compliance.peopleshomeequity.com
Download
Report
Transcript compliance.peopleshomeequity.com
SUSPICIOUS ACTIVITY REPORTING
SYSTEM (SARS) AND IDENTITY THEFT
December 2013
Peoples Home Equity, Inc.
What is SARs?
A “suspicious activity report” or SAR is a report made
by a financial institution to the Financial Crimes
Enforcement Network (FinCEN), an agency of the US
Dept. of the Treasury.
The goal of SAR filings is to help the federal government
identify individuals, groups or organizations involved in
fraud, terrorist financing, money laundering, and other
crimes.
PHE employees involved in the origination, underwriting, and
closing/funding processes are required to file a SARs upon
discovery of suspicious activity.
Filing a SARs
FinCEN requires a SAR to be filed when we notice a
suspicious incident or suspected violations of law
subject to the Bank Secrecy Act (BSA).
Each SAR must be filed within 30days of the initial
determination of suspicious activity.
PHE must maintain our SARs filings for a period of
5years from the date of the filing.
Confidentiality of SARs filing
You are prohibited from discussing your SARs filing
with anyone. It is required to be only between
yourself and our SARs Administrator, Brian Dutton.
Unauthorized
disclosure of a SAR filing is a federal
criminal offense.
PHE and its employees face civil & criminal penalties
for failing to properly file SARs; including a large
combination of fines, regulatory restrictions, cease &
desist order, or imprisonment.
SARs filing options
5 sections to complete containing info about the
individual/organization of the suspicious activity in
question.
Part
1 – PHE’s name, address, tax ID#, location of the
activity, and any account numbers involved in the
activity.
Part 2 – Any name, address, SSN or tax ID’s, birth date,
drivers license#, passport#, occupation and phone#’s
of all parties involved with the activity.
SARs filing options
Part
3 – the Date range of the activity, total dollar
amount and a list of any law enforcement agency that
has been contacted while investigating the activity.
Part 4 – contains the contact information of PHE’s SAR
Administrator; Brian Dutton, 5205 Maryland Way, Suite
100, Brentwood, TN 37027.
PH: 865-934-1414 or
[email protected].
Part 5 – a written description of the activity.
Who conducts fraud?
1st
place = Employees
2nd place = Customer
3rd place = Broker or Brokering Agent
4th place = An Officer of the institution
8th place = Appraiser
10th place = Attorney
What is mortgage loan fraud?
Mortgage
loan fraud is when someone engages in
submitting misrepresentations of customer income,
employment, credit, occupancy and other requirements;
submission of improper gift letters; unduly influencing
appraisers to increase values; misrepresenting equity
and other information to the underwriting team. Loan
Officers were often identified as employees in these
activities.
What is mortgage loan fraud?
Some accountants/customers committed fraud by providing
false financial or occupancy information with their loan
application.
Altered or falsified CPA Letters – where either the CPA, the
customer, or someone else altered the document.
Fraud by accountants or CPAs include loan modification,
debt elimination or short sale fraud schemes in cases of
pending foreclosure.
Fraud tax letters stating the customer had self-employment
income and owned their own business. Fraudulent tax
returns were prepared with the knowledge that they were
not intended to be filed with the IRS.
Types of activity to report SARs
Elder financial exploitation – perpetrated by a relative or
caregiver against elderly victims. Coercing or cajoling the
victim into gaining access to financial accounts and/or power
of attorney over the victims accounts. Abuse involves
forgery, check fraud, suspicious documents or ID presented,
wire fraud, embezzlement/theft, and mail fraud. Often
involves the sweetheart scam as described below.
Sweetheart scam – involves the fraudster feigning romantic
intentions toward a victim, gaining their trust and affection
to where the financial accounts and/or identity security are
at risk. Most victims are unwilling to charge fraud against
the perpetrator or others on the perpetrator’s behalf.
Types of activity to report SARs
Insider abuse – involving relatives or friends of current
or former employees, or third-party vendors who
commit documentation fraud to improve the
creditworthiness of a borrower. Examples: Accountant,
Appraiser, Attorney, Borrower, Broker, Real Estate
Agent, etc.
Occupancy fraud – some borrowers commit mortgage
loan fraud by providing false occupancy information
with their loan application. Better rates/LTV limits are
available for owner-occ vs. investment properties.
