Compliance Article
09/17/2008
|
Earlier this year, the Federal Bureau of Investigation put out a warning on a combination of mortgage fraud and identity theft that it termed "house stealing."
The "house stealing" scheme has several variations but typically involves a criminal stealing and assuming a homeowner’s identity, using the homeowner’s personal information to transfer the property’s deed to themselves, and then selling it to an unsuspecting buyer, pocketing the profits. Last year, one such scam in the Los Angeles area defrauded more than 100 homeowners and lenders out of over $12 million.
New requirements tied to existing legislation will hopefully help combat such identity theft and fraudulent activity, however. As of Nov. 1, financial institutions and other creditors, including mortgage lenders, will have to have a program in place to detect, prevent and mitigate identity theft. This requirement is a result of a law called the Fair and Accurate Credit Transactions Act of 2003. The federal banking regulators and the Federal Trade Commission have now issued regulations implementing part of the FACT Act that are being commonly referred to as the "red flag" rules.
These new rules require each financial institution or creditor that holds any consumer account, or any other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with both new and existing accounts. The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and enable a financial institution or creditor to:
- Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the program.
- Detect red flags that have been incorporated into the program.
- Respond appropriately to any red flags that are detected to prevent and mitigate identity theft.
- Ensure the program is updated periodically to reflect changes in risks from identity theft.
The agencies also issued guidelines to assist financial institutions and creditors in developing and implementing a program, including a supplement that provides illustrative examples of red flags.
For institutions that are already subject to Customer Identification Program requirements under the Bank Secrecy Act, the guidelines suggest that verification tools used for customer identification purposes may serve double duty in such a program in the detection of red flags for new accounts. For existing accounts, the guidelines suggest the use of procedures for authenticating customers, monitoring transactions, and verifying the validity of change of address requests.
There are 26 illustrative examples of red flags, falling into five basic groups:
- Alerts, notifications or warnings from a consumer reporting agency
- Suspicious documents
- Suspicious personal identifying information
- Unusual use of, or suspicious activity related to, the covered account
- Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft
While it is not required that all 26 examples must be incorporated into every program, they are supposed to be considered and those that are relevant to each type of covered account are supposed to be incorporated.
Depository institutions are subject to the version of the regulations issued by their banking regulatory agency and non-depository creditors are subject to the regulations issued by the Federal Trade Commission. The rules for all agencies can be found in the November 9, 2007 issue of the Federal Register.
While the mortgage lending industry will have to invest more time and effort into compliance with the red flag rules, the requirements should make house stealing more difficult to accomplish in the future.
Mr. Dreyer's article first appeared in National Mortgage News Fraud Report on September 3, 2008.
