WE’RE HEARING lenders are under increasing pressure to make sure nonpublic, personal information about their customers does not find its way into the public realm.
In part, that reflects growing concerns about identity theft, Wayne Stanley, manager of external communications for the American Land Title Association, told me. Earlier this year, ALTA compiled a set of “best practices” for title companies to follow.
“Within that there are several recommendations for folks within the industry to have a good handle on nonpublic customer information.”
Stanley said that among other things, many title firms now require that a shredder be kept at every desk to help employees make sure nothing containing personal information gets casually dispersed. A shift in identity theft in the last decade has made protecting information that may seem innocuous more important than in the past, he said.
“Today, if they can find three pieces of different information about you in that trash bin, they can potentially start an identity theft against you.”
One of the top priorities established in ALTA’s best practices document is to protect nonpublic personal information as required by state, local and federal law. ALTA urges companies to develop a written information security program describing how they safeguard customer information. Federal law requires companies to dispose of customer information in a way that protects against unauthorized access. It also urges companies to identify and monitor those people who have access to customer information and adopt “clean desk” policies to ensure information cannot be easily stolen.
Another factor that has increased the importance of protecting customer information is that more of it might be laying around. Since the housing bust, consumers are being asked for more information to qualify for a home loan.
Stanley said ALTA started developing its “seven pillars” of best practice guidelines in 2008 to give title and settlement companies tools to self-police themselves and avert new regulatory oversight. ALTA is preparing to unveil a program to assess and certify the compliance of companies with the best practice guidelines.
“Most of the best practices are things people within the industry were already doing,” he said.
So what document is the soft spot in the loan origination process for thieves to seize? Ken Marlin, vice president and general manager of Xerox Mortgage Services, told me the HUD-1 settlement form might be the one that’s most neglected from a security perspective.
That’s because the HUD 1 often goes through a number of revisions and iterations, often creating between four and six copies that are passed around between settlement agents and lenders before the closing.
Today, those HUD-1 forms are more often than not emailed as a simple attachment, which Marlin said is hardly a secure way to ensure the information remains private. He said lenders and closing agents should be using a secure document transfer portal that authenticates users and audits any changes made to a document.
And while we’re talking about the HUD-1, ALTA is eagerly awaiting the CFPB’s decision about a final rule that could lead to delays in home purchase closings. A proposed rule would have required a three-day wait period after any revisions are made to the HUD-1, sparking outrage from the title industry and many members of Congress. ALTA is hoping the final rule, expected to come out in September or October, will be less onerous. The requirement that the three-day clock start running anew if any changes are made to the HUD-1 also could be costly to lenders, because they would have to maintain rate locks during the wait period.
Ted Cornwell has covered the mortgage markets since 1990. He is a former editor of both Mortgage Servicing News and Mortgage Technology.
