What is a Fair Lending Act and Mortgage Fraud

What laws are making up the Fair Lending Act

  • ECOA – Equal Credit Opportunity Act – designed to prevent discrimination and promote the availability of credit to all credit worth applicants without regards to any of the “prohibited basis”. There are prohibited basis such us: race,  color, religion, national origin, sex., marital status, age income derived from public assistance. It covers more than just an underwriting process.
  • Fair Housing Act
  • CRA – Community Reinvestment Act – Works in conjunction with HMDA by ensuring that Financial Institutions are serving housing. credit needs.
  • HMDA – Home Mortgage Disclosure Act – Congress created due ti concerns over credit shortages in certain urban neighborhoods contributed to decline of geographic locations. It was implemented by CFPB.
  • Fair Credit Reporting Act – Alerts: identity theft, active duty and extended fraud. If an alert exists than take steps to form a reasonable believe that we know the identity of the person making the request. Use consumer provided phone number or method of contact to verify credit request.
Credit Decisions
A lander has 3o days to render a decision. Incomplete applications must het a notice as well to inform them of the needed documents A notice of adverse action (statement of reasons for denial) must be a given to any borrower who is denied a loan.

Red Flags

  1. A borrower is treated differently in person than on the phone.
  2. Discouraging from applying for credit.
  3. The loan originator, lender or underwriter make negative comments about race, national origin, sex, or other protected groups.
  4. Refusing credit even though they qualify for it.
  5. Offering credit with a higher rate than the one applied for, even though they qualify for a lower rate.
  6. A person is denied credit, but not given a reason why or told how to find out why.
  7. When the deal sounds too good to be true.
  8. Feeling pushed or pressured to sign

download Fair Lending ACt

Fair Lending Summary

Base on the act lender or a loan originator cannot

  • Refund to deal with individual inquiries about credit
  • Discourage inquires or applicants by delays, discourtesy, or other means.
  • Provided different, incomplete, or misleading information about availability of loans, application requirements , and processing and approval standards or procedures (including selectivelly informing applicants about certain loan products while failing to inform them of alternatives)
  • Encourage or more vigorously assist only certain inquirers or applicants.

You cannot refer credit seekers to other

  1. institutions, more costly loan products, or potentially onerous features
  2. to nontraditional products (negative amortization, interest only, etc.) When they qualified for traditional mortgages.

You cannot use

  1. Different procedures or standards to evaluaate applications
  2. Different procedures to obtain and evaluate appraisal

By CFPB you are not allow for any items below

  • Provide certain applicants opportunities to correct or explain adverse or inadequate information or to provide additional information
  • Accept alternative proofs of creditworthiness
  • require co-signers
  • offer or authorize loan modifications
  • suggest or permit loan assumptions
  • impose late charges, reinstatement fees, etc
  • Initiate collection or foreclosure
  • Waive or grant exceptions to applications procedures or credit standards
  • state a willingness to negotiate

Tops States With Highest Year over Year Growth in Application Fraud Risk

  1. Florida 72.6%
  2. New Yersey 62.4%
  3. New York 58.2%
  4. Mississippi 34.5%
  5. Connecticut
During the second quarter of 2014, mortgage applications fraud risk reached the highest level since 2010 in Mississippi, Florida, New Jersey, Rhode Island, Connecticut and New York.

Mortgage Fraud – is the intentional misrepresentation misstatement or mission of any material fact, with the intent on reliance by anyone involved in the mortgage transactions to fund, purchase, or insure a mortgage loan.

Misrepresentation can include:

  • the market value of the property that is being used as the collateral for the loan is inflated by the appraiser.
  • The amount, type, and source of the purchaser’s down payment are falsified.
  • The amount of the closing costs (fees) and te source of the funds used to finalize the transaction are erroneous.
  • personal information about the purchaser’s credit worthiness including income, debt, credit history and verification of employment are falsified.
  • Who will actually are living in the property (owner occupancy) and what will be the primary use of the property is not disclosed.
  • Undisclosed rebate, credits, or one-term transfer to one of the parties( usually the purchaser) that are not reflected on the closing statements.

