Most Voters Say CFPB Should be Run By Bipartisan Commission

A poll commissioned by ALTA, the Consumer Bankers Association and Independent Community Bankers of America, found that 58 percent of registered voters in key battleground states say the Consumer Financial Protection Bureau (CFPB) should be run by a bipartisan commission.

Morning Consult, which polled voters in Indiana, Maine, Michigan, Missouri, Montana, North Dakota, Ohio and West Virginia, found that three in five voters said a commission would lead to consumer protections that are fairer, more accountable, more representative and more transparent. The poll, which found that just 14 percent said the CFPB should keep its current structure, shows that consumers support structural changes at the bureau.

“It's hard to find any policy position in Washington that a majority of Americans agree on,” said ALTA CEO Michelle Korsmo. “So when 58 percent of consumers said the CFPB’s authority to supervise financial institutions, write rules and enforce penalties is too important to be controlled by a single director, Congress should listen to them.”

Converting the CFPB into a bipartisan commission would make the agency similar to the Federal Deposit Insurance Corporation, the Federal Reserve Board and the National Credit Union Administration. Three of the five federal banking regulators also are led by commissions. The other two, the CFPB and the Office of the Comptroller of the Currency, are led by single directors.

Changing CFPB leadership from a single director to a commission is an issue with bipartisan potential. In meetings last year with the heads of partner trade associations, ALTA found support for a narrow bill focused on a commission. This initiative garnered support from moderates on both sides of the aisle. This year has been different as legislators on both sides of the aisle have staked out extreme positions on the issue. On the left, Senator Elizabeth Warren (D-MA) is devoted to protecting the current structure of the CFPB at all costs. On the right, Chairman Jeb Hensarling (R-TX) is seeking to severely limit the power of the CFPB as part of his Financial Choice Act.

“CBA and its members have long championed what the poll results revealed: a bipartisan commission at the CFPB would increase accountability, fairness, and transparency,” CBA President and CEO Richard Hunt said. “With the 2018 elections coming up, members of Congress in key battleground states may find these results useful, as voters, regardless of party affiliation, believe the best way forward for consumers and small businesses is through a commission made up of a diverse and bipartisan group of experts similar to that of the FDIC. Now’s the time for lawmakers to act.”

Aggregate Key Findings

  • 58 percent of surveyed voters support establishing a bipartisan commission at the CFPB.
  • By a 3-1 margin, these voters prefer a bipartisan commission over a single director.
  • Only 14 percent of respondents said they believe the CFPB should be left the way it is now.
  • By a 4-1 margin, voters agree the CFPB should be structured as a commission like the Federal Deposit Insurance Corp. (FDIC).
  • More than half of voters believe a commission would help consumers and small businesses.
  • Three in five voters said a commission would make the CFPB fairer (63 percent), more representative (62 percent), more accountable (62 percent) and more transparent (60 percent).
  • 57 percent said the CFPB’s authority to supervise financial institutions, write rules and enforce penalties is too important to be controlled by a single director.
  • 59 percent also said a commission would better position the CFPB to help consumers over the long run.

Key Findings State-by-State

  • In Indiana, by a 4-1 margin, voters agree the CFPB should be structured as a commission like the Federal Deposit Insurance Corporation.
  • In Ohio, by a 3-1 margin, voters prefer a bipartisan commission over a single director.
  • In Maine, 63 percent of voters support establishing a bipartisan commission at the CFPB.
  • In Michigan, voters said a commission would make the CFPB fairer (62 percent), more representative (63 percent), more accountable (62 percent), and more transparent (60 percent).
  • In Missouri, voters said a commission would make the CFPB fairer (61 percent), more representative (61 percent), more accountable (62 percent), and more transparent (58 percent).
  • In Montana, 60 percent of voters support establishing a bipartisan commission at the CFPB.
  • In North Dakota, by a 4-1 margin, voters prefer a bipartisan commission over a sole director.
  • In West Virginia, three out of five voters believe a commission would help consumers and small businesses.



Closing Times Sink to Pre-TRID Days

The average time to close a loan is now shorter than it's been since 2015, according to the latest Origination Insight Report from Ellie Mae.

