The recent news that both Fidelity National Title and First American Title were both victims of a serious cyber breach has shocked many in the mortgage and real estate industries. Surely two large, public, well capitalized businesses would have the technology, staff and expertise to protect their business operations from ransomware and hacking right? Apparently not.
Too many lenders have assumed that addressing fraud risk is for the small, mom and pop businesses who are the backbone of our business community and turned away from objectively and aggressively holding larger companies accountable to the same risk management evaluations and monitoring programs. ”We know them, “ lenders said. ”They are major players,” associations said. ”They told us they do not have to be vetted because they vet themselves,” many insisted.
The truth is that risk management is for everyone. Every single third-party service provider whom a lender conducts its business with must be objectively evaluated for risk on an ongoing basis, because today’s good risk may be tomorrow’s bad risk. It’s that simple.
When Secure Insight first started back in 2012, we were told that the settlement industry did not need risk management and we would not last. We were chastised for implying that holding everyone accountable to a well- managed and objective risk management assessment program would hurt the industry. Since then, billions in wire fraud losses, millions in vendor risk compliance penalties, and a large number of operational losses have proven that those who turn their backs on a robust, objective risk management program applied equally and effectively to every vendor, will pay a steep price. In contrast those who have embraced our approach have avoided such losses and continue to thrive despite pervasive fraud schemes.
Cyber fraud can impact anyone, even a Fidelity and a First American. The criminal elements are that good. The lesson for lenders is that it is not who you know, but what you know that helps deter fraud. It is the quality of the data, the uniform application of the program, and the constant vigilance that gives you the best chance to avoid becoming a victim. It’s nothing personal. As we said when we launched our Closing Guard tool, our motto is “trust, but verify.” This is still true today.