O space are numerous.

First, the plan is not an insurance product, and therefore is not governed by insurance laws or regulators.  It is not filed or supervised in the United States.  Second, the companies arranging these risk sharing pools are inevitably based outside the legal jurisdiction of the United States making the enforcement of any lawful claim highly improbable and definitely costly.  We are talking Belize by the way, not Canada, by way of example.  Third these companies have no obligation to publish financials or provide any accounting of the fees being collected and supposedly held in a risk pool for the payment of claims.  Fourth, the policies of coverage (they cannot use terms such as insurance and deductible) usually limit the covering company’s obligations significantly.  One policy issued in Belize that I reviewed recently denied any obligation to defend a covered attorney in the event of a lawsuit and created a right on their part to access the attorneys personal and bank records, tax returns, finances and assets so they can recover their losses directly from the covered party!

It appears many attorneys and others are being misled into believing that they can actually receive $2 Million in aggregate insurance coverage for $400 annually rather than $4,000 annually and they will meet their own risk needs and those of their counter-parties in the mortgage industry.  This is certainly not the case.

At Secure Insight we do more than just collect documents, we do real analysis, assign risk ratings, and monitor risk 24/7.  Reviewing E&O “coverage” is just one way we accomplish that and ensure that our lender clients have a real source to offset potential losses and not one that looks like insurance but is really something else.

To our attorney friends: buyer beware!  As my mother used to say, “If it appears too good to be true it usually is dear.”

New Attorney E & O Exclusion Exposes Lender Closing Table Risk in Massachusetts

We have noticed that in Massachusetts, insurance carriers providing attorney errors and omissions coverage have been quietly adding a new exclusion to their new and renewal policies.  This exclusion is known as the “Disbursement of Funds” exclusion, and it creates enhanced risk for lenders in that state in the event an attorney fails to properly disburse funds.  Any “negligence” in this regard will not be covered as it had been traditionally in the past.

The exclusion reads as follows:

“The following acts are EXCLUDED from coverage under this policy: the disbursement or transfer of funds related to (a) the deposit of a counterfeit check or a check with insufficient funds; (b) the lack of a written verification from the issuing bank that the funds are available and valid, (c) a fraudulent scheme, or (d) the failure of any funds reaching the proper party or the intended recipient, for any reason.”

In a discussion with a Massachusetts agent we learned that some insurers are doing this because (i) the cost of wire fraud is becoming unbearable for them and (ii) they want to push attorneys to pay for cyber liability coverage which would help cover some (but not all) of the risk now being excluded.  Cyber coverage is not mandated for attorneys in Massachusetts.

The problem for lenders is that this new exclusion means that there is NO COVERAGE they can attach for reimbursement for a claim where an attorney disburses funds before a deposited check clears (which occurs far too often) or where an attorney fails to follow the closing instructions and disburses the proceeds to the wrong party or in the wrong amount.  Although these acts/omissions rise to the level of negligence, with this new exclusion there will be no coverage.

At Secure Insight we are encouraging attorneys in Massachusetts whom we monitor to acquire cyber liability coverage and also to certify to the adoption of internal policies and practices avoiding the risks inherent in the excluded matters.

As always, it is critical to keep abreast of all changes in all matters which may affect your mortgage lending business.  At Secure Insight we are watching for you, 24-7, 365 days a year to help prevent losses from title and closing fraud.

Stay vigilant and stay clear of fraud!

NYSAR Reports Up Market for Sales in NY, with No CPL Lenders Face More Purchase Mortgage Closing Table Fraud Risk

Lending in New York?  Purchase money business always carries closing fraud risk, however New York business tends to be riskier for many lenders.  The state has high average loan amounts, features instrument recording procedures that delay evidence of mortgage and deed recordings for long periods of time following the closing, and there is no CPL (closing protection letter) in the state.  Lenders doing business in New York should be pleased business is on the uptick, however if they do not have a closing table fraud prevention tool in their arsenal they may be facing more risk of potential losses due to fraud.

The NYSAR report released today stated in part:

“With 46,883 new listings and 29,100 pending sales across the Empire State in the first quarter, the real estate market is trending upwards, according to the housing market report released today by the New York State Association of REALTORS®. New listings were up 4.1 percent from the first quarter of 2018 while pending sales rose 0.8 percent.

Median sales prices were also up in a quarter-over-quarter analysis, rising 6.8 percent to $275,000. The average home sales price increased 1.5 percent as well to $360,526.

While closed sales declined from the first quarter of 2018, dropping 6.2 percent to 24,405 homes, other factors are allowing potential home buyers to remain optimistic. According to Freddie Mac, the 30-year fixed rate mortgage rate has steadily decreased since the beginning of 2019, falling to 4.27 percent, its lowest rate since January 2018.

With the typically strong spring season just around the corner, inventory continues to rise, increasing 3.4 percent to 63,504 homes for sale across the state.  The month’s supply of homes for sale was up 5.6 percent in year over year comparisons to 5.7 month’s supply. A 6-month to 6.5-month supply is considered to be a balanced market.”

 

 

Conviction of Attorney and Title Agency CEO for $26 Million Fraud Crime Reinforces Need for Closing Agent Risk Management

According to an article published today in Mortgage Professional America, the former CEO of LandCastle Title, who also served as the managing partner of a real estate law firm, will spend 15 years in federal prison for orchestrating a scheme to bilk his firm out of millions of dollars.

Nathan E. Hardwick IV, 53, operated both LandCastle Title and Morris Hardwick Schneider, a law firm that specialized in residential real estate closings and foreclosures. He was convicted in October of wire fraud, conspiracy, and making false statements to a federally insured financial institution.