Types of Identity Theft

  • Dumpster Diving – they rummage through trash looking for bills or other paper with your personal information on it.
  • Skimming – Stealing credit/debit car numbers by using a special storage device when processing your card.
  • Changing Your Address – They divert your billing statements to another location by completing a change of address form.
  • Phishing – they pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
  • Stealing – old-fashioned way by stealing wallets, purses, mail including bank and credit cards statements, pre-approved credit offers and new checks or tax information. They sometimes even bribe employees which have access to your documents.


On May 20, 2009, President Obama signed FERA (Fraud Enforcement & Recovery Act of 2009), which amended Money Laundering and Criminal Fraud Statuses, expanding its scope and penalties.

The mortgage lending business was dramatically affected with FERA changes to the definition of a “financial institution” in Title 18 of the United States Code. The term was changed to include “a mortgage lending business” or “any person or entity that makes in while or in part a federal related mortgage loan” as defined in RESPA.



What is a FACTA?

In December of 2003, the President signed the Fair and Accurate Credit Transactions Act, which has become known as either the FACT Act, or FACTA.

The purpose of the act was to update and amend the Fair Credit Reporting Act, although the official-sounding purpose is to amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and to allow consumers to exercise greater control regarding the type and amount of solicitations they receive.

A working knowledge of FACTA enables individuals to know what their rights and obligations are in dealing with consumer credit reoorts.

The Red Flags Rule was declared in 2007. It was enacted into law as part of the Fair and Accurate Credit Transaction Act of 2003. The purpose of FACTA was to update and amend the Fair Credit Reporting Act.

To better define the term “update and amend” the official purpose was “to amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes.’ As people who deal with consumer credit reports, this act had quite an effect on mortgage brokers. Implementation of FACTA created disclosures and other provisions of credit information management that dramatically changed how mortgage loan originators and brokers communicate with consumers.

The Red Flag Rule is enforced by he Federal Trade Comission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration.

 You can get (every 12 months) a free copy of your credit report from each of the major credit reporting agencies (Equifax, Experian, and TransUnion) through AnnualCreditReport.com. This website is the only one that is government authorized to provide you with free copies of your credit report. 

Categories of Common Red Flags:

  • Suspicious documents
  • Alerts, notifications or warnings from a consumer reporting agency
  • Suspicious personal identifying information
  • Unusual use or suspicious activity related to accounts
  • Notice from members, victims of identity theft or law enforcement

Creditor – a business or organization that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies health care providers, and telecommunications companies are among the entities that may fall within this definition, depending on how and when they collect payments for theirs services.

The creditor it’s also on who regularly grants loans, arranges for loans for the extension of credit, or makes credit decisions.

A Disclosure of Credit Scores

The section of FACTA most pertinent to mortgage loan originators is Section 212, which amends 5609 of the FCRA by requiring “any person who makes or arranges loans” and uses consumer credit scores to follow specific disclosure guidelines. For the purposes of the Act and for our purposes here as well, these persons are called “mortgage loan originators,” regardless of their official position title.

The statute applies to applications initiated or sought by a consumer for a closed or an open-end loan, which will be secured by one to four units of residential property.

  • If this is the case, the mortgage loan originator must disclose the following information to the consumer, as soon as is “reasonably practicable: ” The consumer’s current credit score or the most recent credit score that was previously calculated by the consumer reporting agency (CRA) related to credit extension
  • The range of possible credit scores under the model used
  • If any factors adversely affected the consumer’s score, up to 4 key factors that adversely affected the score (including inquiries)
  • The date the credit score was created
  • The name of the person(s) or company(s) that provided the credit score
  • In addition to all this, the mortgage loan originator must also provide the consumer with a written statement known as the “Notice to the Home Loan Applicant.”
  • Provide more than 1 disclosure per loan transaction
  • Provide the disclosure required in this subsection after another person has already supplied the consumer with a disclosure for that loan transaction

Additionally, the mortgage loan originator is only responsible for providing the consumer with a copy of the credit score information received from the CRA. The mortgage loan originator cannot be held liable for any of the information that is provided on the copy or any information that is omitted from the disclosures provided by the CRA. Finally, any provision in a contract or agreement that prevents a mortgage loan originator (or any other person) from disclosing a credit score is null and void. Also, the mortgage loan originator will not be liable under any contract for disclosing a credit score if he is doing so under the authority of this subsection.

