data security/best practices awareness and implementation · relanc.com...
TRANSCRIPT
relanc.com
NCClosingAttorneyBestPractices.org
www.NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Made Possible By a Grant From:
relanc.com
relanc.com
NCClosingAttorneyBestPractices.org
Webinar Series:
“Attorneys Helping Attorneys!” • Series of Webinars • Next One => IT Security Compliance, NPI, E-mail Encryption • January 28, 2015 @ 2:00 PM
relanc.com
NCClosingAttorneyBestPractices.org
Elizabeth Harrison, Esq.
Jonathan W. Biggs, Esq.
• Graduate of University of North Carolina (BA 1991) • Graduate of Campbell University School of Law (JD 1995) • Principal in the Firm of Elizabeth R. Harrison, Attorney at Law P.C.
(Raleigh, North Carolina) • Chair of the North Carolina Real Property Section of the NC Bar Assoc. • Chair of the North Carolina Attorney Best Practices Task Force • Member of Real Estate Lawyers of North Carolina (RELANC)
• Graduate of Duke University (AB 1987) • Wake Forest University School of Law (JD 1990) • Principal in Firm of Stubbs, Cole, Breedlove, Prentis & Biggs, PLLC (1990-2012) (Durham, North Carolina) • Vice President of Risk Management at Investors Title Insurance Company • Member of the ALTA Best Practice Task Force • Member of the ALTA Technology Committee • Member of the North Carolina Attorney Best Practices Task Force • Member of the North Carolina Real Property Section of the NC Bar Assoc. • Member of Real Estate Lawyers of North Carolina (RELANC)
Your Moderators:
relanc.com
NCClosingAttorneyBestPractices.org
Richard “Dick” Reass
Your Guest Speaker:
Chief Executive Officer and Founder, Reliant Title and RynohLive He is a graduate of the University of Texas and his Navy career was bookended by combat in Vietnam and Desert Storm. Commands at sea included serving as Commodore of the 16 ship multinational force during Desert Storm. Dick's final assignment was as director of Management Information Systems in Washington, D.C. Richard M. (Dick) Reass is the president and founder of Reliant Title as well as Segin Software LLC. His passion for process improvement and innovative problem solving was the catalyst for developing RynohLive, once Reliant Title was well established. Dick describes himself as a re-engineered Naval Officer whose banker wife thought that starting a title agency would be a great way to keep him out of trouble once he had retired from the Navy. Little did she realize what would evolve! His vision of process improvement and systems integration led to the step-by-step development of RynohLive for escrow and trust account security and protection • ALTA Best Practices • ALTA Technology and Closing Committees
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Regulatory Requirements Lender Requirements ALTA Best Practices
• CYBER FRAUD
• Check Fraud / Wire Fraud / Mortgage Fraud
• Employee Embezzlement / Owner Escrow Theft
• CFPB (Dodd–Frank)
• CFPB Ruling 2012-03
• OCC Bulletin 2013-29
• NAIC Model Acts 230 & 628
• Lender 3rd Party Liability
• Legislative Changes
Today’s Environment
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
ALTA Best Practices Framework Title Insurance and Settlement Company
1. Licensing 2. Escrow Standards 3. Security Standards: Physical, IT, NPPI
4. Settlement Procedures 5. Title Policy Delivery, Charges, Remittance 6. Insurance (E&O, Cyber, Fidelity, Surety) 7. Complaint Resolution
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Regulatory Requirements Lender Requirements ALTA Best Practices
Lenders Already Requiring Compliance
Today’s
Environment
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Adopt and maintain appropriate written procedures and controls for Escrow Trust Accounts allowing for electronic verification of reconciliation. These controls help meet client and legal requirements for safeguarding client funds.
Daily Reconciliation Requirement
Positive Pay
File Balance Documentation
Electronic Access for Underwriters
ALTA Best Practices Escrow Best Practices
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
EVS compare items through electronic means to ensure the validity of the item/ document being submitted for review or analysis. Does the underlying data held by the bank and accounting system support the reconciliation results?
