Questions About TRID?

Have questions or issues about TRID that you need answered? Send an email to tridhelp@alta.org. ALTA will address common questions/issues here on its blog

02/02/2016

Title Agent Snuffs Out Fraudulent Email Attempting to Obtain Funds   

A title agent’s diligence in Washington successfully prevented a fraudulent email request for the company to send a wire transfer.

Maureen Pfaff, general manager and chief financial officer for Olympic Peninsula Title Co., recently received a random email requesting the company wire nearly $11,000 to a TD Bank in Florida.

Pfaff said she knew immediately the email was fraudulent because the message came from her father, who wouldn’t make a request like this via email.

“Additionally, the formality of the email and signing it the way they did was a dead giveaway,” Pfaff said.

Realizing it was a scam, Pfaff strung the criminal along, eventually sending something encrypted so she could get an IP address to include in the complaint filed with the FBI. Pfaff created a fake wire transfer notification in an encrypted email, which generated a report when opened.

Pfaff said this was the third fraud attempt the company has experienced in the past six months.

“They’ve all been different strategies,” she added.

Title professionals who receive these types of emails should report the incident to the FBI’s Internet Crime Complaint Center, which is used to track trends in criminal activity.

Below are some of the emails between Pfaff and the fraudster (click to enlarge the image):

  Emails-1 Emails-3

Emails-5 Emails-7

Emails-8

 

 

 

 

 

 

 

Criminals use various tricks to obtain information and money. Here are several other schemes title professionals should be aware of that are being used by criminals:

  • Social engineering: This is the practice of manipulating users into performing certain actions that will provide the attacker privileged information.
    • Example: WHMCS is a firm that makes online billing and invoicing software that tie into a company's client data and financial backend. One of their database administrators loved social media. Now, he wasn’t putting passwords out there or detailed data about company. But a hacking group used his social media profiles to create a document on him that included everything from his kids’ names and his anniversary to his hobbies and interests outside of work. The hacking group called WHMCS, impersonating the guy, to supposedly reset a forgotten password. When the rep asked the standard security questions, they knew so much about this guy that they knew all the answers. So the company reset the password, the hacking group was in, and they proceeded to download 1.1 gigabytes of credit card numbers and erased all of their databases.

  • Spearfishing: This an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the email messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source.
    • Example: The perpetrator finds a web page for their target organization that supplies contact information for the company. Using available details to make the message seem authentic, the perpetrator drafts an email to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming.  If a single employee falls for the spear phisher's ploy, the attacker can masquerade as that individual and use social engineering techniques to gain further access to sensitive data.

  • Whaling: This is a phishing scheme that targets upper management and their access to sensitive information. A successful attack can yield executive passwords and other account details that can open up corporate hard drives, networks and even bank accounts.
    • Example: In 2008, 20,000 CEOs were sent an email masqueraded as a federal subpoena. The official-looking email instructed CEOs to click a link to download special software with which to view the subpoena. About 2,000 CEOs responded unwittingly downloaded a key logger that captured passwords and other sensitive data and sent it back to the phishers. Armed with access, the phishers launched further attacks against those companies.

  • Microphishing: In this scheme, targeted emails are crafted and sent to employees.
    • Example: The hackers will learn someone’s tendencies and copy them in emails. For instance, someone may constantly invert two letters when typing, use a nickname in emails, use Esquire or have an image of their signature. This is a common target for wire transfers. Staff at title companies should be aware of fictitious email that may come from a lender directing transfer of funds to an incorrect account.

FTC Develops New Tools for ID Theft Victims, Provides Tips for Businesses to Protect Data

Identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s IdentityTheft.gov website.

The new website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to file a complaint with the FTC and then get a personalized guide to recovery that helps streamline many of the steps involved.

In addition to IdentityTheft.gov and the new personal recovery plan features, the FTC also provides educational materials for businesses with information on how to prevent identity theft and remain vigilant for other scams.

In 2015, the FTC received over 490,000 consumer complaints about identity theft, representing a 47 percent increase over the prior year, and the Department of Justice estimates that 17.6 million Americans were victims of identity theft in 2014.