Identity Theft Program

Personal identifying Information provided is inconsistent when compared against external information sources used such as:

  • The address does not match any address in the consumer report; or
  • The Social Security Number (SSN) has not been issued, or is listed on the Social Security Administration’s Deaths Master File.
  • It’s a mail drop address, prison or fictitious
  • Invalid phone number, associated with a pager or answering machine.


Anti Money Laundering In Mortgage Business

Loan or finance company — in the BSA definition of financial institution; includes sole proprietor acting as loan/finance co.

Residential mortgage lender — person whom is paid for debt from residential mortgage loan Residential mortgage originator— person accepting a residential mortgage loan application or offers/negotiates terms of loan Residential

Mortgage loan —loan secured by mortgage, deed of trust, or other security interest on a 1-4 unit residence or residential real estate

Loan or finance company — in the BSA definition of financial institution; includes sole proprietor acting as loan/finance co.

Residential mortgage lender — person whom is paid for debt from residential mortgage loan Residential mortgage originator— person accepting a residential mortgage loan application or offers/negotiates terms of loan Residential mortgage loan—loan secured by mortgage, deed of trust, or other security interest on a 1-4 unit residence or residential real estate

FinCEN – acts as the designated administrator of BSA. Its mission is to “safeguard the financial system from the abuses of financial crime,
including terrorist financing, money laundering and other illicit activity”.
The BSA was established in 1970 and has become one of the most important tools in the fight against money laundering. Since then, numerous other laws have enhanced and amended the BSA to provide law enforcement and regulatory agencies with the most effective tools to combat money laundering.

Exempted Anti Money Laundering programs for certain financial institutions .

  • Pawnbroker
  • travel Agency
  • Telegraph company
  • Seller of vehicles, airplanes, & oats
  • Person in real estate closings & settlements
  • Private banker
  • Commodity pool operator/trading advisor
  • Banks not subject to regulation by federal functional regulator
Violations requiring immediate attention (terrorist financing or ongoing money laundering schemes) can be phoned to law enforcement in addition to filing a SAR

Retentions Records & Confidentiality

  1. Keep AR copies for 5 years
  2. SARs are confidential
  3. May not disclose SAR or info revealing its existence (including subpoena or other request)
  4. Provided no one involved in a reported SAR is notified the transaction has been reports, this section doesn’t prohibit disclosure of a SAR (& supporting docs) to FinCEN, federal, state, or local law enforcement, or regulatory authority of BSA.
  5. Government authorities may not disclose a SAR or its existence except as necessary according to BSA.
Voluntary reporting relating to terrorist activity may be phoned to FinCEN’s hotline (1-866-556-3974) in addition to filing a SAR

Examples of $100 Million Fraud

A Mortgage Loan Originator needs to know about time-frames for these disclosures.

When to File a FinCEN compliance?

  1. Personal identifying information provided by the customer is inconsistent when compared again the same information obtained through external information sources (i.e. address does not match any address in the credit report)
  2. Documents provided for identification appear to have been altered or forged
  3. An application appears to have been altered or forged or give the appearance of having been destroyed and reassembled
  4. A fraud alert was indicated in the consumer report
  5. Social Security number provided matches info submitted by another customer.

A money laundering typically involves three steps.

  • Placement Stage
  • Layering Stage
  • Integration Stage

To read more about money laundering please visit https://www.moneylaundering.ca

Spear Phishing Emails in Mortgage Business

How to check if and email is a Spear Phishing Email and is used to attack us?

