Legal and Ethical Considerations Surrounding the Handling of Consumers’ Private Data by Mortgage Lenders

Never have there been so many legal and ethical considerations surrounding mortgage lender handling of consumer data.  There are good reasons for this fact.

Mortgage lenders have access to the most personal and private information owned and guarded by consumers.  This includes their names, age and dates of birth, marital status, home addresses, work addresses and detailed employment and salary information, assets including bank accounts, credit card and debt information, spouse and family members, and credit scores.  This information is collected usually electronically, occasionally manually, and is passed through the hands and eyes of dozens of persons both within and without an organization as the loan process progresses towards a closing.  It is obvious that the handling of this information represents a significant trust factor, as well as offering ethical and legal considerations which must be appropriately managed at the risk of litigation, regulator and reputation costs.

The Gramm-Leach-Bliley Act, Federal Trade Commission rules, CFPB, OCC and HUD directives, and new state data privacy and security laws (i.e. New York and California) among others, all bring specific obligations and the risk of severe penalties to those who fail to “plan and execute.”

HAR CYB M8U1 Fig 2

Managing this problem, like most operational issues, requires a carefully crafted plan to assure the data collected from trusting consumers does not end up being stolen, lost or abused and thereby causing them harm.  Some key considerations every lender should be addressing include:

  • Having a data privacy policy in place that is known throughout the company, backed by a company environment that places the handling of data at the top of its list of risk management priorities.
  • Having a cyber security policy that addresses how stored data can be properly protected fro outside intrusion and internal negligence and bad actors.
  • Enforcing a “clean desk” policy that prohibits employees from having smart phone and other devices in their workplace which might record or copy sensitive data. This policy should also address the proper handling and disposal of paper records through shredding and locked file cabinets, as the case may be.
  • Training all employees from owners and managers to the newest hire on the importance of data privacy and security, the methods of preventing cyber breaches, and the consequences for negligent and intentional acts causing harm to the company and its clients.
  • Engaging proper tools (software, hardware, and third party service providers) to help manage risk and reduce the likelihood of an event.
  • Conducting appropriate evaluation of risk tools and third party providers to ensure they are working effectively and they are not subject to unacceptable risk as well.
  • Establishing a crisis management policy for when something goes wrong so that you can assess, contain, restore and report an event.

Private data (also known as PII-or Personally Identifiable Information) is entrusted to mortgage lenders with the reasonable expectation that it will be handled appropriately throughout the organization.  Next to medical data, personal and financial data is the most coveted private data sought by criminals for its resale value.  Recognizing their unique role in handling this sensitive information, all lenders must plan and execute appropriately.

 

 

 

Successful Risk Management Requires Proper Top-Down Governance

Any organization seeking to adopt appropriate operational risk management policies and procedures must ensure that they have met the five step process to ensure success.  This process focuses on proper governance.  It is not enough to simply “check the box” and hope that wire fraud, mortgage fraud and closing fraud never reach the organization.

The first step is LEADERSHIP BUY-IN.  Unless the “C Suite” decides to make risk management a priority no effective tools or policies will succeed.  There must be top down leadership in this area.  If your chief risk officer (CRO) or chief security officer (CSO) have to “push” their agenda, then the organization is in trouble.  Effective leadership is not only embracing the issue though, it also means effectively communicating it throughout the organization so that even the receptionist and the part-time employees know where you stand on the issue.

The second step is DEFINED HEAD OF COMPLIANCE.  Someone must be placed in charge.  Studies show that management by committee on risk issues results in failure.  Decide who is in charge  and let them manage with minimal interference.

The third step is ORGANIZATIONAL CULTURE.  As mentioned above, everyone has to buy into the  importance of risk and the method chosen to manage the risk.  Frequently in the mortgage industry sales and operations staff push back on risk management and compliance rules and tools because they are viewed as “disruptive” to their departmental goals (more sales, quick closings).  Without the buy-in of these departments measures to address risk of fraud and cyber crimes will not be successful.  Attitudes and behaviors must fall into line with processes and procedures.