What can businesses do to help?

  • Tell employees about IdentityTheft.gov. Perhaps send a company-wide email with the short video below about the site. You might also want to consider naming a trusted 
  • Publicize IdentityTheft.gov to your customers. Many businesses have a protocol in place for working with consumers who call about unauthorized charges or unapproved accounts. Consider adding the simple step of mentioning IdentityTheft.gov. Your business can be part of the solution, and change a distraught consumer into a loyal customer.
  • Talk about identity theft prevention and recovery in your community. Everyone knows someone who has been the victim of ID theft. That’s why identity theft prevention and recovery can be a perfect pet project for your industry association or community group.

The third pillar of ALTA’s Title Insurance and Settlement Company Best Practices addresses policies and procedures for an appropriate information security program.

To learn more, register for ALTA’s Feb. 11 compliance webinar “Protecting Sensitive Customer Information: The Basics of Gramm-Leach-Bliley,” The Gramm-Leach-Bliley Act provides the basic legal framework governing title and settlement companies’ duty to protect their customers’ non-public personal information (NPI).

Stewart Executives Ring NYSE Opening Bell on January 29

Several executives from Stewart Information Services including Matt Morris, chief executive officer, rang the opening bell on Jan. 29 for the New York Stock Exchange.

“We are honored to have had the opportunity to ring the iconic opening bell,” Morris said. “It was a great occasion for us to kick off 2016. This will be a year of continued momentum and growth, as well as a year of transformation with our recent governance changes. We will center our business on our customers and real estate partners to drive trusted real estate services delivered by our amazing associates who make it possible.”

Joining Morris on the podium were Thomas Apel, Stewart’s chairman of the board; Allen Berryman, chief financial officer; John Killea, chief legal officer; Ted C. Jones, chief economist; Nat Otis, director of investor relations; and Jennie Craig, vice president marketing programs and media relations.

Morris opened trading with the ringing of the bell at the 4:25 mark of the following video:

 

01/22/2016

Compliance Webinar: What You Need to Know About Gramm-Leach-Bliley


Having trouble viewing this? Go to alta.org for a better viewing experience.

Register and Learn About the Liability of
Protecting Sensitive Customer Information

Passed in 1999, the Gramm-Leach-Bliley Act provides the basic legal framework governing title and settlement companies' duty to protect their customers' non-public personal information (NPI).

With the increase in data breaches and reports of identity theft, regulators are focused more than ever on the processes companies take to safeguard NPI. To help you understand when it's legal to share customer information with or without their explicit permission, register for ALTA's "Protecting Sensitive Customer Information: The Basics of Gramm-Leach-Bliley." The webinar will be held from 1:00-2:00 p.m. ET, Thursday, Feb. 11.

The webinar will:

  • provide an overview of the core requirements of the law
  • address the latest government and regulatory actions regarding customer data
  • review recent court cases and liability for protecting NPI
  • help you understand whether you should share customer information
  • highlight ways NPI should be shared

The featured presenter will be Richard Andreano, a partner of the law firm Ballard Spahr. Andreano, the practice leader of Ballard Spahr's mortgage banking group, has devoted more than 25 years of practice to financial services, mortgage banking and consumer finance law.

Cost is $100 for ALTA members and $250 for non-members.
Register today!

Webinar sponsorship still available! Contact Claire Mitchell for more information.

01/15/2016

ALTA CEO Talks with NPR About FinCEN Order for Title Insurers to Provide Info About Suspicious All-cash Deals in Miami, Manhattan

The Financial Crimes Enforcement Network (FinCEN) has issued Geographic Targeting Orders requiring several title insurance underwriters to identify the names of individuals involved in shell companies and other legal entities that make all-cash purchases for high-end residential real estate in Manhattan, N.Y., and Miami-Dade County, Fla.

FinCEN is concerned that all-cash transactions in these areas are being used by individuals to hide their assets and identity by purchasing residential properties through limited liability companies or other opaque structures. To help mitigate this potential money-laundering vulnerability, FinCEN will require certain underwriters to identify and report the true “beneficial owner” behind a legal entity involved in certain high-end deals in these two areas. The reporting requirement also pertains to the underwriters’ subsidiaries and agents.

