Brokers act as the gatekeepers of customer informationMichael BlairFraud, Unethical, NAMB Code of Ethics
As the main point of contact for many borrowers, brokers are
tasked with maintaining a high level of integrity. In much the same
way that financial institutions are charged with ensuring the
security and confidentiality of customer records and information,
brokers are similarly responsible for protecting against any
anticipated threats or hazards to the security and integrity of
borrowers information. As witnessed in recent months, mismanagement
of borrower information can lead to identity theft and,
subsequently, broker excommunication from state and national
affiliations. With privacy concerns at the forefront of borrowers
minds due to recent increases in fraudulent activity, financial
institutions are taking extra precautions to ward off potential
security violations.
The National Association of Mortgage Brokers has a strict policy
in place regarding fraud and unethical behavior. NAMB works closely
with regulatory bodies to identify brokers who are found guilty of
harmful business practices and, subsequently, to revoke their NAMB
membership. This action effectively removes brokers from the NAMB
Web site directory and erases their likeness from any affiliation
with NAMB whatsoever.
Whats important is building trust with the borrower. I try to
educate my customers on the entire process and let them know there
is a conscious effort to protect their privacy, said Gary Bogue, a
broker with Alpharetta, Ga.-based Neighborhood Mortgage. I cant
speak for other brokerages, but in our office, all borrower
information is kept under lock and key, and paper documents are
shredded before they are taken away. We use an encrypted layer when
sending documents over the Internet to protect sensitive borrower
information. Ideally, the passwords for entry into each computer
should change monthly.
With predatory lending and identity theft on the rise,
regulatory bodies are making inroads into many brokers and lenders
lives. This heightened inspection of lending practices is nothing
new, and meanwhile, fraudsters are learning new tricks to keep
brokers on their toes. While ensuring the security of borrower
information is the law, it is also a good business practice. By
demonstrating a genuine concern for the safety of consumers
personal information, brokers stand to increase consumer confidence
levels and develop long-lasting borrower relationships.
The Gramm-Leach-Bliley (GLB) Act deals with financial
institutions responsibility in protecting the security and
confidentiality of customers non-public personal information such
as names, addresses, phone numbers, bank and credit card account
numbers, income and credit histories, and Social Security
numbers.
In accordance with GLB, the Federal Trade Commission (FTC)
enacted the Safeguards Rule on consumer financial privacy in May
2003 that requires financial institutions under FTC jurisdiction to
have a security plan to protect the confidentiality and integrity
of consumer records and information.
Also falling under the requirements of GLB is the Financial
Privacy Rule, which requires financial institutions to disclose
privacy notices to customers explaining the financial institutions
information collection and sharing practices. This rule empowers
consumers to limit certain types of information from being
shared.
Oftentimes borrowers are unaware that the information they are
sharing can be very damaging if mismanaged. It is my responsibility
as a broker to remind them to take safeguards and educate them not
only about the mortgage process, but also that handing out personal
information is something that should be done cautiously, said
Bogue. I like to get to know my borrower and invest the necessary
amount of time discussing the entire process with them. When you
take the time to prepare the borrower and inform them of the
procedure, they become knowledgeable and, therefore, less likely to
be taken advantage of at any point in the process.
Each brokerage will likely have a different security policy in
place, thus making it essential to instruct and regularly remind
all brokers within each organization of the individual policy
guidelines. Financial institutions may choose to impose
disciplinary measures for any security breaches, in addition to
fines delivered by the FTC. It should be each brokers personal goal
to ensure the security of borrowers data throughout the life cycle
of customer informationfrom data entry to data disposal.
It would behoove brokers to take proactive measures that include
implementing safeguards to protect borrower information. Brokers
can even take such basic steps as locking rooms and file cabinets
where consumer information is stored, using password-activated
screensavers and changing passwords periodically.
While brokers are now encouraged to report any suspicious
activity immediately to the proper law enforcement officials, the
U.S. government is seeking regulations that would require loan
brokers to report suspicious activity in the origination process.
On May 4, government officials stated during a press briefing at
FBI headquarters in Washington, D.C. that suspicious activity
reports are only filed by federally insured or regulated financial
institutions because loan brokers do not have to comply with the
Bank Secrecy Act, which criminally penalizes financial institutions
for not reporting to federal law enforcement authorities any
suspicious transactions.
Additionally, brokers can facilitate secure data transmission
over the Web by encrypting sensitive borrower information using a
Secure Socket Layer before transmitting electronically over
networks or storing online. When a borrower completes and submits
an online form, the information traverses the Internet and arrives
at the computer server on the brokers end. Without encrypting this
information, a hacker can gain access to the path between the
computers and subsequently reassemble the informationessentially
making a photocopy as the information passes by.
Of equal importance in the chain of borrower information events
is the secure disposal of that information. To accomplish this
step, a brokerage may choose to designate a records retention
manager to supervise the disposal of records containing non-public
personal information. A simple, yet crucial, step in the disposal
process is shredding customer information recorded on paper and
storing it in a secure area until a recycling service picks it up.
Brokers also should delete consumer data when disposing of
computers, diskettes, magnetic tapes, hard drives or any other
electronic media that contain consumer information.
In November of 2004, the FTC charged two mortgage companies with
violating the agencys GLB Safeguards Rule for failing to have
reasonable protections for customers sensitive personal and
financial information. Both Nationwide Mortgage Group Inc. and
Sunbelt Lending Services Inc. were in violation of the basic
requirements set forth by the GLB Safeguards Rule. The settlement
with Sunbelt bars the company from future violations of the
Safeguards Rule and the Privacy Rule and requires biannual audits
of Sunbelts information security program by a qualified,
independent professional for 10 years.
In the end, fraudulent activity resulting from poorly managed
borrower data is not only bad for the borrower, but also the
financial industry as a whole. In working together with regulatory
agencies and one another, brokers can promote the industry and
themselves in a positive way to ensure that borrowers loyalty and
trust remain with them.
Michael Blair is chief executive officer for TrueClose LLC.
He may be reached at (724) 820-1300 or
[email protected].