Types of activity to report SARs
Identity fraud – in one instance a cash-out 2nd lien was
applied for by a married couple. When the closing
occurred the husband was wrapped head to mid-waist
(including hands) in gauze. The closing agent could not
verify his identity, only seeing his eyes, and became
suspicious. She excused herself to make copies of the
ID’s presented, taking the loan file with her, and called
the husband’s work to discover he was still at work and
had no knowledge of the loan being applied for. The
police were notified and it was discovered the wife and
her ‘boyfriend’ were using the 2nd lien funds to take a
trip to the tropics.
Types of activity to report SARs
Assets fraud – in one instance a VOD was received
and appeared to have been altered. The current
balance amount seemed to have changed to a
larger amount by inserting a “1” between the $ sign
and the actual amount. When the bank was
contacted to verify the amount they listed on the
VOD form, they confirmed the amount was different
from what they submitted to the Broker. It was
changed so the customer could qualify for their loan
requiring 6mos PITI.
Types of activity to report SARs
Assets fraud – in another instance on a Purchase loan the
customer was using $50,000 down payment from the sale of
their home. The HUD-1 from that sale showed the funds
were sufficient, however, the customer only deposited
$25,000 into their bank account and placed the remaining
$25,000 cash into their safe at home. When sourcing the
funds they provided a photo of the cash in their safe for the
$25k, along with a bank statement for the remaining $25k
deposited amount. Because PHE cannot confirm where the
cash amount came from, even though it seems likely that it
was from the sale proceeds, it becomes a suspicious incident
for filing a SAR. FinCEN representatives said PHE should file
a SAR.
Types of activity to report SARs
Identity fraud – in one instance a customer meets
face-to-face with a loan officer to pre-qualify
themselves for a mortgage loan. The loan officer
pulls a credit report that returns an unacceptable
result due to SSN validation. The customer then
pulls out another SSN card and says to use a
different SSN to order credit under his same name.
Because a customer cannot have different or
multiple SSNs this is a classic case of ID theft and
the LO is required to file a SARs.
Types of activity to report SARs
Identity fraud – in one another instance a 2year previous customer
came back to PHE for repeat business. The LO copied the previous
loan and signed up the customer without re-verifying any possible
changed information; the customer signed how they were prepared.
During the UW process it was discovered the ID had a different last
name for the customer and had been recently been issued within the
last 6mos. Investigations showed the customer had divorced within
the year and had changed back to her maiden name. When the
new re-apped package was signed it was further discovered that
the customer signature was “entirely” different than those on the
recent package. No similarities between the 2 signatures at all.
When questioned, the customer stated that when she changed her
name she also changed her signature. Although the explanation
sounded reasonable, PHE still could not verify the correct identity
and filed a SARs.
Types of activity to report SARs
Seller fraud – in one instance the HUD-1 from a
Purchase transaction reflected 2 mortgage loan payoffs
on the seller side. There was only 1 mortgage listed on
the title commitment for $800,000. The payoff amount
for the 2nd payoff was for an even dollar amount,
$300,000. The title agency refused to insure over an
un-recorded 2nd lien, and further discovered the
disbursement agent was in on the seller scheme and
split the $300k between 5 other fraudsters (including
herself) when disbursement verification was requested.
A SARs was filed by Closing/Funding.
The 5 W’s to the SAR narrative
WHO: is conducting the suspicious activity?
WHAT: instruments or mechanisms are being used
to identify the suspicious activity?
WHEN: did the suspicious activity take place?
WHERE: did the suspicious activity take place?
WHY: does the SARs filer think the activity is
suspicious?
The HOW to the SAR narrative
HOW: did the suspicious activity occur?
This
is an important feature of a SAR narrative.
The narrative section of the SAR should describe the
method of operation of the conducted suspicious
activity. In a concise, accurate, and logical manner, the
SARs filer should provide a description of how the
suspect transaction or pattern of transactions were
committed.
Avoid long ramblings. But the narrative should offer a
full picture of the suspicious activity.
Triggering Events
FinCEN has made it clear that certain triggering
events constitute the appearance of mortgage loan
fraud. Perpetrators seem to invent new scams all
the time.
Some
salient schemes are listed next.
Some Documentation Red Flags are listed.
Red Flags do not only pertain to the document process
but also extend to the way a customer or loan officer
behaves.