Real estate attorneys and title professionals have access to lender funds, lender loan documents (including the note and mortgage), are charged with satisfying liens and judgments and ensuring lien priority.  They also have direct access to consumers and all of the consumer’s personal and financial information.  One a scale of 1 to 10, with 10 being the highest risk tier, settlement agents are in Tier 10.

Lenders must have a comprehensive, ongoing program of evaluating, rating, monitoring such risk as well as taking immediately steps to alter or disengage in any relationship that may cause harm.

Title and closing fraud are, by most estimates, a nearly $1 Billion dollar annual problem.  If you add in wire fraud the numbers escalate.

Ignoring this risk will not make it go away.  The Nathan Hardwicks of the industry will make sure of that.  Be vigilant and remember our motto: “trust, but verify.”

US Treasury Department Supports the Expansion of e-Closings and e-Notarizations in Mortgage Industry

Industry publications are reporting that after a period of research and review the US Treasury Department is encouraging lenders and states to pursue e-closing and e-notarization technology to make residential mortgage transactions more convenient for consumers.

The American Land Title Association (ALTA) also released a statement today indicating that its leadership recently met with Treasury officials to assist them in their evaluation of e-closing technology and its impact on consumers.

The focus of regulators has been on data integrity and security, document formatting and recordability, identity protection, and anti-fraud measures to ensure the closing process is not corrupted by users of the new technology.

Industry leaders such as DocMagic have been slowly gaining market penetration with e-closing software but the learning curve has been steep for some lenders and closing professionals.  Many professionals have heard of it but few have actually conducted an e-closing or supervised an e-notarization.

There is no doubt however that e-closings and e-notarization are a big part of the future  growth of the mortgage lending industry.

 

Protecting Borrower Data in An Age of Hacking and Phishing Schemes

“Data privacy” and “data security” are terms most lenders are hearing over and over again these days.  The reasons for this are numerous but include federal and state regulator focus on the issue, increased publicity over wire fraud and data storage breaches in business and industry, and heightened concern by consumers about how their sensitive non-public information is being managed by banks.

Although data privacy and data security are terms that are commonly used interchangeably, they in fact mean different things.  A data security policy is required to ensure that data privacy is protected.  When a lender is entrusted with a borrower’s highly private information, the business must develop, implement and manage a security policy to protect this data.   So data privacy identifies that personal and private information which must be protected and how it may be used in a business in an appropriate manner, while data security includes the means and methods used to ensure the security of the data both internally (from employee breaches) and externally (from third party breaches).

Data privacy rules mean that lenders must define and police the appropriate use of borrower data within their walls.  This includes what data is gathered (relevance to services), who has access (need to know), and where data is stored (how long and how safe).  Both the CFPB and the Federal Trade Commission have jurisdiction over the mishandling and misuse of consumer data, and each may enforce penalties against lenders that have failed to ensure the privacy of a borrower’s data.  At a minimum, lenders must screen employees with access to private data regularly, have an appropriate policy in place regarding handling of data, and test these policies on an ongoing basis.

Data security encompasses your company’s practices and processes that are in in place to ensure data is not being used or accessed by unauthorized individuals or parties. It ensures sensitive data is accurate and reliable and is available when those with authorized access need it. A data security plan includes facets such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. A data security policy is simply the means to the desired end, which is data privacy. However, no data security policy can completely overcome the efforts of third parties bent on hacking into databases and seeking access to consumer data to monetize for improper and illegal purposes. At a minimum, lenders must develop written data security policies that include safe storage of data and penetration testing of their backup systems (local and/or cloud) to search for gaps and leakage.

Knowing that there is no such thing as a foolproof data security system and that all systems are ultimately vulnerable to breach by determined criminals, lenders must demonstrate a commitment to adopting the most stringent policies relevant to the size and scope of their business, while also considering purchasing crimes and cyber liability insurance to off-load risk in the event of unexpected and unintended breaches.

Making sure all borrower data is private and being used properly can be a near-impossible task that involves multiple layers of security. Fortunately, with the right people, process and technology, lenders may support their data security policies through continual monitoring, testing and visibility into every access point with insurance back-up when things go wrong.

If The Table Starts Rockin’, Who’s Gonna Come Knockin’?

One of the biggest concerns that mortgage lenders have had for years is that they send their mortgage funds and collateral security documents to complete strangers who gather together and manage a process where there is no seat for them at the table.

Even though the closing of a mortgage loan involves significant sums of money important legal agreements and disclosures, and sensitive personal information, the lender must wait and hope that the event took place on time, with the proper parties present, and without incident.  Then the lender must wait and hope that money was properly disbursed and the documents properly executed, recorded and returned.

When mistakes are made or outright fraud takes place who can a lender rely upon to notice and to take measures to protect its interests and those of its borrowers?

The men and women who manage the closing of mortgage loans are generally experienced, honest and trustworthy.  However a lender has little idea whether the person assigned to handle its funds and documents and manage the process for any one transaction is going to also be its advocate against errors and fraud.

One of the problems for a lender is that there are no uniform rules or education and training requirements to establish common expectations of professionalism.  A closing can be managed by an attorney, a notary, a title agent employee, an escrow officer or even a real estate agent in some states.  Each of these have different levels of minimum education, training, licensing standards, insurance and bonding requirements.

Lenders are also hampered by the absence of generally accepted principals of agency and fiduciary duty.  Title agencies who issue closing protection letters disclaim any agency relationship established by the letter between the closing agent and the lender or borrower. Courts have no universal opinion whether a closing agent acts as an agent of the lender or the title company beyond their duties to act for their buyer or seller clients.

Where does all of this leave lenders?  Waiting patiently post-closing hoping that the loan package returns completed and the mortgage proceeds went where they were intended to go.  After years with increasing numbers of title and closing fraud incidents, it seems about time that the lender has an advocate and seat at the closing table.

 

 

  • 1
  • 2