In our Tech Disruption survey, National Mortgage News asked participants "What technology is in use in your organization?"
When it came to "advanced fraud protection tools," significant shares of banks, credit unions and nonbank mortgage lenders all said
It may also shift on how the respondent defined the term "advanced;" while all three groupings do have compliance requirements in this area, depositories like banks and credit unions have a different regulatory scheme in this area.
Some still use manual detection processes
A separate study from Lexis/Nexis Risk Solutions on the "true cost of fraud" said that 44% of North American financial institutions primarily relied on manual processes to detect and combat this problem, hesitating to fully embrace automation and artificial intelligence.
"Fraud is a dynamic, escalating threat that touches every corner of an FI's operations," said Kimberly Sutherland, global head of fraud and identity at LexisNexis Risk Solutions¸ in a press release. "Leading FIs with the lowest fraud costs adopt automation, AI and cross-channel visibility to detect more fraud faster through a multi-layered approach."
READ MORE:
But the Lexis/Nexis research also found the bank respondents claiming fraud controls have led to increased customer attrition.
Over the past 12 months, 71% of U.S. lenders and 78% of their Canadian counterparts reported higher customer churn due to fraud prevention strategies.
This is why balancing robust protection with a lower friction for trusted customers remains a critical challenge for lenders, Lexis/Nexis said.
Be on the lookout for token hijacking
Banks are held to a higher compliance standard than nonbanks, and might need those additional tools to pass their audit, noted Tyler Adams, CEO and co-founder of Certifid.
They may be more sophisticated in their operations than the independent mortgage banker, and the breadth of products they offer also likely plays a role, he said.
Most mortgage lenders do the same type of transaction day in and day out, and might "believe they are less susceptible to fraud because they think 'we know what we are doing, it's been the same process for years," Adams said.
READ MORE:
But a sign that criminals have latched on to the next big thing, is Certifid seeing a spike in account takeover scams through the use of token hijacking, said Tom Cronkright, co-founder and executive chairman.
He has spoken with bank leaders, and "apart from the reputational risk, they are concerned about the risk of client churn when their accounts are drained after a bad actor gains access."
How regulation impacts fraud prevention tool use
How they are regulated also could be a factor, said Matt Seguin, senior principal, product management, mortgage fraud solutions at Cotality. IMBs are primarily state regulated, although they are subject to oversight from the Consumer Financial Protection Bureau. Banks and credit unions with federal charters are regulated by the Office of the Comptroller of the Currency or the National Credit Union Administration.
That could explain the different attitudes, although, for IMBs, the secondary market regulator, the Federal Housing Finance Agency, has been making a lot of noise regarding
Mortgage fraud is often a delayed finding, with entities not realizing it has taken place until
READ MORE:
But, IMBs can be hit with a repurchase request from the secondary market if fraud is found down the line, which is why they should be concerned earlier in the process.
They are aware of this repurchase risk and don't want to do anything "egregious" to trigger a request, added Andrew Weiss, partner and managing director, Technology Consulting Practice at Blackfin. But this may give them a slightly higher tolerance than banks.
The role of costs in the use of fraud prevention tools
Cost is likely one of the factors on why banks are more likely to use what they consider to be advanced fraud detection tools.
Non-bank lenders typically operate with thinner margins than their bank counterparts, Weiss noted. So they are likely already using tools in-house that they wouldn't necessarily consider to be advanced.
Credit unions are particularly risk adverse by their nature; they also only lend to members, an added layer of comfort, Weiss said.
Complexity of the transactions they handle across the broad spectrum of their businesses is another, said Jason Keller, director of market strategy, compliance analytics, at Wolters Kluwer Compliance Solutions. The company has a currency transaction reporting product, OneSumX.
"The cost affiliated with compliance, which we always talk about, is always high," Keller said, who added he is looking at this issue through an anti-money laundering and Bank Secrecy Act lens. "Through programmatic efforts, they are trying to do their best with the most efficient amount of resources."
Banks may be using the same fraud tools across several different aspects of their business, Blackfin's Weiss said.
The fragmentation of the fraud prevention business
When it comes to the anti-fraud tools themselves, "it's a very fragmented industry," Weiss continued. Different companies have different niches, he said, including for income and employment verification up the food chain to what Certifid does with the wire transfer process and beyond.
But some companies are now saying because some companies have raised their prices significantly, they are going to be cautious spending their money.
Wolters Kluwer is looking at using more technology to help institutions, especially smaller ones, with the daunting task of keeping up with the rules around AML and BSA.
Fraud prevention and lenders' vendors
Another issue, especially if the function is outsourced, are some regulatory guidance that lenders are responsible for the acts of their third parties. This includes a 2013 guidance on managing outsourcing risk from the Federal Reserve Board, as well as statements from the
Some lenders might still be tracking their third parties' activities on something like a spreadsheet, but Wolters Kluwer is advocating for them to use a more digital solution, Keller said.
"You can't just dust off the old policy every 12-to-18 months to check for compliance," Keller said. "This really has to be a day-to-day, is our practice working? Is it working with changing technology and consumer demand and are we investing the right amount of both technology and human capital?"
Why lenders need a "Human In The Loop"
This is why it is important to have an "HITL," which stands for human in the loop, the person who determines whether or not something is in compliance, he said.
"We don't believe we're at the point now where any technology can reduce or eliminate the human factor in understanding fraud protection and detection," Keller said.
Blackfin has customers who are implementing or significantly upgrading their mortgage technology platform, Weiss said. They are asking "how many of these tools should I include, as opposed to yes or no. Am I getting enough protection from my current vendors?"
But he is also seeing a shift taking place, where the clients are asking about data security tools, rather than fraud tools, although he added the two are closely aligned. Data security failures have a bigger reputational risk.
At the end of the day, cost remains a big issue, and while industry profitability has improved a bit, an "awful lot [of lenders] are underwater.
"No one wants to spend a lot of money on new tools these days," said Weiss. "If you haven't gotten bit, you're probably less concerned."
- This analysis is one of a multipart research series on mortgage technology disruption. Check back tomorrow for more analysis.
