Secure Insight Mortgage Industry Blog

The Consumer Financial Protection Bureau released a highly detailed report of consumer complaints received by the oversight agency regarding the lifecycle of various financial transactions, including mortgage loans.

The report breaks down complaints by category, geography, and racial and other demographics and describes interesting variances between the nature of complaints among races, ethnicity, and various communities throughout the nation.

Interestingly consumer experiences with the closing of mortgage loans is bundled with “loan origination” and therefore the details of complaints attributed to title and settlement services in support of the mortgage process cannot be fully determined. However, the statistics do reflect that the number of “loan origination” complaints among all consumers rose nearly 70% between 2018 and 2020.

At Secure Insight we have always advocated that the closing of a mortgage loan is the time of greatest potential exposure to harm by a consumer. A negligent or criminal actor engaged in the settlement process can steal a consumer’s identity, steal proceeds, falsify payoff details, substitute doctored title reports failing to remove existing liens, hide foreclosure rescue, builder-bailout and other mortgage fraud schemes, or simply look the other way when fraud occurs.

Settlement agents are the only third parties in the mortgage process whom lenders allow to access the loan documents, mortgage proceeds, and borrower personal and financial information, all at a distance. It can be and has been a recipe for consumer harm.

While I do hope the CFPB analyzes and reports closing experience complaints in the future, as the industry can learn from that information, I urge everyone to read the complaint report and gain greater wisdom regarding how consumers view the mortgage lending experience generally.

Read the full report here: https://files.consumerfinance.gov/f/documents/cfpb_consumer-complaints-throughout-credit-life-cycle_report_2021-09.pdf

A Long Island man, Brent Kaufman, pleaded guilty this week to stealing $4.7 million in mortgage refinancing proceeds that were meant to pay off the existing mortgages of his clients. Kaufman was an unlicensed mortgage broker and assisted clients in Queens and Long Island with refinancing their mortgages.

Instead of using the lender proceeds, which were to be wired to satisfy existing liens, Kaufman, along with others not yet named, engaged in a scheme to defraud Home Point Financial Corporation, Loan Depot, United Wholesale Mortgage, and other mortgage lenders by providing lenders with false wire routing information.

Instead of wiring the funds to the correct financial institutions, the funds were instead transferred to bank accounts controlled by Kaufman. As a result, the existing mortgages were not paid off—leaving clients with two mortgages on their homes—and Kaufman stole the funds for his own personal use.

Kaufman faces up to 30 years in prison for his role in the mortgage closing fraud scheme.

Lenders must verify wire instructions as a component of appropriate compliance and overall operational risk management protocols. Failure to verify wire instructions can lead, as in this case, to catastrophic losses.

Secure Insight was the first industry company to address wire fraud risk, and since 2012 has vetted more than 175,000 trust accounts and more than 80,000 closing agents. Our clients have closed more than 14 million loan transactions without a loss.

Contact us at info@secureinsight.com to learn how you can subscribe to our fraud prevention service for as little as a few dollars per transaction. If you are using CoreLogic’s Loan Safe product you can get our risk assessments, called SARA, as a part of that report. If you are a Lender’s One member, ask your representative how you can benefit from an L1 discount to receive our services. All reports are integrated into your LOS system for ease of use.

The U.S. Secret Service issued an advisory warning of a significant increase in wire transfer fraud involving efforts to substitute fraudulent mortgage payoffs and thereby divert proceeds for criminal gain.

The government agency reported that criminals send fictitious or altered mortgage payoff statements to title companies, attorneys and others acting as a closing or settlement agent and therefore responsible for paying off existing liens at the closing table.

Wire fraud has been a bane to the mortgage industry for several years now. As lenders have taken steps, on their own and through various fraud prevention tools, to verify settlement agent trust accounts where proceeds are initially received, the criminals have taken a new path to intercept and divert mortgage proceeds by attacking the payments leaving the trust account at the time of the closing. Payoff statements, normally obtained by an attorney or a title company in conjunction with the closing have been, through email intercepts and other email impostor schemes, slightly altered to trick settlement agents to pay funds earmarked to satisfy prior liens, into private accounts. When this occurs the liens remain unpaid thus establishing legal contests to lien priority.

Lenders, title companies, attorneys, escrow officers beware. Payoff statements must be verified at the source, every time, as even if used previously payoff statements can easily be misread or misunderstood in the flurry of closing activity.

Secure Insight is offering clients the opportunity to engage our analysts and fraud prevention tools to verify mortgage payoffs. Contact us for further details. Trust, but verify!