Pages from Ellie_Mae_OIR_MARCH2017The survey found that the average time now sits at the lowest level in two years, coming in at 43 days in March, down from 46 days in February. 

For refinances, the time to close dipped to 43 days from 47 days in February. The time to close a purchase dropped to 43 days, down from 45 days in February.

“The purchase market continued to heat up in March, representing 63 percent of total closed loans,” said Jonathan Corr, president and CEO of Ellie Mae. “We also saw the time to close shrink to the shortest duration since February of 2015 at 43 days across all closed loans, purchases and refinances, as Ellie Mae lenders automate more mortgage processes to improve efficiency, quality and compliance.”

In addition, home loans for purchases increased to 63 percent in March, up from 57 percent the month prior.

The Origination Insight Report uses data from a sampling of approximately 80 percent of all mortgage applications that were initiated on Ellie Mae’s loan origination system, Encompass.


ALTAprints Adds Training Materials and Door Hangers

To bring more value to members, ALTA has added training materials and door hangers that can be customized and printed from ALTAprints.

ALTA_Doorhangers_Page_5The door hangers work great for use with real estate agents and to help grow your For Sale By Owner (FSBO) market. The door hangers are available immediately.

Additionally, ALTAprints recently added training materials for use with staff, real estate agents, builders and lenders. These training worksheets help you walk through the benefits of title insurance, identify the jargon used by others in the real estate transaction and introduce more effective language to explain owner’s title insurance. The training materials are available in dry-erase format for an evergreen and interactive education experience. Title Insurance FAQs Worksheet-1

If you need help accessing these materials or want ideas on how to implement anything on ALTAprints, email Wayne Stanley, ALTA’s director of public affairs.

ALTAprints is ALTA’s online portal for its Homebuyer Outreach Program (HOP) where members can print, customize and download education materials. Please log in with your ALTA ID and password and agree to the Terms of Service to begin. Not an ALTA member? Click here or email membership@alta.org to get started today.



ALTA Members Get Creative Using HOP Material

More and more ALTA members are using material in the Homebuyer Outreach Program to educate consumers and others involved in the real estate transaction about the benefits of title insurance.

Through HOP, ALTA members have access to many resources to communicate with homebuyers, real estate agents and others about the benefits of owner’s title insurance.

Western Title HOP - 2-27-17In Nevada, Western Title Co. purchased an advertorial in its weekly business newspaper. The full-page advertorial titled “Home Buying Simplified” describes how Western Title implemented HOP to better inform consumers about the home-buying process, including the benefits of title insurance and escrow.

“Often in the past, Western Title marketed and spoke directly to real estate professionals,” said Sylvia Smith, Western Title’s president. “While we still advocate the use of these professionals, Western Title is trying to break down barriers and boundaries to speak directly with future homebuyers in new ways, and explain what we do in easy terms. This has been accomplished by our newest education tool, the HOP Program.”

Western Title provides HOP flyers to help explain why a buyer needs to protect their property rights and purchase an owner’s title insurance policy. The title company also makes daily posts on social media, including Facebook, Twitter, LinkedIn, Snapchat and Instagram to help explain title insurance.

“Since our renewed role on social media, we’ve had a large number of consumers call to ask more questions,” said Chad Felix, vice president of marketing and sales for Western Title. “We have also had Realtors tell us that their clients have mentioned seeing Western Title online and feel more inclined to use our services.”

In addition, Western Title holds bi-monthly seminars for prospective homebuyers.

“These seminars act as a lightening rod to inform the people and help them act with confidence,” Smith added. “By the end of the seminars, these future homebuyers will know what Western Title does, how it helps them and how they can protect their property rights.”

Meanwhile, Republic Title of Texas has used HOP marketing material in its corporate office.

“We have two large training rooms dedicated to providing education classes for our customers,” said Lindsey Carroll, vice president of marketing and communications for Republic Title of Texas. “We branded and blew up some of the ALTA pieces along with pictures of our employees for an impactful HOP-themed wall.”

ALTA HOP Wall - Republic Title

 ALTA members can modify and brand material with their company information at ALTAprints.com. Through the website, you can customize material and download PDFs for free or order prints that can be delivered directly to you. 

