Wire Fraud Risk and Closing Agent Oversight

There are several wire fraud schemes currently in circulation which will have an immediate impact on the housing industry, financial institutions and the end consumer.

• We’ll look at the top 3 that are mortgage banking related.
• Best Practices to manage the risk.
• What to do should you become a victim of wire fraud.

Closing Agent Vendors Being Targeted 

Your closing agent vendors have an enormous amount of NPI data and play a pivotal role in the mortgage transaction. In addition to the data they have access to, they have a lot of communication with the borrower leading up to the closing. It’s this communication and the email exchange of information which is now clearly being targeted by the criminal community.

If you are a lender who is failing to provide any vetting or true oversight practices of a closing settlement agent, the risk of information security and wire fraud is a very real threat to you.

Several years ago, one of our experts managed a funding department, responsible for the funding and processing of the mortgage wires for a national lender. Many billions of dollars passed through the department. And invariably due to the sheer volume, or a data entry error typing in an account number led to the misplacement of a wire transfer.

He can honestly say that the minute the funder discovered the error, he already knew what had happened simply by the look on their face as they came to report the incident. We should say that this didn’t happen very often but it always stuck with him. The responsibility that lay on the shoulders of a funding department is intense. Funders or Closers are some of the hardest working people we know in the mortgage space. They are there when everyone has left for the day. They are usually there very early in the morning as well. Be nice to your funders.

The Art of Deception Is on the Rise

Deception! One of the oldest tricks in the book. What is interesting is that deception really plays on human nature. We all want to help each other out, not to cause any fuss. It boils down to the fact that good people sometimes make decisions that aren't thoroughly thought out. The fraudster is counting on that fact.

The FBI's Internet Crime Report, which is issued by the FBI IC3 team, reports that the top three crime types reported by loss were BEC, Romance and Confidence Fraud and Non-payment and Non-delivery scams. All highly sensitive emotional triggers lay underneath the surface of these issues.

For those not familiar with some of the terminology we’ll highlight a couple which will prove helpful:

• IC3: Internet Crime Complaint Center. Created in 2000 and provides the public an outlet to report information concerning suspected internet facilitated criminal activity.
• BEC: Business Email Compromise. We’ll look at an BEC example below.

3 Wire Fraud Examples

Let's go through a few examples of how wire fraud can work. Be aware of these scenarios to help protect your third party risk.

Scenario 1:  Business Email Compromise. The art of the deception relies on the authority of the email sender and the position of the receiver. As with any email scam, the appearance of the email, the tone and content is consistent with the sender’s typical style of communication. It may come directly from a hacked email account or have an extra letter in the email address of the person's name. For instance, the official email address might read  charleswalker@abcmortgage.com  the fake email might use charleswwalker@abcmortgage.com. Did you notice the extra w?

The message is usually the same: there is an issue with a wire or a vendor is requesting payment for an overdue invoice which would violate the contract provision for the net 30 terms. We mention this because it isn’t just mortgage closers who are susceptible to wire fraud. Accounts Payable, in fact anyone who has access to send a payment, needs to be aware of their risk exposure. Based on research, hackers are extremely patient in how they approach this activity and it isn’t uncommon for them to monitor email traffic to learn who the right people are to target.

Scenario 2: Processing the Wire Tricks. The funder (we’ll call him Jim) is preparing to process the wire for a loan closing in a couple of hours. He wants to make sure that the wire shows up in the account of in time they prepare it for processing. It hasn’t gone into the batch of wire transfers yet but they feel good they are getting a head start on the day.

Quickly checking his email, he notices a new email pop up. FYI Smith Closing Issue scheduled for today. “Hey that’s the file I was just about to process, I’m glad I didn’t hit send on the wire just yet,” the funder thinks to himself.

The email reads:

Jim,

Really sorry to do this, I know this is last minute and you have a ton of stuff to do for month end. My assistant sent you the wrong account info for the wire transfer today on the Smith closing and to add to my vexation she is out today on PTO. I’ve attached it here and wondered if you could update the account. I am in back to back closings today so can’t speak on the phone so email is best.

Thanks again, I’ll make it up to you!

Frank

Picture Jim with the proverbial bubble thought above his head....