According to a report this evening by the American Land Title Association (ALTA), a recent survey of their members reflected that “cyber criminals attempted to trick employees to wire funds to a fraudulent account in a third of all real estate and mortgage transactions.”

ALTA’s report went on to state however that “training and education seem to be working as funds were only wired to a fraudulent account in a little over 8% of these attempts.”

This report follows on the heels of an FBI report indicating that there were $1.8 Billion in losses in the United States in 2020 due to email compromise (phishing et al ) schemes.

The volume of residential mortgage transactions in 2020 was the highest since 2005, and 2021 while experiencing a drop in refinances has seen an offset by a rise in purchase volume which will continue to offer sustained high transactional figures. Applying these figures to today’s business operations is worrisome.

The Mortgage Bankers Association (MBA) recently reported that “Overall mortgage originations in 2021 are expected to fall to around $2.75T from 2020’s banner $3.57T total.” If ALTA’s numbers are accurate, this means that as much as $907B in funding wires could be threatened this year, and $72.5B in funding wires potentially compromised and lost. These are scary numbers.

Lenders historically have been weak in managing closing table fraud. While many check the boxes when it comes to compliance, fraud deterrence and prevention often get lost in the flurry of activity surrounding the loan process. This is especially true in times of low rates and booming activity as we have all experienced in the past 18 months.

I have studied figures going back to 2000 regarding theft of funds and losses from all types of fraud in residential mortgage transactions. While wire fraud is a major issue for lenders and one incident can create a significant financial loss, the risk of all types of title and closing fraud has been estimated by the FBI to be in the range of 11% of overall mortgage fraud figures. Combining the report by ALTA regarding wire fraud risk with the known annual percentage of losses to lenders relating to title and closing table fraud the problem deserves serious attention in the industry.

Lenders should be developing more robust fraud deterrence, detection and prevention policies while leaning on third party service providers, vendors with the experience and focus to offload the cost, effort and management required to give lenders an even playing field with the criminals preying on their funding wires and loan profits.

Let’s be careful out there!

For more information see ALTA’s 2021 Wire Fraud and Cyber Crime Survey and visit the MBA’s website for 2021 industry origination projections.

The CFPB announced today that is rescinding its January 24, 2020 policy statement, “Statement of Policy Regarding Prohibition on Abusive Acts or Practices.”

As reported by the NJ MBA, “Going forward, the CFPB intends to exercise its supervisory and enforcement authority consistent with the full scope of its statutory authority under the Dodd-Frank Act as established by Congress. The CFPB has made these changes to better protect consumers and the marketplace from abusive acts or practices, and to enforce the law as Congress wrote it.”

Congress defined abusive acts or practices in section 1031(d) of the Dodd-Frank Act. Paraphrasing Congress, that standard prohibits companies from:

• Materially interfering with someone’s ability to understand a product or service;
• Taking unreasonable advantage of someone’s lack of understanding;
• Taking unreasonable advantage of someone who cannot protect themselves; and
• Taking unreasonable advantage of someone who reasonably relies on a company to act in their interests.

The change in policy is an affirmative warning to the mortgage industry that the CFPB will not be limiting fines and penalties for suspected abusive practices but will be once again taking an aggressive approach to enforcement to ensure that borrowers are not “abused” whether intentionally or negligently by lenders who fail to incorporate the appropriate steps in their business practices to protect consumers from financial harm.

One of the key areas where harm can take place is in third party service provider relationships. When lenders source out functions to others, they must supervise these vendors and adjust relationships that fail to meet reasonable risk standards before harm occurs.

For the past ten years Secure Insight has focused on settlement agent risk as we feel these professionals, who are attorneys, title agents, escrow officers and even notaries, may cause significant harm to consumers. The settlement agent has access to borrower non-public information, critical loan and property ownership documents, as well as mortgage proceeds. Lenders must know before they wire whether the settlement agent at the closing is trustworthy, that is identity verified, trust account verified, license and insurance verified, and civil and criminal background clean. These are the bare minimums that must comprise an effective risk management program for mortgage lending.

Regulations and regulators are heating up. What are you doing to protect your firm, your assets, and your clients?

See more here:

https://files.consumerfinance.gov/f/documents/cfpb_abusiveness-policy-statement-consolidated_2021-03.pdf

As we have written here before, the election of the Biden-Harris ticket was sure to foretell a new regulatory approach to managing banks and banking. Given the “loosening” of oversight in the previous four years where nary a nasty audit was to be found and headline screaming consent orders were few and far between, it is certain that this will now change.