The fourth step is CLEAR PROCESSES AND PROCEDURES.  Putting a process into place or using a tool only works if you go beyond the simple framework itself and successfully implement them.  We have seen lenders engage a tool or service and then never use it or only use it occasionally, without any clear policy directives.  Beyond implementation is testing and oversight.  Someone must be regularly making sure that your risk management tools actually work.

The fifth and last step is having a RESPONSE PLAN.  This is important to understand: No risk management tool or policy is foolproof. When an event occurs, whether a cyber breach, wire fraud or other loss, how you react, how quickly you react, and how you learn from the event can be more important than the event itself.  More than one lender recently has found that reputation risk and litigation risk arise when an organization fails to properly react following an event.

The last point to make is that cyber risk and fraud risk must be an “untouchable” line item in your operating budget.  Addressing these issues cannot be the “last in, first out” business decision we see too often.  When business is down, the risk of harm is GREATER because you do not have the economic cushion to absorb a loss. Good leaders, who manage an effective top-down process and set the proper tone about operational risk will not sacrifice protective tools and policies at the first sign of a market slow down.

We spent 12 years studying closing table risk, including 5 years working with risk analysts at Lloyds. Our closing table risk management tool is designed to meet your operational needs, with little disruption, while providing effective management of the risk of loss from cyber crimes that evolve in wire fraud, and all manner of closing and title fraud.  If you are a business leader concerned about closing table risk, please reach out and ask us how we can provide a solution you and your risk team will embrace.

 

 

When a Closing Attorney’s E&O Policy is not Actually Insurance and Why a Lender Should Care

If you are merely collecting a “Certificate of Coverage” on behalf of a closing attorney and passing them through your loan process as meeting your internal risk management protocols you may be in for an unpleasant surprise if a claim arises.

At Secure Insight we do more than collect insurance certificates, we review policies and validate coverage and payment directly at the source: the insurance agency or insurer where the policy originated.  We ask important questions about the validity and extend of coverage, and exclusions, because in the event of an incident a lender needs to know they can offset risk by filing a claim that will be processed and paid under a valid policy of insurance.

Recently we have discovered a rise in offshore, low cost risk-shared E&O coverage plans.  These companies and policies are designed to exploit the high cost nature of E&O for real estate attorneys and other professionals by offering ridiculously low fees for coverage. Notice I said “coverage” and “fees” and not “insurance” and “premiums.”  That is because these policies are not traditional insurance and are likely not worth the paper on which they are written.

Risk sharing groups in the E&O space are based upon the concept of cooperative pooled risk arrangements.  The idea, which has found success in the health insurance area, relies upon the pooling of all plan participant fees to cover expected losses from claims.  The problems with this arrangement  in the E&O space are numerous.

First, the plan is not an insurance product, and therefore is not governed by insurance laws or regulators.  It is not filed or supervised in the United States.  Second, the companies arranging these risk sharing pools are inevitably based outside the legal jurisdiction of the United States making the enforcement of any lawful claim highly improbable and definitely costly.  We are talking Belize by the way, not Canada, by way of example.  Third these companies have no obligation to publish financials or provide any accounting of the fees being collected and supposedly held in a risk pool for the payment of claims.  Fourth, the policies of coverage (they cannot use terms such as insurance and deductible) usually limit the covering company’s obligations significantly.  One policy issued in Belize that I reviewed recently denied any obligation to defend a covered attorney in the event of a lawsuit and created a right on their part to access the attorneys personal and bank records, tax returns, finances and assets so they can recover their losses directly from the covered party!

It appears many attorneys and others are being misled into believing that they can actually receive $2 Million in aggregate insurance coverage for $400 annually rather than $4,000 annually and they will meet their own risk needs and those of their counter-parties in the mortgage industry.  This is certainly not the case.

At Secure Insight we do more than just collect documents, we do real analysis, assign risk ratings, and monitor risk 24/7.  Reviewing E&O “coverage” is just one way we accomplish that and ensure that our lender clients have a real source to offset potential losses and not one that looks like insurance but is really something else.

