Magazine article Mortgage Banking

Real Estate Data Security in a New Age of Compliance

Magazine article Mortgage Banking

Real Estate Data Security in a New Age of Compliance

Article excerpt

The National Association of Realtors[R]' (NAR's) 2014 Member Profile survey showed 94 percent of Realtors prefer to use email when interacting with clients or customers. A 2014 investigation by HALOCK Security Labs, Schaumburg, Illinois, found 70 percent of mortgage lenders allowed customers to send sensitive information through regular email. The research also found most of the top U.S. lenders followed the same non-secure practices as small lenders.

The combination of these practices sets up a ripe environment for data breach, loss of reputation and the likelihood of the "long tail of compliance" to hit hard.

Major data breaches, identify theft and data security issues are grabbing headlines. Computer hackers can steal with relative impunity.

Smart ones also realize the most vulnerable companies are small to midsized, especially real estate professionals who hold large amounts of transactional funds in escrow and traffic--the same highly sensitive personal information as their larger business partners.

Regulation and compliance to protect personal data have already been embraced by financial institutions. Now regulators are focusing on smaller companies, making it clear financial institutions must ensure their transaction supply chain service providers, as well as other vendors that handle such data, also show compliance with the same rules.

Let's be frank about the real estate transaction business, which includes mortgage lenders, underwriters and title and settlement agents. Real estate pros

are constantly engaging these supply chains, including mortgage servicers when the new loan is ultimately set up for payment. This, in effect, extends the risk to consumer privacy and makes the servicers even more responsible for protecting clients' money and non-public personal information (NPPI).

Yet, only now are smaller real estate settlement service providers starting to invest in network, physical and administrative security as required by the Gramm-Leach-Bliley Act and Federal Trade Commission (FTC) privacy safeguard regulations.

Lenders, regulators and title underwriters understand that independent title and settlement agents (ITSAs) play a critical role in facilitating mortgage finance transactions. These mostly small, closely held companies possess the local knowledge, expertise, efficiency and coverage required, and provide consumers, lenders and title underwriters with the ability to consummate transactions nationwide. They also help produce solidly closed, accurate loans for the lender to hand off to servicers down the road.

Beyond ensuring lenders are primary lien holders, the role an ITSA plays requires extensive contact with consumers and lenders. They handle highly sensitive NPPI and receive and disburse large sums of funds. This requires lenders, consumers and scores of parties to reach beyond the traditional expertise of ITSAs and rely upon their adherence to a score of expanding federal and state laws, rules and regulations.

On Oct. 30, 2013, the Office of the Comptroller of the Currency (OCC) raised the compliance bar for banks. This OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance," could impact our industry more directly and in a more comprehensive manner than the OCC's earlier bulletins regarding privacy and a lender's responsibility for its supply-chain vendors.

The OCC raises concern that banks may generally have failed to assess risks associated with third-party providers, perform due diligence and ongoing monitoring, and enter into agreements properly assessing internal risk management capabilities. The OCC now expects "more comprehensive and rigorous oversight and management of third-party relationships that involve critical activities, [including] significant bank functions (e.g., payments, clearing, settlements custody)." This heightened expectation thus places banks and ITSAs even more squarely in the regulatory cross-hairs. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.