It is common in the rush of high volume business to clear away impediments to quick and easy loan closings. Anything that mucks up the loan manufacturing process creates a bottleneck or logjam and means that a whole host of people are unhappy, particularly loan officers and their borrower clients. Often lost in the speed of production is proper risk oversight and well-managed regulatory compliance.

It is clear by the many recent moves by the CFPB, including this latest announcement, that the agency is serious about oversight and consumer protection. More enforcement employees means more audits and more enforcement actions. Now is the time to step back and survey your compliance platform to make sure that you are managing risk from origination through closing. Make sure that your internal reporting is in order and that if you are relying on internal systems and processes to demonstrate compliance with fair lending and consumer protection, that you can show it. You may also want to utilize a third party quality control arrangement to prove your system works. If you are relying on outside vendors, make sure they can offer proper compliance reporting and customer support to help your audit team pass with flying colors.

At Secure Insight we offer a proven method of managing third party settlement risk, backed with 24/7 reporting and a trained customer service department. Our tools have been vetted and passed during audits many times, and we proudly stand by our decade-long track record: over 12 million successful loans closed under our watch, protecting nearly $3 Trillion in funding wires.

For more on the topic see the MBA news article which was published yesterday here: https://newslink.mba.org/mba-newslinks/2021/february/cfpb-goes-on-hiring-spree-as-it-looks-to-ramp-up-enforcement/?utm_campaign=MBA%20NewsLink%20Monday%20Feb.%2022%202021&utm_medium=email&utm_source=Eloqua

It is only in the past several years that banks and mortgage lenders have faced heightened risk from wire fraud losses. In this time period lenders have been forced to uncover and defend the wide-spread use of various cyber schemes, including basic phishing using mass-market emails, spear phishing, using cyber intrusion tactics to go after specific targets, whaling, using email schemes to target key owners and managers (C-level employees), or business email compromise (BEC), where intruders pretend to be the CEO or CFO.

These schemes all have one purpose: to disrupt operations by gaining access to internal communications and data, with the intention of causing financial harm.

Due to the relatively uncontrolled nature of communications surrounding the closing of mortgage loans, where many different parties come together to close a transaction, the ability of cyber criminals to infiltrate and cause havoc is a continued threat. It is very difficult for lenders to manage the security of information and data being transferred among so many varied parties: the borrower, seller’s attorney, settlement agent, real estate agent, and others, such as property inspectors and appraisers.

Best practices, which are required by financial regulators and by some state data privacy and security statutes (i.e. New York and California come to mind) should include:

1. Ensuring all employees use encrypted email tools when transmitting confidential borrower and transaction data;
2. Prohibiting employees (many of whom are no working from home) from using personal emails and from storing lender and borrower data and documents on unprotected local servers;
3. Requiring sterile home work environments, protecting sensitive consumer and financial information from the prying eyes of anyone without a need to access such information, including family members, neighbors and guests;
4. Training employees inidentifying email phishing schemes, especially whaling schemes, so that they do not inadvertently allow bad actors in through the “front door;”
5. Educating consumers about phishing schemes and how they may impact their transaction, especially through attacks on their personal email accounts;
6. Insisting that all transaction partners verify any wire instructions and adopt a red flag policy whenever wire instructions change abruptly in the midst of a transaction;
7. Adopting password protection policies that require all employees to change access passwords to all systems on a regular basis;
8. Conducting (or outsourcing) system security checks, including penetration checks to expose any weaknesses and vulnerabilities in your technology systems; and
9. Employing a robust vendor management risk assessment and monitoring program to make sure that outsiders whom you allow to access your consumer and financial data (a) are who they say they are, (b) are low risk actors, (c) employ their own internal controls managing their employees and systems, and where they are receiving proceeds (d) have verified trust accounts.

At Secure Insight we were the first company to specifically address fraud surrounding the closing transaction as it impacts consumers and lenders. We built the first ever database of professionals that addressed entity and individual risk, and the first process to verify trust accounts directly at the source. In ten years and after millions of successful closing transactions we offer a reliable SaaS solution to helping you fight mortgage and cyber fraud. For more information visit http://www.secureinsight.com.

When vendors allow employees to work from home, lenders face heightened service provider risk due to significantly relaxed operational oversight as well as non-sterile work environments where sensitive data can be lost or exploited more easily.

Recent industry and news reports have discussed widespread efforts to make permanent work at home rules for employees. In fact the MBA has had discussions with regulators regarding loan originator office rules to allow MLOs the ability to work from home and still meet all licensing requirements. When large numbers of mortgage industry vendors moved their operations to employees’ homes, the risk for potential fraud and error in providing services increased dramatically. After many months, as routine has set in, and as companies show very few signs of changing their work from home rules, the risk continues to increase endangering lenders and their consumer clients.

