Skip to main content

TransUnion settles largest class action lawsuit in history

Aug 17, 2008

Are you ready for the new identify theft regulations?Jim JorgensenFair and Accurate Credit Transaction Act, identity theft, Mortgage Loan Fraud, Financial Crimes Enforcement Network, CrossCheck Compliance The federal financial services regulatory agencies have developed new rules and guidelines to require financial sector organizations, including the mortgage industry, to better protect consumers from identity theft. The new rules, which are outlined in the Fair and Accurate Credit Transaction Act (FACTA), were effective on Jan. 1, 2008 with mandatory compliance by Saturday, Nov. 1, 2008. Basically, each financial services company and creditor that holds any consumer account, in which there is risk of identity theft, must develop and implement an identity theft prevention program for combating identity theft in connection with new and existing consumer accounts. It is important to note that there is not an easy off-the-shelf solution to be implemented. The regulators will be looking closely at how each organization implements an identify theft program. The first step in creating an identity theft program is to conduct a risk assessment. The purpose of the risk assessment is to determine the extent of the need of the identity theft program and to specifically identify the accounts the program must address. The next step in the program development is to document the relevant patterns, practices and specific forms of activity that are the red flags which signal possible occurrences of identity theft. Red flags are risk events, which, with appropriate controls, will be prevented from occurring and/or detected if occurred. The identity theft regulations provide 26 red flag examples to be considered for the organization's red flag library. These 26 red flags are considered a starting point. The regulations require an in-depth review of the organization to develop a red flag library that is specific to the organization. Following the red flag identification step, the next step is to develop procedures to prevent and detect red flags, as well as providing for an effective response to the red flags. Preventative controls are the most ideal controls, but typically, are more expensive to implement than detective controls. As with any control implementation, the benefits of the control should exceed the cost of the control. When determining the cost/benefit of controls, one should not forget about intangible benefits, such as the avoidance of harm to the companys reputation due to a breakdown in identity theft controls. Mortgage identity theft Identity theft continues to be a significant problem in the mortgage industry. The April 2008 report, Mortgage Loan Fraud, published by the Financial Crimes Enforcement Network (FCEN) reported that suspected identity theft in conjunction with mortgage fraud increased 97 percent from their previous study in 2006. Mortgage identity theft involves an attempt to obtain credit using another person's identity. In other words, it involves the misuse of information with the intent to deceive or mislead the lender into extending credit that the lender would not have likely offered if the true identity had been known. The fraud perpetrators abscond with the proceeds of the loan with little or no intention to purchase or occupy the house. Victims of mortgage fraud identity theft have had their properties encumbered with loans or property titles fraudulently transferred, effectively having their homes stolen. In their April 2008 report, FCEN provides some real world examples of mortgage identity theft: •Individuals stole the identity of a property owner to sell the property to another individual using a stolen identity. In this scheme, the existing mortgage on the property was paid off with a new mortgage. The perpetrators received the difference between the sales price and the loan payoff. This fraud scheme is more profitable when perpetrated against homeowners with a large amount of equity in their home. The legitimate homeowners discover the fraud when they are informed that their mortgage has been paid in full. •Homeowners' identities are stolen to apply for home equity lines of credit or cash-out financing. In this scheme, the borrower applies for multiple loans from multiple lenders on the same property in a short period of time. This allows the identity thief to take advantage of lag time in recording the mortgages. Consequently, the lenders are unable to identify the existence of the other loans. By the time the lender is aware of the other mortgages, the loan payment has already been provided. First payment defaults are the first sign of trouble. Red flags Before an identity theft program can be successfully prepared for a mortgage operation, management must confidently recognize any red flags that are relevant to their organization. There is no standard list of red flags that will apply to every organization. The organization's guidelines, products and procedures will make some red flags more prevalent and others non-existent. Some common red flags surrounding identity theft used to facilitate mortgage fraud are: •The consumer credit report contains one of the following: Fraud alert, active duty alert, notice of credit freeze, address