Over the past few months, we, as a lender (The Lending Company in Scottsdale, Ariz.), have embarked on what became a tedious journey through the rules of being Red Flag compliant. Little did we know just what all was involved. In the process of negotiating the maze of rules and regulations, we found that nearly every area of our operations could be challenged to improve.
Mortgage fraud detection is a priority of the quality control management with every responsible lender. Until the release of the Fair and Accurate Credit Transactions Act (FACTA) Red Flag Identity Theft Rules by several agencies of the federal government, it could be said that few lenders believed identity theft was a serious issue behind the closed doors of our offices. Most believed this was more the problem of Internet security and the common neighborhood thief. That was until today.
Upon learning of the new regulations and the deadlines set for becoming compliant, we investigated industry-recommended vendors and tools to assist us in meeting the requirements. Being both a retail correspondent consumer-direct lender and wholesale lender selling programs to mortgage brokers, we had to determine what was needed on either front. What were our responsibilities? Where might we be vulnerable? Was simply being compliant enough?
The most obvious was in reading credit reports. What we didn't realize were that discrepancies in a credit file had just as much to do with possible identity theft as it did with the potential mortgage fraud we as lenders are accustomed to underwriting. Looking through the glasses of identity theft causes us to dig deeper into any possible inconsistencies. But it didn't stop with reading credit reports.
Where else were we leaving our clients and borrowers open to the possibilities of becoming victims of identity theft? We began looking at every area where a borrower's information flows through our offices and the loan process itself. It was startling to discover all the different points where that information was exposed and as a lender, didn't even realize what was at stake. Just to name a few:
Potential Red Flag: Borrower's application and supporting documentation being transported between offices and the client's place of meeting.
Solution: All loan officers must have the ability to lock and secure borrower's information upon receipt and until delivery to the loan processing center. All borrower information must be delivered to processing centers within 48 hours of receipt.
Potential Red Flag: Open desks with borrower's personal information in clear vision of others.
Solution: All borrower files and personal information is to remain in the lockable file cabinet until such time that file is being worked on. If the employee leaves their desk for more than 30 min., all files must be locked in said file cabinet. No files are allowed to be left on any employee desk overnight or during lunch breaks, unless private office can be securely locked. If private offices are accessible by cleaning and maintenance crews during or after regular business hours, then files must be locked in file cabinets until employee returns. This also required that we re-key all file cabinets to insure the above could be executed.
Potential Red Flag: Third-party-originated loan application files where the lender had little or no control over the borrower's personal information prior to submission to said lender for loan approval underwriting.
Solution: Require all approved brokers to submit all files with Red Flag Checklist stating that the broker took the necessary steps to protect the borrower information and that they determined that the borrower's information was accurate and identity verified.
Potential Red Flag: Having so many different employees involved in the loan process and missing the Red Flags.
Solution: At final quality control (QC), having the Red Flag Checklist in the file and completed by each employee along the process, but reviewed by final QC to better monitor possible infractions or missed red flags.
These were just a few of the areas that were made obvious when we applied the Red Flag assessment to our operations. Becoming Red Flag compliant was more than simply meeting the requirements of the federal government. As a lender, we did not want the legal exposure should it ever be determined that we did not properly protect a borrower's information. We have gone so far as to provide each customer we do business with, a one-year policy of identity theft protection at our cost. If our goal is to create long-term relationships with our borrower clients, then it is our duty to protect them in every way possible. As a result of becoming and remaining Red Flag compliant, those relationships and our business will flourish.
Ron Cahalan, CMPS is sales manager of Scottsdale, Ariz.-based The Lending Company. He is also a published author of three books, Confessions of a Mortgage Banker, Lenders Are Liars, and co-author of the national best-seller, WakeUp Live. He may be reached by phone at (480) 621-4256.
