There’s so much to keep tabs on … increasing regulation, rapidly fluctuating market conditions, changing lender relationships and more. Properly managing it all can make you feel like an air traffic controller. Here is one more thing that you should be aware of: The “Red Flags” rules, which go into effect May 1. By this date, it’s important to have detailed policies and procedures in place to effectively detect, prevent and mitigate identity theft. These rules, which have been in the pipeline for more than a year, call for an alert, proactive attitude toward protecting customers, including mortgage customers. Although there aren’t any criminal penalties for not following these rules, violators could be subject to civil monetary penalties. So consider identity theft a big “blip” on your personal radar.
Understanding the rules, and committing to following them, is just the first step. There’s the practical matter of being able to catch everything and prevent incidents. The latest technology can help you stay on top of it all without breaking a sweat.
How the “Red Flags” rules came to be
Each year, despite the best efforts of financial institutions and law enforcement, identity thieves devise new ways to steal personal information. In 2007 alone, more than 250,000 identity theft complaints were received by the Federal Trade Commission (FTC), according to media reports.
Because of this ongoing concern, and the need for intensive action, a number of agencies including the FTC, bank regulatory agencies and the National Credit Union Administration created the Red Flags rules, as part of the Fair and Accurate Credit Transactions Act (FACTA) of 2003, technically Sections 114 and 315. Identification and detection of patterns, practices or specific activities that could be related to identity theft are required, along with guidelines on specific, continual responses.
Who needs to be aware of this? Professionals at any financial institution that hold a “transaction account” belonging to a customer. This can include local banks, savings and loans and credit unions. Importantly for mortgage brokers, it also includes creditors, and the so-called “covered accounts” include mortgages. Also in the mix are finance companies, utilities and telecommunications companies.
What to look for
So how can you prevent identity theft as instances occur? There are several key pieces of information to look for, including:
◄ Alerts, notifications or warnings from consumer reporting agencies that suspicious activity may have taken place. This can include anything from excessive inquiries for information to an unusually high number of financial transactions, both of which might indicate fraud.
◄ Suspicious documents or personal identifying information. This would include documents that appear to be forged or contain information inconsistent with other pieces of identification.
◄ Unusual or suspicious activity on an account—noticeably different from typical activity.
◄ Information that comes directly from customers, victims of identity theft or law enforcement authorities.
Ongoing awareness is key. Some fraud can be caught in person, but technology is a great partner. There are plenty of services that provide pieces of information that can serve as notice about potential identity theft. The challenge is gathering all the information in a meaningful and easy-to-use way.
For example, each of the three major credit bureaus—Equifax, Experian and TransUnion—offer fraud prevention services as part of their credit report services. They flag phone numbers and addresses considered high risk, and when application information is submitted that doesn’t match what is already on file from the customer.
The systems also reports if there have been excessive credit inquiries on a given Social Security number, and tracks the use of Social Security numbers for deceased individuals or numbers not yet issued. Luckily, there are providers that consolidate information from the three agencies into one report.
Here’s another resource: Alerts by the Office of Foreign Assets Control (OFAC) allow a professional to automatically check borrower records against the U.S. Treasury’s master list of Specially Designated Nationals and Blocked Persons, which contains thousands of individual names. These individuals may be more likely to commit fraud.
There’s assistance from the Internal Revenue Service (IRS) that can be helpful as well. For example, TRV (tax return verification) reports provide a streamlined method of verifying a borrower’s tax information by electronically comparing the income-related lines of the borrower’s tax return with the same lines on file at the IRS. This data can be obtained on any individual or business that has authorized the release of this information in connection with an application for credit. Any variations uncovered can be highlighted in an easily read report. TRVs offer further protection against fraud by verifying that the applicant’s information matches Social Security Administration files.
What you’ll need to do
Just like an air traffic controller needs to make the right decisions without panicking, so will you as a mortgage professional. It’s all about having a plan in place focused on prevention and reaction to incidents.
A big step is putting your program in writing, and in as much detail as possible. Not only must you say how you will work to prevent identity theft and mitigate it if it happens, you must be able to explain how you will update and execute on this plan for the future. You’ll need to think through how employees will be trained, and how this will be verified and continually improved upon. Importantly, there needs to be buy-in from senior leaders within your company, since they are ultimately charged with overseeing the program.
Like a successful air traffic controller, a mortgage professional needs to rely on the right technology and expertise to keep everything moving smoothly. Taking a few important steps where identity theft protection and compliance with the Red Flags rules are concerned will keep your business under firm control.
Steve Grant is president of Credit Plus Inc., a credit information services provider since 1928. He can be reached by phone at (800) 258-3488.