What’s available to print:

  1. Advertisements: These multi-purpose, customizable advertisements can be used as flyers in coffee shops, handouts at first-time homebuyer seminars and ads for your real estate clients.
  2. Marketing Flyers: Use these one-pagers as handouts at a housing conference or you can add them to your new Homebuyer Outreach Program consumer introduction packet.
  3. Rack Cards: ALTA’s rack cards are full of information about the benefits of title insurance in a handy, two-sided, half-sheet rack card. They are the perfect item for any real estate function.
  4. Posters: These advertisements are customizable to print and ship to your next housing seminar, staff training, legislator/regulator meeting or open house.

How have you used HOP material to educate others about the benefits of title insurance and promote your business? Share your story by sending comments, photos or video to communications@alta.org.


Technology Driving Change in Lender, Real Estate Business

Consumers’ mobile experiences with leaders such as Amazon are reshaping their expectations in all aspects of their lives. This includes financial and mortgage decisions as well.

According to survey results released in December by Fannie Mae, demand for and usage of mobile mortgage products has almost doubled over the past 12 months. The survey covered 1,200 low- to moderate-income homebuyers who bought homes in the last year and have a mortgage guaranteed by Fannie Mae.

“This is a startlingly large increase reflecting the pervasive and growing use of mobile technology among consumers at all income levels,” wrote Steve Deggendorf, director of market insights research for Fannie Mae. “Although this research focused on low- and moderate-income homebuyers, our prior research suggests the results would be even larger for mobile usage and interest among higher-income consumers.”

Fannie_mobile_surveyThe survey suggested that interest in mobile mortgage products will only increase among consumers in the coming year, particularly among first-time buyers and younger consumers with a college education. Fannie Mae’s Mortgage Lender Sentiment Survey, covering the third quarter of 2016, noted the growing number of lenders that were making mobile apps part of the process. Additionally, Deggendorf said there is significant opportunity to meet consumer demand beyond using mobile devices to research homes for sale.

“Though some lenders have begun building out the mobile experience for consumers, all lenders should evolve their online and mobile capabilities to address the rapidly changing consumer demand as well as the potential for competitive shifts,” Deggendorf wrote. “The potential for the competitive repositioning in the broader mortgage market value chain is high, maybe much higher than in many years, as next-generation technologies and providers focus on offering exciting mobile opportunities to improve the consumer experience through digitization and by removing inefficient manual processes.”

Regulators have taken notice in how consumers and industry have embraced mobile technology. In December, the Office of the Comptroller of the Currency (OCC) announced it will start granting limited-purpose bank charters to financial technology (fintech) companies. In a speech, Comptroller of the Currency Thomas Curry said “consumers want better, faster, more accessible products and services, and they are willing to switch providers or use multiple providers to get what they want. These consumers expect to be able to transact basic banking and financial business anywhere, anytime, from the palm of their hands.”

Fintech companies that obtain a limited-purpose bank charter will still have to comply with several regulatory requirements, including the Bank Secrecy Act and other anti-money-laundering provisions, as well as relevant consumer protection laws.

Concerns about usurping state regulation were quickly expressed by the New York State Department of Financial Services. In a statement, the department’s superintendent said her state would not allow consumer protections to fall into the void and opposed “any effort to federalize what states have been doing for over a century.”

“Any reliance on a federal fintech regulatory framework, such as the proposal contemplated by the OCC, would be irresponsible if it were to ignore the states’ historical role and longstanding expertise in this arena,” Maria Vullo said. “History has demonstrated that states, not the federal government, have the requisite knowledge and experience to effectively regulate nondepository financial service providers and guard against predatory and abusive practices.

Real Estate

In the real estate space, executives at Redfin have asserted that technology will play a role in speeding up the homebuying and selling processes as well. According to a report from the online real estate brokerage, the next generation of real estate technology will see innovation shift from online listings to hardware and real-world services that increase the efficiency of real estate transactions.

