How chain of custody is making lenders vulnerable to mortgage fraud

When famous bank robber Willie Sutton was asked why he robs banks he replied, “because that’s where the money is.” Today, in a world of digital banking, criminals are more likely to say, “because that’s where the cracks are.” As mortgage lenders thrive to curb the ever-escalating number of fraudulent loans, the focus must continue to be placed on closing those cracks or loopholes to stop the flow of attacks.

Complying with Know Your Client and Anti-Money Laundering regulations means demonstrating that solid procedures are in place to detect and act on criminal activity. But while lenders have verification processes in place for structured data, it’s the large amount of customer data that is creating a massive area of vulnerability – the crack in the system.

Today, in the digital age, the chain of custody can become more complicated. While manual oversight is beneficial, the volume and speed of transactions, human error, keeping employees updated on criminal techniques and employees interacting in financial crimes themselves all aid the constant flow of attacks. Here, we’ll discuss inefficiencies and vulnerabilities in the chain of custody that can prevent banks from aligning with KYC, AML, and CFT regulations and adapting as conditions change.

The multi-channel dilemma

Multi-channel institutions provide customers with many banking options. Mortgage lenders may send documents to a customer through email but then the customer can respond, capture or scan a document, or start a chat with the employee using their phones. Yet these multiple channels are often disjointed. Each has its own department with its own solutions, and further increases the complexity of channel alignment.

While you want, and need, to offer multiple channels, it can be problematic; having multiple channels can create more gaps and makes it harder to track the chain of custody. Without the right protection and insight into the chain of custody processes, customers’ digital files can be lost, deleted, altered, and even fabricated. This can also leave sensitive data exposed to fraudulent activity. Lenders may be forced to sacrifice customer channel preference in an effort to reduce this risk, often with a negative effect on customer satisfaction.

Not understanding data leads to compliance issues

Compliance and fraud prevention are in a continuous state of flux, as new regulations and approaches to perpetrating fraud emerge. While many lenders have verification processes and systems of record in place for their structured data, they lack digital solutions capable of addressing the volume of customer data from documents that create a broad area of vulnerability for them. They’re missing the link that would help authenticate clients’ identity and customer and transaction behaviors, which originate in documents.

When it comes to documents, tracking chain of custody can cause issues through not understanding the documents, not understanding the processes they go through, and insufficient visibility of who has touched the documents – all of which can lead to compliance issues.

Gaps in the chain of custody process

Tracking documents and data in the chain of custody is also a vital component of compliance. Chain of custody is really about anyone who touches the processes, including outsourcers. As soon as customer data enters a financial institution, whether through documents or digital sources, it feeds into many processes, including customer onboarding, compliance checks, loan approvals, and more. There can often be a disconnect between the ways that processes were meant to work, and the manual workarounds that employees have to take to execute them – and those workarounds could present opportunities for fraud, leaving room for possibilities of being charged per exposure. The average cost per exposure varies anywhere from $110 to $336 per record. So, at $274 per record for financial businesses, a breach of 87 million records could cost nearly $24 billion in fines.

For example, you request an update on a loan application and the loan officer didn’t realize that you needed to share a file with them that’s holding up the process. Lenders need to be able to track the lifecycle of customer and transaction data as it moves between processes with essential documents. It makes it easier to provide accurate chain-of-custody documentation – should a compliance officer request it – and account for every touchpoint.

Not tracking chain of custody properly can lead to noncompliance penalties of KYC/AML, with fines totaling billions globally. Leaders and process owners need to ensure they’re monitoring those processes so when issues arrive, they’re automatically being alerted for immediate intervention. This can ultimately benefit the businesses – from improving customer satisfaction and operational efficiencies to saving revenue by keeping longtime customers around.

While there is no foolproof method of preventing fraud, lenders need to have full insight into their chain of custody and every process it goes through.