NPR interviewed ALTA CEO Michelle Korsmo about the order. Below is audio of NPR's article, which includes a portion of the interview with Korsmo. She can be heard at the 2:17 mark.

Transaction Requirements to File Report with FinCEN

Any underwriters that received the order must file a currency transaction report with FinCEN if these things occur:

  • Location (deal occurs in Manhattan or Miami-Dade County)
  • All-cash deal (no financing)
  • Purchase price in Manhattan is $3 million or more and purchase price in Miami-Dade County is above $1 million
  • There’s a corporate buyer
  • Purchase price paid via monetary instrument

The report must include:

  • Information about the identity of the individual primarily responsible for representing the buyer. The title company must obtain a record of the individual’s driver’s license, passport of other similar identification
  • Date of closing of the covered transaction
  • Total amount transferred in the form of a monetary instrument
  • Total purchase price of the covered transaction
  • Address of real property involved

If the purchase involved in the covered transaction is a limited liability company, the underwriter must provide the name, address and taxpayer identification number of all its members.

Additionally, covered title companies must retain all records relating to compliance with the order for five years, store the records so they are accessible with a reasonable period of time and make the data available to FinCEN or other law enforcement or regulatory agency, upon request.

The term of this order expires in 180 days, but FinCEN may indefinitely renew the order for another six months and for additional areas.

FinCEN said title insurance companies play a central role in real estate transactions and can provide valuable information about potential illegal activities.

“FinCEN appreciates the assistance and cooperation of the title insurance companies and the American Land Title Association in protecting the real estate markets from abuse by illicit actors,” FinCEN said in a release.

ALTA is actively assisting our members to comply with these reporting requirements. Korsmo said "ALTA looks forward to continuing its work with FinCEN as members implement the order to help prevent money laundering schemes and the illegal purchase of real estate in the United States. As the independent third-party at the closing table, ALTA members work to safeguard the real estate transaction for millions of Americans every year. Our work with FinCEN underscores ALTA members’ commitment to providing a compliant real estate settlement experience.”

ALTA has already submitted a letter to FinCEN’s director asking for several clarifications to promote consistency in reporting and help the industry better understand which transactions are covered by the order.

 

ALTA Seeks Clarification of Orders from FinCEN

ALTA proposes FinCEN adopt RESPA’s definition for “residential.” Industry familiarity with definitions and regulatory scheme provided by RESPA will help title companies identify transactions covered by the order.

ALTA recommends that the definition of “Legal Entity” exclude trusts. The order defines the term “Legal Entity” as a corporation, limited liability company, partnership or other similar business entity.” According to the letter, ALTA said that unlike a corporation, a trust is not considered a separate legal entity under the common law of various states. Adopting this recommendation will provide a definition consistent with those used by the industry for purposes of determining how to effectively transfer title.

ALTA also suggests that the definition of “agents” refer only to people or entities with a contractual relationship with the covered title company. State insurance laws require insurers to appoint agents via a specific written contract or authorization. This will help the insurers consistently determine which business partners they must educate and supervise to comply with the order.

“We urge FinCEN to use a reasonable and good-faith test for determining insurers’ compliance with this order,” ALTA wrote in its letter. “We believe the clarifications requested and joint education with the insurer and FinCEN, should ensure that all covered transactions that the insurer is aware of will be reported; however, even with the best efforts of title insurers, there may be transactions of which the insurer is not made aware.”

To aid compliance, title professionals are encouraged to have a better understanding of the types of customers they do business with. Real estate agents and attorneys should be resources to help gather information about corporate entities purchasing real estate.

 

01/12/2016

FTC Consent Order Highlights Importance of Proper Email Encryption Standards

The Federal Trade Commission (FTC) recently issued a consent order against Henry Schein Practice Solutions, Inc. (Schein), a software provider for dental practices, for allegedly marketing its software using deceptive assertions. The FTC fined Schein $250,000 for alleged false marketing advertisements related to the level of encryption the company provided to protect patient health data.