“More and more there are buyers who are comfortable with an online offer process that makes it easier and faster to close a deal,” said Karen Krupsaw, senior vice president of real estate operations at Redfin. “There’s a new mindset that the home purchase isn’t the once or twice in a lifetime move it once was and the wide acceptance of technology makes online offer writing a reasonable and often preferred approach for buyers. People see it as more of a transaction. They want to get it done efficiently and move on.”

As an example, Caliber Home Loans recently launched a digital mortgage process that allegedly can close a loan in 10 days or less. Called the “Ultimate Homebuying Experience,” the company said the program takes nearly all of the mortgage process online, using various technological advancements to automate the process, from application all the way through closing.

Opendoor, another company with an online focus, plans to expand beyond the two markets where it’s currently available thanks to a round of funding that reportedly values the company above $1 billion.

The company, which launched in 2014, is an online marketplace that buys homes direct from homeowners and currently operates in Phoenix and Dallas-Fort Worth. With this model, a homeowner seeking to sell a home can go to Opendoor, enter details about the property and get a near-instant price quote. If the seller accepts, Opendoor then allows the seller to close on the sale when they’re ready, rather than on the timeline of the eventual buyer.

According to details provided by the company, it is currently handling $60 million in home volume each month and has served more 4,000 homeowners since it launched. The company said that it will use the $210 million in funding it has received to expand market share in flagship markets and to extend its service to 10 cities in 2017.

Despite more consumers flocking to websites to get help with the homebuying process, usage of real estate agents continues to grow, according to the 2016 homebuyer profile from the National Association of Realtors (NAR). The report showed that while 44 percent of recent buyers started the search process online, 88 percent purchased their home through a real estate agent. This percentage has grown steadily from 69 percent in 2001.

Jeremy Wacksman, chief marketing officer at Zillow, sees technology shifting the role of real estate agent from an information negotiator to a local market expert and service provider. Title companies also will need to adapt to the changing needs of their clients and consumers.

“Before, you spent a lot of time doing information gathering, and collecting, and response,” he said. “The Internet really opened the doors. Agents are freed up to help get the deals done. But now they have to be agent, negotiator, price setter and a community resource.”


5 Things to Know About ALTA’s Best Practices Maturity Model

ALTA’s Best Practices Maturity Model introduces an alternative method of reporting the results of your company’s Best Practices assessment. But what are the most important things to know about this new tool? Check out the graphic below to learn more!

5 Things - web


The public comment period for the Maturity Model ended July 29. Comments will be considered before the Maturity Model is finalized and becomes effective Oct. 7.

To learn more about the Maturity Model, register for ALTA's Annual Convention. The session titled "The Ins and Outs of ALTA's Best Practices Maturity Model" will discuss how your company can use it to elevate its procedures to meet the Best Practices.



New SOC 1 Standard Goes Into Effect May 1

When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard.

During the Spring of 2016, the AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE 18 standard, “Concepts common to all Attestation Engagements.” This new standard replaces SSAE 16 for SOC 1 engagements and goes into effect for reports dated after May 1, 2017.

It is important to note that the SSAE 16 standard was specific to service organizations and the SSAE 18 is for all attestation engagements. This means that we can no longer refer to SOC 1 as an SSAE 16 examination and it will not be replaced by the term SSAE 18 examination. Instead, it will simply be referred to as the SOC 1.

Despite the potential for confusion related to the naming of the examinations and reports, the actual changes to what a service organization has to do to prepare for an examination is not extensive. Here are four changes that come with SSAE 18 that affect the SOC 1 examination.

Vendor Management

The most significant change in the requirements that has to be met by a service organization is ensuring that its vendor management program for subservice providers is significantly robust.  SSAE 18 is requiring that service organizations implement processes that monitor the controls at subservice organizations. SSAE 18 provides the following control suggestions:

  • Review and reconcile output reports.
  • Hold periodic discussions with the subservice organization.
  • Make regular site visits to the subservice organization.
  • Test controls at the subservice organization by members of the service organization’s internal audit function.
  • Review Type I or Type II reports on the subservice organization’s system.
  • Monitor external communications, such as customer complaints relevant to the services by the subservice organization.