To our attorney friends: buyer beware!  As my mother used to say, “If it appears too good to be true it usually is dear.”

New Attorney E & O Exclusion Exposes Lender Closing Table Risk in Massachusetts

We have noticed that in Massachusetts, insurance carriers providing attorney errors and omissions coverage have been quietly adding a new exclusion to their new and renewal policies.  This exclusion is known as the “Disbursement of Funds” exclusion, and it creates enhanced risk for lenders in that state in the event an attorney fails to properly disburse funds.  Any “negligence” in this regard will not be covered as it had been traditionally in the past.

The exclusion reads as follows:

“The following acts are EXCLUDED from coverage under this policy: the disbursement or transfer of funds related to (a) the deposit of a counterfeit check or a check with insufficient funds; (b) the lack of a written verification from the issuing bank that the funds are available and valid, (c) a fraudulent scheme, or (d) the failure of any funds reaching the proper party or the intended recipient, for any reason.”

In a discussion with a Massachusetts agent we learned that some insurers are doing this because (i) the cost of wire fraud is becoming unbearable for them and (ii) they want to push attorneys to pay for cyber liability coverage which would help cover some (but not all) of the risk now being excluded.  Cyber coverage is not mandated for attorneys in Massachusetts.

The problem for lenders is that this new exclusion means that there is NO COVERAGE they can attach for reimbursement for a claim where an attorney disburses funds before a deposited check clears (which occurs far too often) or where an attorney fails to follow the closing instructions and disburses the proceeds to the wrong party or in the wrong amount.  Although these acts/omissions rise to the level of negligence, with this new exclusion there will be no coverage.

At Secure Insight we are encouraging attorneys in Massachusetts whom we monitor to acquire cyber liability coverage and also to certify to the adoption of internal policies and practices avoiding the risks inherent in the excluded matters.

As always, it is critical to keep abreast of all changes in all matters which may affect your mortgage lending business.  At Secure Insight we are watching for you, 24-7, 365 days a year to help prevent losses from title and closing fraud.

Stay vigilant and stay clear of fraud!

NYSAR Reports Up Market for Sales in NY, with No CPL Lenders Face More Purchase Mortgage Closing Table Fraud Risk

Lending in New York?  Purchase money business always carries closing fraud risk, however New York business tends to be riskier for many lenders.  The state has high average loan amounts, features instrument recording procedures that delay evidence of mortgage and deed recordings for long periods of time following the closing, and there is no CPL (closing protection letter) in the state.  Lenders doing business in New York should be pleased business is on the uptick, however if they do not have a closing table fraud prevention tool in their arsenal they may be facing more risk of potential losses due to fraud.

The NYSAR report released today stated in part:

“With 46,883 new listings and 29,100 pending sales across the Empire State in the first quarter, the real estate market is trending upwards, according to the housing market report released today by the New York State Association of REALTORS®. New listings were up 4.1 percent from the first quarter of 2018 while pending sales rose 0.8 percent.

Median sales prices were also up in a quarter-over-quarter analysis, rising 6.8 percent to $275,000. The average home sales price increased 1.5 percent as well to $360,526.

While closed sales declined from the first quarter of 2018, dropping 6.2 percent to 24,405 homes, other factors are allowing potential home buyers to remain optimistic. According to Freddie Mac, the 30-year fixed rate mortgage rate has steadily decreased since the beginning of 2019, falling to 4.27 percent, its lowest rate since January 2018.

With the typically strong spring season just around the corner, inventory continues to rise, increasing 3.4 percent to 63,504 homes for sale across the state.  The month’s supply of homes for sale was up 5.6 percent in year over year comparisons to 5.7 month’s supply. A 6-month to 6.5-month supply is considered to be a balanced market.”