Salient Schemes
Occupancy
Fraud
Income Fraud
Appraisal Fraud
Employment Fraud
Liability Fraud
Debt Elimination
Foreclosure Rescue
SSN / ID Theft
HECM Fraud – reverse mortgage fraud to acquire
taking title to a home.
Document Red Flags
Customer
submits invalid documents to cancel mortgage
obligations or to payoff loan balances.
Some notary public prepares, signs, and sends
packages of nearly identical debt elimination
documents for multiple customers with outstanding
mortgage balances.
Some notary public works with and/or receives
payments from unusually large numbers of customers.
Document Red Flags
Falsification
of certified checks, cashier’s checks drawn
against customer’s account, rather than from the account
of a financial institution.
Customer applies for a “primary residence” loan but
does not reside in the new residence as indicated on
the loan application; instead it is being used as a 2nd
home or investment property.
Customer of a younger age purchases a “primary
residence” in a senior citizen residential development.
Document Red Flags
Low
appraisal values, non-arm’s length relationships
between short sale buyers and sellers, or previous
fraudulent sale attempts in short-sale transactions.
Agent of the buyer and/or seller in mortgage
transaction is unlicensed.
Customer reluctance to provide more information
and/or unfulfilled promises to provide it.
Apparent resubmission of a rejected loan application
with key applicant details changed or modified.
Document Red Flags
from 3rd party affiliates on behalf of
distressed homeowners to pay fees in advance of the
homeowner receiving mortgage counseling, foreclosure
avoidance, a loan modification, or other related
services.
3rd party solicitation of distressed homeowners for
purported mortgage counseling services may claim to
be associated with legitimate mortgage lenders, the US
government, or a US government program.
Request
Applicant Red Flags
Appears nervous for no good reason.
Avoids eye contact.
Asks about reporting rules.
Asks that rules be “bent.”
Questionable source of funds.
“Forgot” drivers license claim, lost due to drunk driving, or
had wallet/purse stolen.
Drivers license is outdated or picture is smudged beyond
recognition.
Comes in just before closing and asks for ‘paper work’ to be
skipped.
Is impatient and tries to hurry.
Applicant Red Flags
Offers a cash bonus (aka ‘bribe’) for skipping required
information.
Pretends to be sick or very tired and just ‘wants to get the
application over with.’
Provides incomplete or suspicious information.
Behaves abnormal or irregular.
Claims the application is for a friend and does not have the
required information.
Lists funds that are inconsistent with the customers financial or
economic situation.
Causes suspicion of attempting a straw buyer transaction.
Elicits suspicion of structuring.
Provides apparent fraudulent documentation.
Loan Officer Red Flags
Almost
never takes a vacation.
Does not want supervisory personnel to see or be
aware of transactions with an applicant.
Behavior changes to secretive with certain applicants.
Whispers with certain applicants.
Asks certain applicants to come back later when
nobody is in the office.
Acts guilty. (Whatever that means!)
Lives beyond means.
Q3 2013 Fraud Hot Spots
The 10 highest overall mortgage fraud risks areas in
the United States:
1 Fayetteville-Springdale-Rogers, AR-MO
2 San Francisco-Oakland-Fremont, CA
3 Los Angeles-Long Beach-Santa Ana, CA
4 San Diego-Carlsbad-San Marcos, CA
5 Modesto, CA
6 Miami-Ft Lauderdale-Pompano Beach, FL
7 San Jose-Sunnyvale-Santa Clara, CA
8 Bakersfield, CA
9 San Luis Obispo-Paso Robles, CA
10 Tulsa, OK
Q3 2013 Fraud Hot Spots
The 10 highest ZIP code fraud risks areas in the United
States:
1 Hercules, CA 94547, 362 incidents
2 Rogers, AR 72756, 358 incidents
3 La Jolla, CA 92037, 357 incidents
4 San Jose, CA 95111, 348 incidents
5 San Diego, CA 92127, 343 incidents
6 Downey, CA 90240, 336 incidents
7 Harbor City, CA 90710, 330 incidents
8 Alhambra, CA 91801, 317 incidents
9 Joliet, IL 60435, 317 incidents
10 San Mateo, CA 94403, 307 incidents
Q3 2013 Mortgage Fraud Types
The chart below shows the changes in overall risk from Q2 2013 to
Q3 2013.
Large increases were discovered in Identity / Occupancy, while a large decrease is
seen in Employment / Income fraud risks.