Schein advertised that its software provided industry-standard encryption methods to protect sensitive patient information as required by the Health Insurance Portability and Accountability Act (HIPPA). However, the FTC alleged that Schein was aware that its software did not comport to the Advanced Encryption Standard, which the National Institute of Standards and Technology (NIST) recognizes as the industry standard that meets the regulatory data encryption obligations under HIPPA. By failing to meet the encryption standards identified by the NIST, Schein was found to have misled patients about the level of protection its software provided.

The significant fine the FTC assessed for Schein’s deceptive marketing correlates with the type of data Schein was encrypting. “Strong encryption is critical for companies dealing with sensitive health information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “If a company promises strong encryption, it should deliver it.”

The primary lesson that title insurance and settlement companies should take from this consent order is the importance of clearly and accurately identifying encryption methods. When marketing software qualifications or security, it is better to be specific about what the software is capable of doing instead of using puffery or broad statements. Implying that the services meet certain regulatory standards may be seen as deceptive, as Schein’s advertising was found by the FTC in this case.

ALTA’s Title Insurance and Settlement Company Best Practices require that title insurance and settlement companies encrypt electronically transmitted non-public personal information. The ALTA Best Practices also require companies to provide a copy of their privacy policy to customers and to alert customers if a security breach occurs as required by law. Click here for more information about the Best Practices and their encryption requirements.

01/07/2016

TRID Q&A: How to Handle Walkthrough Changes

Question: How do we address issues that come up during a walkthrough? For example, if the water heater is leaking and the parties want to escrow $1,000 for it to be repaired. Does the Closing Disclosure have to be revised and does the lender need to redisclose?

Answer: Prior to the consummation or closing, the Closing Disclosure should be updated with the best information reasonably available to the lender. If any issues arise from a walkthrough that require a monetary adjustment, the Closing Disclosure should be updated to reflect this adjustment prior to closing.

Although the walkthrough may necessitate a revised copy of the Closing Disclosure, the changes may not necessitate an additional three-day waiting period between delivery of the Closing Disclosure and closing. There are only three circumstances (§ 1026.19(f)(ii)) that trigger a new three-day waiting period:

  1. when the disclosed annual percentage rate becomes inaccurate
  2. when the loan product is change
  3. when a prepayment penalty is added.

This is why it is important to work with real estate partners to ensure those adjustments are sent to the lender and settlement agent as soon as possible after they come to light. While the change may not trigger a new three-day period, lenders may require a few hours to approve the change, determine its impact on the APR and update the disclosures.

01/05/2016

How to Use ALTA’s Homebuyer Guide: Rack Cards

ALTA created the Homebuyer Guide to help members easily communicate the benefit of owner’s title insurance. The Homebuyer Guide includes more than 60 marketing resources available for direct-to-consumer communication. These materials are available to members.

In this post, we focus on how you can use the various rack cards that are available. What is a rack card? These documents are used for advertising, frequently in convenience stores, hotels, restaurants, rest areas and other locations that get significant foot traffic. Rack cards typically have an appealing graphic design and are 4-by-9 inches in size.

ALTA has created three rack cards available to members to provide to consumers and real estate partners. Click here to view all the material available in the Homebuyer Guide.

The FAQs of Title Insurance for Homebuyers

How to Use: This rack card can be displayed in the closing office or real estate office, or be hand delivered when meeting with homebuyers. Below is the top of the front of this card:

Rack_Card_Homebuyers-1

 

10 Steps to Buy Your Home with Confidence

How to Use: Real estate agents can use “The Homebuyer Checklist: 10 Steps to Buy Your Home with Confidence” PowerPoint in conjunction with this rack card. It can also be displayed in the real estate office. An example of the to half of the back of this rack card is below:

Rack_Card_Realtors-2

 

You Sweat the Small Stuff

How to Use: Pin this to the company fridge, share it with a fellow title professional or use it as a guide for remembering the top three things you give homebuyers. Below is what the top of this marketing piece looks like:

Sweat_small_stuff

12/17/2015

TRID Myth Busters: What You Need to Know When Sharing Closing Documents

The implementation of the CFPB’s Know Before You Owe regulation has brought up a number of questions regarding who is permitted to receive copies of closing documents, including the Closing Disclosure and alternate settlement statements, such as the ALTA Settlement Statements. It is important to note that the Know Before You Owe regulation did not implement any changes on data privacy; however, ALTA encourages title insurance and settlement companies to take this opportunity to review your company’s privacy policies to ensure they match your data-sharing practices.