 

 

House Flipping Is Back to Pre-Crisis Levels according to NY Times

An article just published by the New York Times trumpets the news that house flipping is popular again.  Those of us who have been in the mortgage industry for the past 10-15 years know that low interest rates and loose credit standards combined with property flipping  fever drove much of the housing bubble in 2003-2008.  That bubble eventually burst when many “flippers” encouraged by late night infomercials promising fast and easy profits in real estate, learned that the housing game can be more difficult than what can be explained in a 15 page pamphlet written by an “expert” and costing $300.00.

The focus on flipping for too many non-experts is profit maximization at all costs.  Profit driven flipping can mean short cuts, substandard renovation work and beyond that appraisal, seller and closing agent fraud involving straw buyers, inflated values, and hidden defects.  It can also create scenarios where unscrupulous investors prey upon inexperienced buyers and construct impossible or fraudulent sales scenarios where everyone but the seller walk away with a serious risk of loss.

In the mortgage industry it is common to state “everything old is new again,” and when we read articles like this one today we cannot help but remember the confluence of easy credit, low interest rates, lots of available inventory and many real estate “newbies” seeking to get rich quick flipping homes for profit.  Lender beware.

Conviction of Attorney and Title Agency CEO for $26 Million Fraud Crime Reinforces Need for Closing Agent Risk Management

According to an article published today in Mortgage Professional America, the former CEO of LandCastle Title, who also served as the managing partner of a real estate law firm, will spend 15 years in federal prison for orchestrating a scheme to bilk his firm out of millions of dollars.

Nathan E. Hardwick IV, 53, operated both LandCastle Title and Morris Hardwick Schneider, a law firm that specialized in residential real estate closings and foreclosures. He was convicted in October of wire fraud, conspiracy, and making false statements to a federally insured financial institution.

Real estate attorneys and title professionals have access to lender funds, lender loan documents (including the note and mortgage), are charged with satisfying liens and judgments and ensuring lien priority.  They also have direct access to consumers and all of the consumer’s personal and financial information.  One a scale of 1 to 10, with 10 being the highest risk tier, settlement agents are in Tier 10.

Lenders must have a comprehensive, ongoing program of evaluating, rating, monitoring such risk as well as taking immediately steps to alter or disengage in any relationship that may cause harm.

Title and closing fraud are, by most estimates, a nearly $1 Billion dollar annual problem.  If you add in wire fraud the numbers escalate.

Ignoring this risk will not make it go away.  The Nathan Hardwicks of the industry will make sure of that.  Be vigilant and remember our motto: “trust, but verify.”

eClosings: Now that they are HERE, do You Know HOW to Conduct Them?

Back in October 2014 the industry had an opportunity to attend a public information session in Washington, D.C. organized by the Consumer Financial Protection Bureau (CFPB).  The meeting was called to announce the results of a public commentary period regarding mortgage closing experiences as well as to announce details of the CFPB’s eClosing initiatives.

The eClosing pilot launched publicly at that time was part of the CFPB’s “Know Before You Owe” mortgage initiative, and the companies participating in the pilot were a mix of technology vendors providing eClosing solutions, and creditors that had contracted to close loans using those solutions. These included Accenture Mortgage Cadence, DocMagic, Inc., eLynx, Pavaso, Inc., and Pierson Patterson, LLP, as vendors, and Blanco National Bank, Boeing Employees Credit Union, Flagstar Bank, Mountain America Credit Union, Sierra Pacific Mortgage, and Universal American Mortgage Company, as lenders.  The participants agreed to work together to examine how electronic closings might help both consumers and lenders save time and money and establish a better, safer consumer experience.

Much has transpired since then, and as we pass the four year mark since that day the landscape regarding eClosings has changed drastically.  Today eClosings are a reality, with a growing number of mortgage lenders adopting the technology platform that allows a borrower to credibly review and execute closing documents electronically.  In addition advances in technology, along with a bit slower regulatory authorization among the states, has made digital and remote notarization an integral part of the eClosing experience.