Identity Theft Prevention
The moment you give your personal information to another entity – a
bank, the DMV, or even a medical provider – you give up control
over that information and how it might be used.
We can’t control what happens when we willingly share our
information with a company or with friends.
Short of hiding in a closet and using cash only for purchases, every
person is at risk of identity theft.
ID Theft signs
There are several things people do everyday that
makes it easier for thieves to steal their identities:
Giving personal info to those who call or email you
Post personal info on social media sites
Carry your SSN card in your wallet
Access the internet over public/insecure Wi-Fi networks
Throw away mail, checks or financial docs intact
Leave outgoing mail in your mailbox
Let online retailers save your credit card number
What is ID Theft used for?
Financial fraud
Includes bank fraud, credit card fraud, social program
fraud, tax refund fraud, mail fraud, etc.
Typically used to fund a criminal enterprise
Financial fraud is investigated by the U.S. Secret Service
Criminal activities
Taking someone’s identity in order to commit a crime, enter a
country, get special permits, hide one’s own identity, or
commit an act of terrorism
Can include: computer/cyber crimes, organized crime, drug
trafficking, alien smuggling, and money laundering
ID Theft victims get their life back
ID Theft Victim To Do List; take your life back in 7 steps
(website: http://www.idhijack.com)
1) contact the credit bureaus; ask that they issue a fraud
alert and attach a statement to your credit report, get
copies from the 3 credit bureaus (TransUnion, Equifax, and
Experian)
2) review your credit reports thoroughly; look for accounts
you didn’t apply for or open, inquiries you didn’t initiate, or
defaults and delinquencies you didn’t cause
3) file a report with your local police or in the community
where the ID theft took place; keep a copy of the police
report
ID Theft victims get their life back
4) fill out an ID theft victim’s complaint and affidavit form;
available from the FTC at www.ftc.gov/idtheft
5) close any accounts that have been accessed fraudulently;
contact all creditors, including banks, credit card companies,
and other service providers where your accounts have been
compromised
6) stop payment on checks; if a thief stole checks or opened
bank accounts in your name, contact a major check
verification company to report the fraud activity
7) contact the local postal inspector; if you believe someone
has changed your address through the post office or has
committed mail fraud, ask the postmaster to forward all mail
in your name to your own address
Other ways to protect your ID
Monitor your credit annually
Request fraud alerts from the 3 credit bureaus
Opt out of junk mail / internal marketing lists
Use a P.O. Box
Small
box costs around $5 range
Freeze your credit
Freezing/unfreezing
costs around $10 range
Hacked/Phished ID Theft
To Do List when computer is hacked or phished
Change
all passwords
Run anti-spyware and anti-virus
Clear out private info in your browsers
Clear out sensitive data from Temp folder
Close online accounts
Contacting 3 credit bureaus
Equifax
Credit Information Services - Consumer Fraud Div.
P.O. Box 105496
Atlanta, Georgia 30348-5496
Tel: (800) 997-2493
www.equifax.com
Experian
P.O. Box 2104
Allen, Texas 75013-2104
Tel: (888) EXPERIAN (397-3742)
www.experian.com
TransUnion
Fraud Victim Assistance Dept.
P.O. Box 390
Springfield, PA 19064-0390
Tel: (800) 680-7289
www.transunion.com
Prosecuting ID Theft
Reporting to the FTC
Consumer Response Center
Federal Trade Commission
600 Pennsylvania Ave, NW
Washington, DC 20580
Toll-free 877-FTC-HELP (382-4357)
On the Web: www.ftc.gov/ftc/complaint.htm
For consumer information:
www.ftc.gov/ftc/consumer.htm
What will PHE do?
If a customers personal information becomes
compromised at PHE, we will enroll each customer
into monitoring services for a period of 24-months
to help track changes to their identity, credit,
and/or account information.
Staff training and reporting
PHE
employees are trained to detect and respond to
Red Flags.
Report any incident of ID theft to the Compliance
Committee at 615-872-0220 x603 or
[email protected]
Thank You!
When filing a SARs it must be filed using the
attached fillable PDF form.
Questions?
File
your SARs with the SAR Administrator, Brian Dutton,
865-934-1414 or [email protected]
Report any incident of ID theft to the Compliance
Committee at 615-872-0220 x603 or
[email protected]