Risk Assessment

Another change in what will be required by SSAE 18 will be in the area of more specific requirements as opposed to the existing general considerations of risk via a risk assessment.  SSAE 18 requires service auditors to obtain a more in-depth understanding of the development of the subject matter than currently required, in order to better identify the risks of material misstatement in an examination engagement. This, in turn, should lead to an improved linkage between assessed risks and the nature, timing, and extent of attestation procedures performed in response to those risks.

Complementary Subservice Organization Controls

SSAE 16 required that service organizations provide a listing of controls that should be performed by user organizations.

In order to recognize that more organizations are outsourcing key functions to their own set of subservice organizations, SSAE 18 introduces the concept of “Complementary Subservice Organization” controls. This concept establishes and defines the controls for which user entities must now assume in the design of the system description. Another key factor related to these complementary controls is that they are necessary for the achievement of control objectives in the report. SSAE 18 provides more guidance around this area, and will hopefully lead to more consistent reporting across entities and practitioners.

Written Assertion Requirement

The final change to the SOC 1 is the requirement, per SSAE 18, that the service auditor obtains a written assertion. This written assertion is the statement found within the SOC report wherein the service organization asserts that the system description provided is essentially true and complete. This statement has always been contained within the SOC 1 reporting document but the requirement that the service organization signs the document was optional. In practice, the majority of service organizations have already been signing this document, as a way to strengthen the credibility of the report. Accordingly, there will not be significant changes to what either the service auditor or service organization will have to do to meet this requirement.

It is important for you to understand these changes and how it will impact your organization before the standard goes into effect in May 2017.

Sue Wells is a senior manager at A-LIGN and has performed over 200 SOC reviews. She can be reached at sue.wells@a-lign.com


How to Market Your Title Company Like Beer


What in the world does beer have to do with title insurance?

In the early 1940s, Schlitz beer company was one of the least popular beers in the country. So they brought in a legendary marketer, Claude Hopkins, to tour the factory and create a new advertising campaign for them.

Schlitz showed him how they had dug their own wells to get the cleanest water, even though most other brewers used water from Lake Michigan at the time.

They showed him the cooling rooms with filtered air and how they sterilized the bottles not once, not twice, but four times before filling them with beer.

At the end of the tour, he asked why Schlitz wasn’t telling people about all of the ways they make quality beer in their marketing. Their reply was simple: Every brewery makes beer the same way. Hopkins’ predicted that the first brewery to tell people about it would gain a huge advantage over other companies. 

Within a year Schlitz was No. 1 in the country and remained first or second until the 1970s.

With all of the new regulations, the same is true in the title business. Just because everyone has to be compliant doesn’t mean they are using it to effectively market their services.

  1. Best Practices Certified alone isn’t enough: Is your website secure? Do you backup your data offsite? Do you have a clean desk policy? If so, don’t just tell your customers and prospects that you are “ALTA Best Practices Certified.” It’s likely they don’t know what that means. Instead, show them and explain to them why you take extra precautions with their data. For example, you might instead say, "with all of the cyber fraud today, we take extra precautions to safeguard your information," and then list the ways you've implemented best practices.
  2. Mobile website: 86 percent of Facebook's traffic and 55 percent of Google searches now come from mobile devices. Google even penalizes company websites that do not re-format properly on mobile phones by bumping them to the bottom of the search rankings. According to Moz, Google is expected to give even more priority to mobile friendly websites in 2017.
  3. Video rules: YouTube is the second largest search engine for a reason. Video is easier and more enjoyable to consume than text. In fact, 78 percent of people watch web videos at least once per week. Use video on your website to rank higher in search and in social media to explain topics like TRID or Closing Disclosures.
  4. Directory sites: Third-party sites like Yelp, Google Places and Zillow not only often rank higher than your website, they also already have their own traffic, mobile apps and star ratings. Having a listing and a few reviews on these sites makes your brand easier to find and gives you more opportunities for people to do business with you.
  5. Utilize Facebook: Facebook is one of the world's most active websites, and has over 1.7 billion active users, according to CNN. Instead of posting about recent closings, offer to take a picture of your clients at the closing table with their camera phone and then ask them to tag your company in any posts related to their home purchase. Since a home purchase is an emotional post, it is likely to stay active for multiple days—giving you organic exposure and free marketing to all of their In addition, use Facebook's advertising platform to promote your page, website, and events you might be hosting. Their ad platform even lets you target very specific demographics such as "millennials who are in the market to purchase a home within 20 miles of your office that also make over $75,000 a year" for example.
  6. Stay Top-of-Mind: Have you ever found a product on Amazon or a car on a dealership's website, only to see that product or car advertised in your Facebook news feed or on some other website? This is remarketing (also called retargeting). It is a very effective yet underutilized way for you to stay top of mind among real estate agents, lenders, buyers and sellers because you are only advertising to people who are familiar with you and most likely to use your services.

