5 questions for Regina Lowrie
A large portion of the mortgage industry still tries to understand, let alone deal, with wire fraud caused by business email compromise schemes. Mortgage industry pioneer Regina Lowrie's newest company, Dytrix, looks to provide lenders with some preventative measures to halt these scams.
Lowrie served as the first woman chair of the Mortgage Bankers Association. She was the founder and CEO of Gateway funding Diversified Mortgage Services of Horsham, Pa. She has since become a consultant and in that role became aware of the depth of the wire fraud problem. Lenders are also not cognizant of their potential liability.
So in 2019, Lowrie launched Dytrix, which performs validations of a bank account's owner, account number, time the account has been opened and ABA number. It authenticates that the recipient is the owner of that account and then goes one step further and checks the domain of the email address that the lender receives and the country domain to make sure the account has not been intercepted.
Below are excerpts from a discussion with Lowrie at the MBA's annual convention in Austin, Texas. The questions and responses have been edited for clarity and length.
Is the industry starting to get concerned about wire fraud? While there have been some efforts like the Coalition to Stop Real Estate Wire Fraud, mortgage lenders still seem to be just getting up to speed on the problem.
Little by little, the industry is starting to recognize it. We are waging war against this issue. I'm pretty passionate about it. Back in the day when I had Gateway, we didn't think twice about wiring hundreds of thousands of dollars to a bank account without validating it. But clearly our industry is under attack right now. Some of the warehouse banks are saying it's their customers' responsibility to validated where the money is being wired to before they request the wire and some lenders are really doing nothing to manage closing agents as third-party providers.
The interesting thing is, the closing protection letter and the error and omissions insurance does not cover wire fraud. It also does not cover any privacy breeches of consumer data. So what Dytrix is doing is focusing on making it a secured financial transaction by validating the wire and we're also qualifying the closing agent and giving the lender some recourse against the closing agent for privacy violations.
This isn't a new problem for the mortgage industry, but many seem unaware of what's been going on.
I've been working on this now for almost four years. One of my clients, a fairly large bank in Pennsylvania reached out to me after an Office of the Comptroller of the Currency audit. And they had a very robust vendor management program for third parties, but the OCC wanted to know how they were managing closing agents and they weren't doing anything.
Most of my clients have over 1,000 closing agents so it's not an easy task to do it manually. So our technology does it in real time. We reach out to the closing agent on behalf of the lender. The closing agent goes on to the portal, puts in a user name and password and they're asked to change their password for security purposes, and then they complete the certification.
From an efficiency perspective, we cover a number of things. We mitigate the lender's risk, both financial risk and reputational risk.
But we're also protecting the consumer, because at the end of the day, when everybody shows up at the settlement table and the funds are not there, it's the consumer that's getting hurt.
Right now, some of the defense mechanisms include emails from closing agents with messages in big red letters warning consumers about changes in wire instructions. Is that just a Band Aid?
I recently got an email from the CEO of Homebridge and all over their emails it says 'we do not send emails regarding wiring instructions.' So the warnings are all over. You know I love this industry and I am very passionate about it, but I have to say that we're not very proactive, we're reactive as an industry.
I think longer term solution is as the industry is moving towards a digital environment, everything will move towards blockchain. But that's a while down the road, so we have to address the problem today.
Does the switch to a digital process environment make things safer or does it up the risk?
That's why there is such a big interest in blockchain. The U.S. Department of Defense has said the biggest threat to the U.S. is not North Korea or Russia, it is a cyberattack on our financial network. Our financial system is a prime target.
People have lost homes they were trying to purchase because their down payment funds were diverted.
It's daunting to go through the process, especially for first-time home buyers. And there's nothing better than to be able to see a family go to closing, sign the papers, get their keys and own their first home. So think about what this does to that whole transaction. When you get to the table and the money's not there and the loan doesn't close, that's egregious.
Most larger institutions have cybersecurity insurance policies in this day and age. What I've come to learn is, it will cover wire fraud, but there's an exclusion if your employee wired the money. If you can demonstrate that you have validated it before you wired it, then you show your fiduciary responsibility under the policy. But if your employee is the one that wires and it ends up going into a fraudulent account, most cybersecurity insurance policies won't cover you.
The other thing — cybersecurity insurance is very expensive. So you're not going to find small and mid-sized players getting cybersecurity insurance.