"Poor Frank! Month end, back to back closings and his assistant is out. Frank is awesome and he’s one of the best closing attorneys we have. He always makes me laugh when he uses fancy words like vexation." 

In the 10 seconds that follows, Jim updates the wire instructions, double checks the new account number is correct and clicks SEND. Wire sent. That’s one happy attorney Jim thinks to himself. 

3 hours later, Jim gets a call from Frank, except Frank isn’t happy that Jim updated the wire instructions. Frank is upset that he cannot disburse funds because he never received the funds. In fact, right now, no one knows where the funds are. All, $400,000 of them.

Pale faced, Jim tells the attorney that he needs to go speak to his manager. He’ll call him right back. Jim hears Mr. Smith in the background, clearly not happy that something appears wrong with his closing. Jim realizes the error of his ways and has to report the issue.

Scenario 3: Deposits/Additional Fund Requests. The industry is seeing this as an increasing trend. The exposure here begins with relationships with the consumer and the realtor or closing agent. And like the example of Jim the funder, this one relies on the emotional investment that the consumer has in making sure the closing of the new purchase goes off without a hitch. 

We’ve heard of cases where fake emails are sent asking for deposits or additional funds due to some last-minute glitch. An unsuspecting consumer is likely to comply with the request. Falling foul of this can literally cause financial ruin and heartache.

What can you do to manage wire fraud risk?

• Vendor vetting of ALL closing agents should be mandatory. The independent verification of wire instructions, state licenses, E&O, Closing Protection Letters, Cybersecurity Insurance are just a few of the areas which should be reviewed by vendor management.

• Education and training of current risks is vital. Staff need the tools via training and systems to spot red flags and scams. If your risk department aren’t familiar with the funding department, now would be an opportune time to meet and share experiences. Develop policies and procedures that outline the risks and what can be done to address.

• If you are involved in the onboarding and approval of closing agents, ask about if the agent has ever been a victim of wire fraud. Depending on the business need, you may need the coverage but it is worth verifying and checking what their own internal controls do to help mitigate the risk.

• Education of consumers. An educated borrower is a great borrower. You are helping them finance their biggest purchase in their life then why not help them in maintaining the financial health and security by advising them of the latest threats.

• Trust but verify. Any email instructing the change of process or last-minute order of payment should stop the machine. There are 2 options: pick up the phone and voice verify that you have the information correctly, or, if possible in the case of the BEC executive instance, pay them a visit. Either way, all you need to say is that you received their email (print it off when you go visit them) and wanted to verify a few items to avoid any future confusion. The same would apply if you were in the accounts payable. Call the vendor asking for payment. In each case, you will discover if the request is legitimate. The phone is the most powerful tool in verifying if the request is legitimate.

• Use business email for all transactions. If you are onboarding closing agents, make sure that they are not using public providers, AOL, Yahoo, Verizon, Gmail, are good examples. These are more susceptible to email scams and hacking. Make it a requirement for the onboarding process and make it a term in the vendor contract.

What to Do If You Become a Victim of Wire Fraud

• Time is of the essence. Once a wire has been received by a fraudster, the trace becomes colder the longer it takes to begin the investigation. Wire funds never stay in the account for extended periods of time...literally minutes before they are transferred to another account.

• Depending on the internal policy and procedures you should contact the financial institution the wire was being sent from, and then the institution who was supposed to receive it and notify them of the event. Wires sometimes go in batches at set times of the day. Therefore, there is a chance that sometimes the wire is in a queue.

• Speak to the CFO and General Counsel and alert them of the situation. From there, they will likely take over the investigation and handle the challenging task of working with the financial institution and law enforcement to retrieve the funds.

• The next step in line is to file a report with your local FBI office. The IC3 team will be notified and they’ll work with the financial institutions and local law enforcement and will advise in next steps.

In the examples discussed, we assume that the intent was fraudulent. In a situation where you have discovered the potential intent, it's still recommended that you report the incident and follow the same steps. There is still the need to secure your email accounts and monitor against future attempts to misdirect funds.

For a list of the main FBI offices, please visit fbi.gov. There you will find lots of useful information pertaining to cybercrime and best practices to follow. When time is of the essence of stopping a wire in its tracks, your ability to respond quickly will make all the difference.

To learn about proper vendor oversight of your contract mortgage underwriter vendors, download our infographic.