Eliot Dill is co-founder of Title Tap, which provides turn-key websites and marketing tools for title agents and real estate attorneys. To learn more ways on how to effectively market your company, visit www.titletap.com/articles


How the Title Industry Can Manage Cybersecurity Risk

By Dan Schroeder and Adam Klein

Not so long ago, cybersecurity was something title agents and underwriters considered the domain of the big banks and other high-profile financial institutions. Today, the mortgage and settlement services industry—like virtually every other industry—is clearly under attack.

Phishing scams targeting homebuyers have become so commonplace that the Federal Trade Commission (FTC) issued a warning earlier this year. Ransomware, which locks up the computer systems necessary to execute the time-sensitive mortgage transactions, are causing damage to title agents’ reputations—not to mention the reputations of the other entities involved in the transaction.

Perhaps most devastating for members of the title industry is wire transfer fraud. In the case of one California escrow firm, a series of fraudulent wire transfers to the tune of $1.1 million brought about the downfall of the company. Even if a title agent or escrow firm manages to survive such a cyber attack, the company is almost certain to be considered toxic by underwriters who would have to make those losses whole.

Mortgage lenders increasingly are being scrutinized for their vendor management practices, and they demand assurance from their title agents about how they are protecting the non-public personal information (NPI) that they store or access.

As a result of these emerging cyber risks, title agents have simple questions that demand simple, straightforward answers:

  • How do we protect our business from cyber threats?
  • What do we need to do to comply with financial industry regulations?
  • How do we maintain our banking and underwriting relationships by providing the information these stakeholders need?

What About ALTA Best Practices Compliance?

ALTA Best Practices Pillar 3 calls for a comprehensive written privacy and security risk management program, as do federal and state laws such as the FTC’s Privacy and Safeguards Rules.

But what exactly does such a risk management program look like and entail? Pillar 3 says that “the program must be appropriate to the Company’s size and complexity, the nature and scope of Company’s activities, and the sensitivity of the customer information Company handles.” In addition, the program should evolve as the company’s circumstances do.

So how does an organization—especially a company the size of the thousands of small title agencies—go about designing this “appropriate security risk management program?”

A Roadmap to Cyber-Risk Management

The good news is that cyber risk management does not have to be complex—and, in fact, there is a roadmap for addressing it. This roadmap consists of the following critical tenets:

  1. Identify Digital Assets

Effective cyber risk managementbegins with understanding the relative value of the information that your business holds, and the business impact if those digital assets were compromised.

For title agents, those high-value digital assets are commonly regarded as:

  • NPI on homebuyers and sellers
  • banking credentials that provide access to escrow funds
  • access to the company’s network and applications that can be prevented through ransomware

Compromise of any of these (or other) digital assets can cause significant financial, reputational and operational damage to the title agent, the escrow insurance company, the mortgage lender and the borrower.

  1. Understand the Threats andResultant Risks

Once we understand what we are protecting (i.e., digital assets), we can assess the real threats and risks to those assets.

For example, some of the threats to the digital assets described above include wire transfer fraud and phishing scams. The inherent risks might include loss of escrow funds, being found in breach of a bank contract and potential class action lawsuits brought by individuals whose information was compromised.