An electronic copy of a reconciliation statement is simply
another form of paper that cannot be analyzed for accuracy
ALTA Best Practices
Electronic Verification Systems (EVS)
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
o #1 Defense Against Fraud o Match Bank Balances to Book
Balances o 3rd way: Individual Settlement Files
Each Settlement File = Sub Escrow Account Can’t take from Jones to pay for Smith
o Businesses Banking Regs
Different “Online Posting - 24 hour rule”
Transaction Notification
Daily Reconciliation Daily 3-Way Reconciliation
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Daily Reconciliation
o Summary Page Bank/Sweep Statement Outstanding Deposit List Outstanding Check Report Trial Balance
o Debits & Credits = Bank and Book o Red Flags Stale Dated Checks Undisbursed Funds Outstanding Deposits Negative File Balances
Be able to present a daily report
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Pre-Closing File Balance Check Endorsement Good Funds v. Collected Funds Deposit (In Transit = RESPA Violation) Dealing with IRS Liens Pacer Search – Patriot Search SSN Verification Identity Verification FIRPTA
Training & Records
Written Procedures
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Post Closing Pacer Search
Bring down Ledger Card-File Balance-HUD Check Payees Check Signing & Wiring Check Reissue Stop Payment
Training & Records
Written Procedures
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Settlement Software Controls
Permissions Freeze Files Logins Industry Standard Software
Training & Records
Written Procedures
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Unclaimed Property Stale Dated Check Follow-up Undisbursed funds Escrow Agreements Interpleading Funds Escheatment (5 year property)
Written Procedures
Training & Records
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
oWhat are the 3-4 greatest risks from the outside?
o What are the greatest risks from insiders?
(Closers, Wi-Fi, computers, etc.)
o Verification and Validation Expect what you Inspect!
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
oWhat are the 3-4 greatest risks from the outside?
o What are the greatest risks from insiders?
(Closers, Wi-Fi, computers, etc.)
o Verification and Validation Expect what you Inspect!
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Positive Pay
o Defense Against Check Fraud Banking Software that matches:
Check #
Check Date
Dollar amount
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Positive Pay
o Defense Against Check Fraud Banking Software that matches:
Check #
Check Date
Dollar amount
Payee
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Disburse Collected Funds
o Good Funds ≠ Collected Funds Good Funds – Settlement Definition Only Banking Regulation CC
Available Funds or Collected Funds Expedited Funds Availability Act 1987 Collected Funds Irrevocably Credited
Statute Definition v. Bank Definition NC Good Funds Settlement Act § 45A-3&4
Underwriter Guidelines
o Limit Good Funds Illinois and North Dakota $50,000 Indiana and Utah $10,000 Idaho $1,000
Settlement Funding Legislation Needed
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
o Computer Technology Simplifies o Hard to Visually Identify o Beware of:
“First-time client” Asks for refund of “excess funds” Deal “Falls Through”- wire refund! Canadian Bank
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Follow the Money Follow-up after 3-4 days for:
Payoffs & Recordings
Follow-up after 10 days for: Government entities (taxes)
Service providers (hazard and flood).
Follow up after 30 days for: Disbursements greater than $1000.
Follow up after 45 days for all other disbursements.
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Escrow Security o Industry Software oAdministrative Controls
Ability to Limit Functions Freeze Files Written Procedures
oSegregation of Duties oDaily Reconciliation oStrong Passwords oDual Authentication
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Cyber Security
o Secure Email Service o Biometric Access Device o Strong Passwords
Master Passwords o Internet Controls o Firewalls o Browser’s o Training, Training, Training
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
CYBER ALERT - A New Variant Zeus Botnet and Zero Access Rootkit
o Attack on Settlement Software No Administrative Controls Created Files Transferred Funds Posted Checks
o Daily Reconciliation Prevented Escrow Analysis Careful Review Potential Loss ~$2,000,000
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
CYBER ALERT - A New Variant Zeus Botnet and Zero Access Rootkit
o NPPI Aspects >10,000 Settlement Files SSN’s Bank Account Numbers Investment Account Info Credit Card Numbers
o FTC Reporting Requirements?
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Online Banking Requirements
NACHA & FBI Guidelines Dedicated Stand Alone Computer Banking Only Use No Java – No Adobe – No Flash Malware Protection Automatic Updates Strong Authentication Dual Controls
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Control Web Access • Browser Selection
Avoid Internet Explorer (Personal Choice)
Speed - Security - Functionality
Active X for Closing Packages
Eliminate Advertising (Adblockplus.org)
Keep Plugins up to date o Java-Flash Player-Adobe Reader
• Firewalls & Routers • Lockdown Computer Internet Access
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Secure Email
o Encrypted Email
Protects NPPI Sarbanes-Oxley Requirement Lender Requirement “Best Practices”
o Easy Affordable First Step
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Who else is reading your email?
These pictures were taken in 1975, and kept in a folder in my attic for 38 years.
In April 2013, I scanned the pictures and emailed them to a friend in Florida
They were “on the web 5 days later”!
Latest Scam – “Revised wire instructions”
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Nothing to be Learned
There is nothing to be learned
from the second kick of the mule!
relanc.com
NCClosingAttorneyBestPractices.org
relanc.com
NCClosingAttorneyBestPractices.org
Thank you for Participating. Any questions?