  • Comes from unknown sender
  • Solicits sensitive information, like your password
  • Prompts you to open an attachments or click a link
  • Appeals to urgency fear or desire
  • Contains spelling or grammatical error

Types of Social Engineering Attacks

  • Baiting – Attackers lure targets in with items of value: They might leave a flash drive where someone will find it or can upload malicious files to a site where thousands can download it.
  • Pretexting/Bohoing – Some attackers might impersonate a person of authority or whom trust to solicit sensitive information. An attackers might impersonate your username and password to solve some issues
  • Mind games – an attackers might send an email or call you in response to an imaginary question. This can lead the target to believe that he or she simply forgot their previous conversation, making the target more likely to give up information.
  • Spam & Phishing – Both methods usually rely on email to lure victims in. Most spam emails are after monetary gain while phishing emails usually solicit  sensitive information.
  • Tailgating – An attacker might wait besides a locked door to glean your credentials so they can get inside.


Here are some facts about Spear Phishing in Mortgage business

  • 1 in every in 2.3 organizaitons is targeted by a spear phishing attacks.
  • 600,000k it’s an average cots in USD to fix the damage done by a spear phishing attack.
  • Number of organizations affected by a data breach in 20014 rose 9% comparing data from 2013 year.

Types of Spear Phishing emails in mortgage industry

  1. Data Entry
  2. Click-Only
  3. Attachments 

A sample spare phishing email version 1

The webpage where person is forwarded looks like a legit website and even an email from which the message is sent looks like real one. In most cases can be misspelled or used ASCII symbols.

A sample spare phishing email version 2

A sample spare phishing email version 3


What are PCI Data Security Standards in Mortgage Industry?

What are PCI Security Standards?

It’s a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

They include

  • Remediation Costs – costs incurred to fix the internal process that led to the data breach. This may include hardware and software upgrades, changes in vendors, and personnel changes.
  • Loss of Reputationn – Can be damaging as a loss of revenue. With the bad publicity in the news, social media, and word of mouth, a negative image can take years to repair.
  • Loss revenue – once a data breach has been announced, most companies experience a severe drop in revenue. Consumers are fearful that it will happen again and become distrustful of the brand.
  • Remediation Costs – The costs incurred to fix the internal process that led to the data breach. This may include hardware and software upgrades, changes in vendors and personnel changes.
  • Federal Audits – Depending on the size of the data breach, the Federal Trade Commission has the authority to monitor, levy fines , and impose strict regulations.
  • Bank Fines – fraudulent changes on a victim’s credit card may not be your responsibility, but the bank passes on those costs to you in the form of fines.

Cardholders data shouldn’t be stored unless it’s necessary to meet the needs of the business. Sensitive data on the magnetic strip or chip must never be stored after authorization. if your organization stores PAN, it’s crucial ti render it unreadable.

PII – Personal Identifiable Information

It’s any information which stealing, compromising or losing can result in

  1. Embarrassment
  2. harm
  3. Unfairness
  4. Inconvenience

Combined with another identifier

Examples of PII that is sensitive when combined with other data include:

  1. Ethic or religious affiliation
  2. Medical conditions
  3. Sexual orientation and gender identity
  4. Last four digits of SSN
  5. Data of Birth
  6. Mother’s Maiden name

Examples of PII-related legislations

Privacy Act of 1074

The Privacy Act established a code of fair information practices that governs the collection maintenance, use and dissemination of information about individuals that is maintained in system of records by a federal agencies.


Title III of the e-Government Act of 2002, The Federal Information Security Management Act states that federal agencies must reviews PII and submit a report to Congress annually; and review and reduce the volume of PII, Social Security Numbers in particular.


The U.S. Family Educational Rights and Privacy Act regulates the collection and dissemination of PII by and educational agency or institution, and establishes the rights of the parent and the student.


The Health Insurance portability and Accountability Act, was passed by the U.S. congress in 1996. HIPAA deals specifically with Protected Health Information, or PHI. This includes the information on your medical records.