A 2008 report from the Mortgage Asset Research Institute (MARI) stated that identity theft comprised less than one percent of the mortgage fraud schemes across the nation. The new Red Flag Rules has many mortgage operations stressed. What many do not realize is that many of the 26 Red Flag Rules items are being performed on each loan already. Now is the time to capture your procedures by writing them into Red Flag Rules Plan and Program. You can find a copy of the 26 Red Flag Rules by searching the Internet for “Illustrative Examples of Red Flag Supplement A to Appendix J.”
The Red Flag Rules fall into four categories:
◄ Alerts, notifications or warnings from a consumer reporting agency;
◄ Suspicious documents;
◄ Suspicious personal identification information; or
◄ Unusual use of, or suspicious activity related to, the covered account.
Alerts, notification or warnings from a consumer reporting agency
This occurs when the credit report is pulled during pre-qualification or the credit report that is pulled during pre-funding quality control (QC) check. The checklist that may be used for this category may include the following:
◄ A fraud or active duty alert is included with a credit report;
◄ A credit report providing notice of credit freeze in response to a request for a credit report;
◄ A credit report providing notice of address discrepancy;
◄ A credit report providing a pattern of activity that is inconsistent with the history and usual pattern of activity;
◄ A recent and significant increase in volume of inquiries;
◄ An unusual number of recently established credit relationships;
◄ A material change in the use of credit, especially with respect to recently established credit relationships; or
◄ An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor.
Suspicious documents may be detected if the loan officer or processor is trained in what to look for when collecting identification document during loan origination or processing. The rule of thumb is to check and validate, regardless of the commissions and production demands. Some steps of the checking process may include:
◄ Documents provided for identification appear to have been altered or forged;
◄ The photograph or physical description on the identification is not consistent with the appearance of the applicant;
◄ Other information on the identification is not consistent with the information provided by the person;
◄ Other information on the identification is not consistent with readily accessible information that is on file, such as nicknames, alias, middle names used; and/or
◄ Application appears to be altered or electronically recreated.
Suspicious personal identifying information
The use of a report from the Social Security Administration to verify Social Security Numbers (SSN) and Death Master supports this category. Some examples include:
◄ The SSN has not been issued, or is listed on the Social Security Administration’s Death Master File;
◄ There is a lack of correlation between the SSN range and date of birth;
◄ Different addresses were provided on the documentation and identification;
◄ A bogus address can be checked by ordering tax transcripts with a 4506-T from the IRS;
◄ Phone number discrepancies or pager and answering services will come from a manual verification with cross checks from the internet and calling the numbers;
◄ Phone number similar to credit account numbers is usually found on the 1003 when the borrower discloses credit information or when the borrower has account information and uses the account number as a bogus phone number (this activity is very rare); or
◄ Failure to provide additional documentation for vetting or re-verification (the processor/loan officer will discover this while building the loan).
Unusual use of, or suspicious activity related to, the covered account
When the credit report is pulled during pre-approval, many of the Red Flags can be detected, but a second credit report is often pulled the day of closing to monitor suspicious account activity. The mortgage professional who is underwriting and funding loans may want to practice ordering a credit report the day of closing.
Receive a request of new, additional, or replacement cell phone
It is a Red Flag when the borrower is difficult to contact because of a misplaced cell phone or using a relative or friend’s phone.
Available credit is used for cash advances or large withdrawals
This will be detected with a second credit report the day of closing or funding.
Covered account used in a manner that is not consistent with established patterns of activity
Suspicious credit activity will be detected the day of closing or funding when a second credit report is pulled.
For the majority of brokers, good Red Flag Rules practices, such as analyzing the credit report and close examination of the applicant’s identification will meet the Federal Trade Commission’s (FTC’s) standards for Red Flag Rules compliance. However, the larger the mortgage operation, the more of the 26 Red Flag Rules will apply, such as income verification checks with the IRS, and Social Security Administration reports and Death Master File checks, as well as a final credit report pulled the day of funding. Most mortgage professionals have been practicing these procedures for years. All that is left is capturing internal practices and procedures in written form and to have them approved by the principals. Create some type of checklist that can be placed in each file so the state examiners, agencies, investors and lender can see that the Red Flag Rules are checked and signed off by a mortgage professional.
Implementation of Red Flag Rules compliance is easy. The FTC has not created anything new … it has just borrowed compliance standard operating procedures from existing financial institutions and expanded them to other financial entities. Conscious mortgage professionals may want to consider expanding beyond the 26 Red Flag Rules checklist by using Freddie Mac’s “Discover Gold Through Quality, Fraud Prevention Best Practices, Chapter 2” (located online at www.freddiemac.com/dgtq).
I will agree that a mortgage professional has a responsibility to prevent a stolen identity from being used for the purchase of a home, but that same mortgage professional also has a responsibility to protect and prevent a client’s identity from either being stolen or compromised. It is a matter of time before all mortgage professionals will be inspected on data and non-public information security and protection. I encourage all mortgage professionals to begin putting plans and policies together to address the protection and safeguarding of client’s non-public information, while working on the Red Flag Rules program.
MARI’s 2008 “Eleventh Periodic Mortgage Fraud Case Report” shows that identity theft was the type of mortgage fraud least performed, compared to 64 percent in the “General Application Misrepresentation” category and an average of 29 percent “1Q-3Q 2008 Tax Return and/or Financial Statement Misrepresentation” category. I believe the reason identity theft is extremely low compared to other fraud types is because the mortgage professionals are taking Red Flag Rules precautions and are doing a good job of it. The lenders are using pre-funding QC and pre-funding fraud prevention tools that are detecting suspicious activities, which are preventing loans from closing using a stolen identity. With all the bad press mortgage professionals have received in the media, I am excited to see that identity theft ranked the lowest of all fraud classifications and we have all of you to thank because you were doing the right thing and didn’t even know it.
Tommy A. Duncan is executive vice president of Quality Mortgage Services LLC. He may be reached by phone at (615) 591-2528, ext. 124.