Refresher on Governing Law

The Gramm-Leach-Bliley Act (GLBA) was passed in 1999 and remains the predominant authority on how to protect data. GLBA requires financial institutions, including title insurance companies and agents, to disclose their data-sharing practices to their customers and to safeguard private and sensitive customer information. To meet these new requirements, GLBA imposed three basic obligations:

  1. a privacy notice requirement
  2. a requirement that all consumers be provided the opportunity to opt-out of certain information disclosures
  3. a requirement that measures be instituted to maintain the "security and integrity" of all nonpublic information.

The GLBA tasked the Federal Trade Commission (FTC) and other government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The CFPB is not included in the list of government agencies that regulate data privacy, and thus the implementation of the Know Before You Owe regulation did not affect the longstanding data-security requirements that title insurance companies and agents have been subject to.

Npi_doc

With the implementation of GLBA, the FTC released guidance regarding the type of information companies should be safeguarding. The FTC is responsible for enforcing its Privacy of Consumer Financial Information Rule, which protects a consumer's "nonpublic personal information" (NPI). NPI is any "personally identifiable financial information" that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise "publicly available. The Privacy Rule applies to ALTA members that provide real estate settlement services.

ALTA members should note that the FTC considers NPI to be any information obtained about an individual from a transaction involving a company’s services. This could include a person’s name, address, income, Social Security number or other information on an application. This also includes any information from court records or from a consumer report. The FTC said NPI does not include information that is believed to be lawfully made "publicly available." In other words, information is not NPI when steps have been taken to determine: (1) that the information is generally made lawfully available to the public; and (2) that the individual can direct that it not be made public and has not done so.

Applying Standards to Today’s Real Estate Transactions

The implementation of the CFPB’s Know Before You Owe regulation has required lenders, real estate settlement agents, and title insurance professionals to radically change the way they conduct business. The new regulation’s disclosure requirements have also generated a greater need to use additional settlement statements, such as ALTA’s model Settlement Statements, to ensure that settlement agents can continue to meet their state disclosure requirements. With the use of these new forms comes the question, “Who is allowed to receive a copy of the Closing Disclosure and settlement statement?”

The basic answer is that the Know Before You Owe regulation does not address who may or may not receive a copy of closing documents. Many lenders, however, are refusing to share a copy of the Closing Disclosure with real estate agents or other third parties. Additionally, some lenders are including provisions within their closing instructions that prohibit settlement agents from sharing the Closing Disclosure with third parties. These lenders are stating that the consumer may provide a copy of Closing Disclosure to real estate agents if he or she chooses.

A concern remains about how to get necessary information about the transaction to outside parties, including real estate agents, who need certain information to document their involvement in the transaction. One of the primary reasons real estate agents are interested in receiving the Closing Disclosure is because they have to report certain data fields to MLS to close the listing. These requirements vary by state, and there is not a uniform set of data fields that will satisfy MLS. Reporting these data fields is a requirement for participating in the MLS system, so it is crucial that real estate agent receive this information.

What Now?

Settlement agents and title insurance professionals should contemplate the requirements and limitations of their privacy policies and contemplate whether any of these policies need to be revisited. The GLBA continues to set a strong standard for protecting NPI, despite going into effect 16 years ago. The ALTA Title Insurance and Settlement Company Best Practices reiterate the importance of privacy policies and include guidelines for companies to protect against data theft to help meet GLBA requirements. Pillar 3 of the ALTA Best Practices provides procedures on physical and network security of NPI, how to properly dispose of NPI, developing a disaster management plan, employee training to ensure compliance, and oversight of service providers.