discrepancy, significant number of recent inquiries, an unusual number of recently opened accounts, or accounts that were closed for cause or abuse; •The identification documents and/or applications provided appear to be altered or forged; •Signatures on documents are not consistent throughout the loan file; •The Social Security number provided was never issued or does not match the credit report; •The phone number provided is not valid or is associated with a pager or answering service; •The proposed borrower is not able to provide documents, such as asset or employment documents, that would verify information provided on the application. Borrower requests that mail be sent to "work" address; and •Return mail is received on Real Estate Settlement Procedures Act disclosures or first statement sent. Controls At some point in the origination process, all mortgage loan operations will handle customers' personal identification. The handling of this information can make a difference to the operation's bottom line, as well as the lives of their borrowers. Solid internal controls designed around customized red flags will help any organization avoid the substantial financial losses that always follow mortgage identity fraud. These controls should consist of security, prevention, detection and response measures. Organizations should consider using automated information technology (IT) tools, as well as checklists, suspicious party lists and unbiased, third party reviews to assist in the execution of their internal controls. Internal control measures should be present during the origination, processing, underwriting, closing and funding functions, with each specific identifying data piecesuch as name, address and Social Security numberverified a minimum of three times prior to the funding of the mortgage loan. Best-in-class lending organizations rely heavily on submitting brokers to perform proper, independent due diligence on all loan applicants, including a re-verification of loan documents. It can be as simple as making sure that the borrower's signature matches on all documents, all parties in the transaction present acceptable photo identification and all documents are signed in front of a licensed notary public. Identity theft mortgage fraud can be detected in various phases of the loan process: Pre-funding, post-closing audit, loan default and through reports by victims, law enforcement and even the borrowers themselves. Obviously, prevention of the fraud is ideal through an effective internal control system. If the fraud occurs, then detecting the fraud at the earliest possible point, ideally before funding, is best. Automated IT tools There are many automated IT tools that mortgage companies can use to detect potential identity theft used to facilitate mortgage fraud. The increase in mortgage fraud over the last several years has led many mortgage software vendors to enhance their product offerings. This is especially true in the area of identity fraud. These tools are offered by several established vendors and are often Web-based, which provides convenient integration into the origination process. Some of the more robust tools provide the following: •Social Security number validation; •Name variances, including all aliases utilized; •Office of Foreign Assets Control list checks; •Drivers license number validation; and •Assessment of the borrower information history to detect unusual patterns that are highly correlated with mortgage fraud. Conclusion Creating an effective and customized identify theft program, which will pass the scrutiny of the government regulators, requires a lot of time and effort by the organization's compliance team and management. No doubt, in todays regulatory environment, with more and more regulations being written and dealing with multiple deadlines and exams, this can be overwhelming. The new identify theft regulations can bring the feeling of just one more regulation that has to be addressed. With the proper tone and commitment from organizations' board of directors and executive management, an effective identify theft program can be put in place that protects your organization's customers from the horrible hardship of having their identity stolen. This makes perfect business sense. Jim Jorgensen is president and chief executive officer of CrossCheck Compliance. He may be reached at (312) 346-4600 or e-mail [email protected].
About the author
Aug 17, 2008
Looking For Change Under Every Couch?

Don’t overlook the obvious – employees have ideas for cost savings, too

Jun 10, 2024
New American Funding Announces New Cash-Offer Program

Similar to Opendoor and Homeward, NAF Cash Maps offers buyers a bidding war advantage

Jun 05, 2024
CFPB Issues Public Inquiry On Junk Fees Affecting Closing Costs

Agency seeks to understand why closing costs are up, who is benefiting, and how costs can be lowered.

May 30, 2024
STRATMOR, Teraverde Deal A 'Merger Of Equals'

The recent merger of mortgage advisory firms came without the need to lay people off or make any major staffing changes.

May 23, 2024
NEXA Pays Loan Officers 100% Of Commission Splits

LOs won't pay per-file fees or other hidden fees with NEXA100, says NEXA Founder and CEO Mike Kortas.

May 22, 2024
The Right Prescription

‘Doctor Loans’ making healthy strides in Florida

May 21, 2024