While work at home during COVID is a convenience and in some cases mandated by the health emergency it is not conducive to proper operational oversight, compliance and risk management. Access to lender financial documents and consumer non public personal and banking data is difficult to manage: “out of sight is out of mind.”

Unfortunately for lenders. the increased difficulty in managing vendor risk due to work from home rules does not excuse their regulatory compliance obligations. Quite the opposite. Lenders are expected to up their game in managing vendor risk and ensure they are taking reasonable steps to ensure proper oversight for the scope and size of their business. This is when do it yourself vendor management becomes costly and difficult to implement, requiring lenders to seek competent outside sources to replace or supplement their internal vendor oversight departments.

We have written before about the Biden Administration’s commitment to enhanced regulatory oversight. The new CFPB director is cut from the Elizabeth Warren cloth of governance which means more audits, more litigation, more consent orders, and more fines and penalties. As rates eventually rise and rate and term refis dry up, business will slow, risk of buybacks and transaction defects will increase, and audit notices will start to arrive. Lenders need to take action now to evaluate their compliance tools and prepare for a new normal that will require sophisticated, evidence based, technology driven vendor management solutions.

A common industry saying back in the last banking crisis was, “why rent money,” which meant that prudence requires you to take steps to make sure today’s business decisions do not result in tomorrow’s financial loses. We think this is very good advice for this year.

Well it didn’t take long. We have been predicting for the past few months that the new Biden Administration would start to get much tougher on mortgage lenders. Especially as lenders are now seeing record revenues and profits; lots of deep pockets to collect fines and penalties.

On January 15th, the CFPB announce it had filed litigation against First Alliance Lending LLC as well as its owners over its lending practices. The lawsuit, filed in Federal Court in the State of Connecticut alleges, among other things, that “unlicensed 1st Alliance employees routinely and illegally engaged in mortgage-origination activities and interactions with consumers that required the employees to be licensed under the applicable state laws, in violation of the Truth in Lending Act and Regulation Z,” and that “1st Alliance employees regularly required consumers to submit documents for verification before issuing the consumer a Loan Estimate, in violation of the Truth in Lending Act and Regulation Z,” and also that “on thousands of occasions, 1st Alliance employees denied credit to consumers based on information in a consumer report or in response to an application but did not give the consumer the “adverse action” notice required under the Fair Credit Reporting Act or the Equal Credit Opportunity Act.”

What is unique about this lawsuit is that traditionally these type of operational issues would be uncovered in a state audit, set forth in a consent order and result in negotiated fines paid to a state department of banking. Historically the CFPB has focused on larger, more significant legal issues rather than operational compliance matters. However with this lawsuit, matters traditionally dealt with locally are being elevated to federal court and dressed up as an underlying “business model incorporat[ing], in part, a series of deceptive acts or practices, unfair acts or practices, or both, that harmed or posed a substantial risk of harm to consumers.”

Once again we remind our clients and their peers that compliance matters are now back in the white hot spotlight of aggressive federal regulators. Please assess your compliance and operational risk management practices and procedures. If you cannot handle something, outsource the oversight and management to a qualified vendor partner.

As always, Secure Insight stands ready to assist you with wire fraud, mortgage fraud and overall vendor risk management and reporting. After 12 Million successful mortgage transactions supervised by our SaaS platform, without a loss, we have a track record you can rely on to survive and thrive in any state or federal audit.

Be safe out there friends!

According to Housing Wire today, “President-elect Joe Biden announced several appointments Monday, including FTC Commissioner Rohit Chopra to head the Consumer Financial Protection Bureau.”

“Chopra is a CFPB veteran, having previously served as assistant director, where he was the bureau’s top student loan watchdog. In 2011, the Secretary of the Treasury appointed him to serve as the CFPB’s student loan ombudsman, a new position established in the financial reform law. As one of Sen. Elizabeth Warren’s, D-Mass., first hires as she constructed the CFPB, Chopra was on the ground floor as the bureau was built. He has also served as special advisor at the U.S. Department of Education.”

As we predicted, this move was expected and signals a shift towards greater regulation of the mortgage banking industry and the financial industry generally. Lenders need to examine their regulatory and compliance tools to make sure they are prepared for stepped-up oversight, more frequent audits, and consent order/penalties for non-compliance. This will not be a “hands-off” agency.

In addition, look for enhanced regulatory scrutiny regarding lending bias, consumer protection, and data privacy and security issues.

For more about how Secure Insight can help you prevent wire and closing fraud and also help you meet your obligation to protect consumers from harm, visit us at http://www.SecureInsight.com.