Lenders are embracing eClosings, slowly but surely and are now seeking to locate settlement professionals, attorneys, title agents and notaries who actually know how to manage an electronic closing transaction.  Consequently eClosing education and training has become a necessary and important resource to match lenders willing to embrace digital mortgages and eClosings with professionals trained to properly manage the process for them during the closing segment of the mortgage manufacturing process.

US Treasury Department Supports the Expansion of e-Closings and e-Notarizations in Mortgage Industry

Industry publications are reporting that after a period of research and review the US Treasury Department is encouraging lenders and states to pursue e-closing and e-notarization technology to make residential mortgage transactions more convenient for consumers.

The American Land Title Association (ALTA) also released a statement today indicating that its leadership recently met with Treasury officials to assist them in their evaluation of e-closing technology and its impact on consumers.

The focus of regulators has been on data integrity and security, document formatting and recordability, identity protection, and anti-fraud measures to ensure the closing process is not corrupted by users of the new technology.

Industry leaders such as DocMagic have been slowly gaining market penetration with e-closing software but the learning curve has been steep for some lenders and closing professionals.  Many professionals have heard of it but few have actually conducted an e-closing or supervised an e-notarization.

There is no doubt however that e-closings and e-notarization are a big part of the future  growth of the mortgage lending industry.

 

When Do Title and Settlement Services Constitute the Unauthorized Practice of Law? Rhode Island Gives Notice.

Sometimes the line between services provided by non-attorney title and settlement professionals and those by lawyers becomes blurred.  This happens in states where it is common practice for a title agent representative to appear at a mortgage closing and in the course of managing the title and disbursement side of things, fill in on a review and supervised execution of the bank documents as well.  In some cases this is to fill a void where a seller or buyer show up without legal representation (by choice), but in other cases it may be that no attorney is traditionally involved (a refinance closing).

Reviewing loan documents, answering questions about contract and mortgage agreement details often can be seen by some as merely elements within the broader “title and settlement” functions often performed by non-lawyers. However title and settlement agents who are not lawyers need to be very careful about crossing the line and creating liability for themselves and their companies, as well as possible civil or criminal penalties if the activity is reported.

Recently the Rhode Island Supreme Court Unauthorized Practice of Law Committee heard a complaint filed by an attorney against a title and settlement firm in that state where a non-layer owner of that firm appeared and gave advice to the seller in a sale transaction.  The advice, which went above and beyond title searches, title insurance and document recording, caused a legal issue that impacted the transaction.

The company appeared at a hearing to defend itself asserting that the services were “common practice” in the state and that the owner asserted throughout that he was “not a lawyer.”

The Committee took a different view, and although acknowledging that the State had carved out an exception in civil and criminal statutes for title agents for the “unauthorized practice of law” the carve out was not a blanket safe harbor for the performance of traditional attorney-client services.  After all, conducting property title transfer searches, public records searches, and issuing insurance is not the same thing as drafting and reviewing contracts, explaining legal documents, answering questions about legal issues, and negotiating the resolution of business and legal disputes (including short sales).

While not sanctioning the company (it had no power to do so) the Committee did unanimously agree that the actions of the title agent constituted “unauthorized practice of law” and referred the matter to the state legislature to strengthen existing statutes to close any real or perceived loopholes.

In its conclusion, the Supreme Court Committee stated:

“[T]he following acts constitute the practice of law and can only be performed by a
lawyer: (a) conducting a title examination to determine the marketability of title,
(b) conducting a real estate closing, (c) drafting a deed on behalf of a party to a real
estate transaction, (d) drafting a residency affidavit on behalf of a party to a real
estate transaction, and (e) drafting a power of attorney on behalf of a party to a real
estate transaction.

The Committee further recommends that the aforementioned services, as the practice of law, can only be performed by lawyers in either an unincorporated law firm or as a law firm licensed by the Supreme Court….”

As a result all settlement professionals not licensed to practice law (title agents, escrow officers, notaries and real estate agents) take heed.  Crossing the fine line between your regulated role and the traditional role played by attorneys in the real estate transaction may create legal liability for your and your company.