Brokers act as the gatekeepers of customer informationMichael BlairFraud, Unethical, NAMB Code of Ethics As the main point of contact for many borrowers, brokers are tasked with maintaining a high level of integrity. In much the same way that financial institutions are charged with ensuring the security and confidentiality of customer records and information, brokers are similarly responsible for protecting against any anticipated threats or hazards to the security and integrity of borrowers information. As witnessed in recent months, mismanagement of borrower information can lead to identity theft and, subsequently, broker excommunication from state and national affiliations. With privacy concerns at the forefront of borrowers minds due to recent increases in fraudulent activity, financial institutions are taking extra precautions to ward off potential security violations. The National Association of Mortgage Brokers has a strict policy in place regarding fraud and unethical behavior. NAMB works closely with regulatory bodies to identify brokers who are found guilty of harmful business practices and, subsequently, to revoke their NAMB membership. This action effectively removes brokers from the NAMB Web site directory and erases their likeness from any affiliation with NAMB whatsoever. Whats important is building trust with the borrower. I try to educate my customers on the entire process and let them know there is a conscious effort to protect their privacy, said Gary Bogue, a broker with Alpharetta, Ga.-based Neighborhood Mortgage. I cant speak for other brokerages, but in our office, all borrower information is kept under lock and key, and paper documents are shredded before they are taken away. We use an encrypted layer when sending documents over the Internet to protect sensitive borrower information. Ideally, the passwords for entry into each computer should change monthly. With predatory lending and identity theft on the rise, regulatory bodies are making inroads into many brokers and lenders lives. This heightened inspection of lending practices is nothing new, and meanwhile, fraudsters are learning new tricks to keep brokers on their toes. While ensuring the security of borrower information is the law, it is also a good business practice. By demonstrating a genuine concern for the safety of consumers personal information, brokers stand to increase consumer confidence levels and develop long-lasting borrower relationships. The Gramm-Leach-Bliley (GLB) Act deals with financial institutions responsibility in protecting the security and confidentiality of customers non-public personal information such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. In accordance with GLB, the Federal Trade Commission (FTC) enacted the Safeguards Rule on consumer financial privacy in May 2003 that requires financial institutions under FTC jurisdiction to have a security plan to protect the confidentiality and integrity of consumer records and information. Also falling under the requirements of GLB is the Financial Privacy Rule, which requires financial institutions to disclose privacy notices to customers explaining the financial institutions information collection and sharing practices. This rule empowers consumers to limit certain types of information from being shared. Oftentimes borrowers are unaware that the information they are sharing can be very damaging if mismanaged. It is my responsibility as a broker to remind them to take safeguards and educate them not only about the mortgage process, but also that handing out personal information is something that should be done cautiously, said Bogue. I like to get to know my borrower and invest the necessary amount of time discussing the entire process with them. When you take the time to prepare the borrower and inform them of the procedure, they become knowledgeable and, therefore, less likely to be taken advantage of at any point in the process. Each brokerage will likely have a different security policy in place, thus making it essential to instruct and regularly remind all brokers within each organization of the individual policy guidelines. Financial institutions may choose to impose disciplinary measures for any security breaches, in addition to fines delivered by the FTC. It should be each brokers personal goal to ensure the security of borrowers data throughout the life cycle of customer informationfrom data entry to data disposal. It would behoove brokers to take proactive measures that include implementing safeguards to protect borrower information. Brokers can even take such basic steps as locking rooms and file cabinets where consumer information is stored, using password-activated screensavers and changing passwords periodically. While brokers are now encouraged to report any suspicious activity immediately to the proper law enforcement officials, the U.S. government is seeking regulations that would require loan brokers to report suspicious activity in the origination process. On May 4, government officials stated during a press briefing at FBI headquarters in Washington, D.C. that suspicious activity reports are only filed by federally insured or regulated financial institutions because loan brokers do not have to comply with the Bank Secrecy Act, which criminally penalizes financial institutions for not reporting to federal law enforcement authorities any suspicious transactions. Additionally, brokers can facilitate secure data transmission over the Web by encrypting sensitive borrower information using a Secure Socket Layer before transmitting electronically over networks or storing online. When a borrower completes and submits an online form, the information traverses the Internet and arrives at the computer server on the brokers end. Without encrypting this information, a hacker can gain access to the path between the computers and subsequently reassemble the informationessentially making a photocopy as the information passes by. Of equal importance in the chain of borrower information events is the secure disposal of that information. To accomplish this step, a brokerage may choose to designate a records retention manager to supervise the disposal of records containing non-public personal information. A simple, yet crucial, step in the disposal process is shredding customer information recorded on paper and storing it in a secure area until a recycling service picks it up. Brokers also should delete consumer data when disposing of computers, diskettes, magnetic tapes, hard drives or any other electronic media that contain consumer information. In November of 2004, the FTC charged two mortgage companies with violating the agencys GLB Safeguards Rule for failing to have reasonable protections for customers sensitive personal and financial information. Both Nationwide Mortgage Group Inc. and Sunbelt Lending Services Inc. were in violation of the basic requirements set forth by the GLB Safeguards Rule. The settlement with Sunbelt bars the company from future violations of the Safeguards Rule and the Privacy Rule and requires biannual audits of Sunbelts information security program by a qualified, independent professional for 10 years. In the end, fraudulent activity resulting from poorly managed borrower data is not only bad for the borrower, but also the financial industry as a whole. In working together with regulatory agencies and one another, brokers can promote the industry and themselves in a positive way to ensure that borrowers loyalty and trust remain with them. Michael Blair is chief executive officer for TrueClose LLC. He may be reached at (724) 820-1300 or [email protected].