Any assessment of threats and risks must be done within the context of the title agent’s business model and industry. A model has been adopted by the financial industry to “help institutions identify their risks and determine their cybersecurity preparedness,” which can be tailored for the title industry. In 2015, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool (CAT), which consists of two parts:

  • The Inherent Risk Profile helps management determine their exposure across a number of risk categories (for example, delivery channels and external threats) due to the organization’s specific activities, services and products.
  • The Cybersecurity Maturity portion is designed to help management measure the institution’s level of cybersecurity preparedness, with levels ranging from baseline to innovative, within five domains (for example, cyber risk management and oversight, and cybersecurity controls).

The CAT model was designed to be specific to banks and is not a “plug-and-play” tool. However, using their discretion and their understanding of threats and risks to their business, title agents can use this model as a general guide to determine their inherent risk profile. That inherent risk profile, in turn, points to the type of risk management that is appropriate for the title agent and its banking and underwriting partners.


  1. Develop and Implement Appropriate Security Program

As you can see in the chart above, the minimum bar that organizations of any inherent risk level should be prepared to demonstrate is the level of “evolving” controls. Some examples of these controls include a formal cybersecurity program that is based on technology and security industry standards or benchmarks; incorporation of cyber risk identification, measurement, mitigation, monitoring and reporting into that program; and an annual review of the program by an appropriate board committee.

If the nature of the threats and risks demand more stringent controls, title agents can use the CAT as a roadmap to determine the steps required to improve their organization’s cybersecurity maturity and reduce its inherent risk profile.

  1. Ongoing Monitoring and Reporting

The final piece of this security program involves regular monitoring and reporting to drive improvement and provide the peace of mind that title agents are doing the right things to protect their valuable information and systems.

The risk-management approach outlined in this article can be leveraged to strengthen and enhance the ALTA best practices certification program, as well as other forms of assurance reporting, such as the AICPA’s SOC 2 reporting protocol.

Fulfill Banking Requirements, Protect the Business

Following the above roadmap and leveraging the FFIEC CAT, title agencies and their stakeholders are equipped to realistically assess the threats to their funds and NPI and appropriately manage those risks. Not only does this approach fulfill the intent behind Pillar 3, but it also meets or exceeds stringent banking vendor management requirements. nDan Schroeder is partner-in-charge of information risk management and assurance services, and Adam Klein is client relationship executive with HA&W, which is a CPA firm providing services to the title industry.

Dan Schroeder is partner-in-charge of information risk management and assurance services, and Adam Klein is client relationship executive with HA&W, which is a CPA firm providing services to the title industry.


Alert: Watch for Fake Dropbox Emails Sharing ‘Closing Disclosure’

Fake Dropbox emails are circulating once again urging recipients to sign in to access and view documents.

Prior to implementation of the TILA-RESPA Integrated Disclosures (TRID) rule, the fraudulent emails were infected with a file called “final HUD-1.”

In this scam, the email says that “You have a new document sent to you ‘Closing Disclosure.pdf”

If you hover over the embedded icon, a Russian URL appears. These phishing attacks are another example of social engineering that easily fools people into sharing login details that open the door to private information. Dropbox is vulnerable to these common attacks as it was not originally designed with enterprise security in mind.

Tips to guard against phishing scams such as this one:

  • Be wary of emails that ask you to view or download files from people you do not know.
  • Also be cautions of emails that ask you to view files on services that you do not subcribe to.
  • Hover your mouse over the URL of links contained in emails to check their destination address. Don’t click suspicious links. To log into a service like Dropbox, open a new web brower and type in the URL manually.
  • Be wary of services that ask you to provide log-in credentials for a number of different email providers. This is a trick scammers use to a widen their phishing net, allowing them to steal details from users.
  • Dropbox has its own webpage that educates readers on how to avoid phishing and malware scams.

You can prevent your business from receiving phishing scams by using cloud-based email-filtering and web-filtering software, which intercepts these emails before getting into your inbox.

ALTA title professionals should be vigilant when receiving and responding to email. To protect yourself, do not open attachments or click links included in suspicious email. You should also not respond or even “unsubscribe” to messages that seem suspicious. Report suspicious email to the Federal Bureau of Investigation Internet Crime Complaint Center.

Here’s a sample of the latest Dropbox email scam:

DropBox Scam (2)