When revisiting your privacy policies, consider the following questions:

  • Why did you initially implement this policy?
  • What was your rationale in implementing this policy? Does that rational still apply?
  • Does this policy continue to provide adequate protection to sensitive data in today’s marketplace?
  • What information do you need to share with your real estate partners?
  • How are you sharing this information?

After re-examining your privacy policies, you should compare these policies with your company’s data-sharing practices to ensure that you are only sharing information in conformity with your policies.

If your lender prohibits you from sharing the Closing Disclosure with third parties, you may consider using an alternative settlement statement, such as ALTA’s Settlement Statements, to document the transaction. The ALTA Settlement Statements were designed to be model forms based on the settlement statements that have been in use prior to the implementation of Know Before You Owe. These statements may be modified as appropriate to reflect the terms of the transaction and to prevent any disclosure of the buyer’s or seller’s NPI. Four versions of the ALTA Settlement Statement are available: the buyer statement, the seller statement, the combined statement, and a statement for cash transactions.

Lastly, if you plan on sharing a closing document, such as a settlement statement, to a third party, consider whether you are sharing any information that would be considered NPI under the FTC’s guidelines and whether you have met the GLBA’s requirements for sharing such data. Also consider why you feel the need to share this information and how you would anticipate your customer would feel about you sharing that information. By keeping GLBA requirements and ALTA Best Practices in mind as you adapt to the Know Before You Owe regulation, you can ensure that your customer remains protected and that you continue to have compliant real estate closings.

Compliance Webinar: What You Need to Know About Gramm-Leach-Bliley


Having trouble viewing this? Go to alta.org for a better viewing experience.

Register and Learn About the Liability of
Protecting Sensitive Customer Information

Passed in 1999, the Gramm-Leach-Bliley Act provides the basic legal framework governing title and settlement companies' duty to protect their customers' non-public personal information (NPI).

With the increase in data breaches and reports of identity theft, regulators are focused more than ever on the processes companies take to safeguard NPI. To help you understand when it's legal to share customer information with or without their explicit permission, register for ALTA's "Protecting Sensitive Customer Information: The Basics of Gramm-Leach-Bliley." The webinar will be held from 1:00-2:00 p.m. ET, Thursday, Feb. 11.

The webinar will:

  • provide an overview of the core requirements of the law
  • address the latest government and regulatory actions regarding customer data
  • review recent court cases and liability for protecting NPI
  • help you understand whether you should share customer information
  • highlight ways NPI should be shared

The featured presenter will be Richard Andreano, a partner of the law firm Ballard Spahr. Andreano, the practice leader of Ballard Spahr's mortgage banking group, has devoted more than 25 years of practice to financial services, mortgage banking and consumer finance law.

Cost is $100 for ALTA members and $250 for non-members.
Register today!

Webinar sponsorship still available! Contact Claire Mitchell for more information.

TRID Q&A: Who Handles Preparation and Delivery of Seller’s Closing Disclosure?

Question: We have been told by a couple of lenders that they would prepare a joint buyer and seller Closing Disclosure and deliver the same to both the buyer and seller for “signature.” Can the lender elect to take on the role of the settlement agent with regard to preparation and delivery of the Seller Closing Disclosure?

Answer: To comply with the TILA-RESPA Integrated Disclosures rule, both the buyer and seller must receive Closing Disclosures that provide details of the transaction. In sale transactions, the rule places the responsibility on the settlement agent to provide the seller with a Closing Disclosure relating to the seller’s transaction. See § 1026.19(f)(4). However, the rule also recognizes that in some instances the settlement agent may meet this obligation by either providing the seller with a seller-only Closing Disclosure or a combined buyer/seller Closing Disclosure. This can be done by either the lender or the settlement agent depending on the agreement between those parties. You should collaborate with your lender partners to determine who will prepare this document so you can ensure you meet your obligations under the Know Before You Owe regulation. 

Similar to lenders being liable for delivery and accuracy of the buyer’s Closing Disclosure, settlement agents are liable for delivery and accuracy of the seller’s Closing Disclosure. If a lender decides to provide the seller’s Closing Disclosure, the settlement agent must be aware of this process and ensure accuracy.