Ike Suri and Adam Chaudhary of fintech firm, FundingShield, talk wire and title fraud prevention in the mortgage industry—a new target for hackers with sophisticated technology designed to sidestep internal fraud controls.
Less than 6 months ago, we were having a conversation with a reverse mortgage lender who had personally experienced a fraudulent attack on a $200,000 wire transfer.
The lost funds were never recovered.
When you get right down to it, law enforcement can’t keep up with the rapid pace at which internet crime is rising. And with fraudulent reports increasing by 1,100%, the FBI has focused their efforts on investigating cases worth $1M or more in losses.
Equally alarming, wire fraud does not have recourse back to lenders from the consumer impact, and as such, opens the doors to reputational risk and potential lawsuits.
Enter FundingShield. Ike Suri and Adam Chaudhary have developed risk management and fraud prevention tech tools to help mortgage lenders proactively monitor and detect fraud risk.
SABRINA PARK: Coming from an investment, technology and media background, what drove you to build mortgage risk and wire fraud solutions?
IKE SURI: Our backgrounds are quite different from typical mortgage industry executives. I’m a technology entrepreneur and investor. For the past 30 years, I have been a hands-on operator in tech & tech-related industries, providing innovative solutions to optimize different industries looking to build businesses and enterprise value.
My business partner, Adam, also has a unique background in the finance world. While on Wall Street—working at firms, such as Goldman Sachs, Royal Bank of Scotland and Greenwich Capital—he provided investment banking, hedge fund and structured finance solutions.
With our diverse backgrounds, we saw an opportunity to drive technology-based automation that provides risk management and fraud prevention tools. Together, we’ve delivered solutions on a global basis, and have become a reliable and long-term partner to our clients.
Private equity literally means, investing into different industries for a unique opportunity to build enterprise value and gain a better return. Having done that in various industries, we came across a unique opportunity with FundingShield, a business that had history going back to early 2000 with past clients, like Lehman, Bear and Countrywide.
Around the housing crisis, most of those firms disappeared or failed, and regulations changed. The company was left stranded with bad receivables, there were new changes in markets and regulations, and it was struggling.
This opportunity came to us at the request of a very large investor in the real estate investment arena in the U.S.—one of the largest in the world. They requested that the company deliver solutions for what it used to do in the past, but with a different twist to it. Meaning, that because of market regulation changes and technology, you could no longer do manual processes. We saw that as a unique opportunity to take our experience, our resources of knowledge, leverage, relationship, execution, operator experience and money to invest.
We could very quickly see that there were a number of disjointed, disparate parties and workflows that were struggling to optimize in an industry, where workflows were archaic. Many other industries had already automated their processes—from airlines, to auto, to Wall Street trading, you name it. We started working with clients and taking their feedback, pain points and industry challenges to build solutions around them.
Everyone was quite focused on building LOS and POS platforms for the origination of the business to compete and to generate revenues. Very valuable services, very timely, helping the industry originate, compete and automate the process. We found all those technological improvements were overlooking where the most stressful part of the journey is, which is closing and which is where the most prized loot is for bad actors or folks that are negligent in compliance. That's where the fraud and risk just escalate to the point where it becomes difficult to manage. So, we looked at the statistics and built ourselves around that. We're in the trenches every day, facing every transaction at a closing level and on a real-time basis on behalf of all kinds of clients—some of the most prominent, blue chip prime banks, depository banks, to community banks, large independent banks, credit unions and small independent banks.
SP: Would you like to add to that, Adam?
ADAM CHAUDHARY: I’ll take it from a different perspective, just to add another anecdote. The regulators came in post-crisis and were really starting to think about loan level risk. Now, for the consumer finance perspective, lenders must now cater to the individual consumer experience and consumer interaction more because it's no longer just a portfolio risk, it’s a view of your overall portfolio of loans that you may have out there. There's more recourse. There's more potential hazard and reputational risk to not treat each one of those individual consumers as an individual, unique borrower and relationship.
When I was leaving Wall Street, earlier in this decade, we started to see a fundamental shift in how we were being assessed and charged for Capital as well as how we had to position the risk in our book. The writing was on the wall—you really had to come up with a loan level risk management solution to really mitigate risk to drive better returns that are low quality and a lot of those metrics were not servicing based attributes or post-closed attributes. They were part of the actual process of creating a better mortgage. When we came up with these ideas for how we could help lenders, we started to see that by creating a better asset—and by playing offense as opposed to defense with these potential issues—you can lower the cost of production and origination as well as increase the value of the asset from the perspective investors.
SP: Cybercriminals are beginning to use more sophisticated technology to commit wire fraud. Using FundingShield’s The Guardian and Wire Account Verification Services (WAVS), lenders can protect sensitive information and prevent digital scams. Of course, this is to the benefit of borrowers, but can you go into more detail about how each solution can benefit lenders?
AC: From a reputational perspective or a natural regulatory perspective, at a state or federal level, lenders are the parties that bear the burden of potential losses.
Issues that come from dealing with unlicensed parties as well as those that have the requirement to act in the best interest of the consumer that they're providing financing for. With that kind of pretext in place, the general concept of pretty much every aspect of consumer lending—fair lending to non-predatory lending—all those aspects and metrics are now part of the actual loan origination process.
Wire fraud is one of the few remaining areas that is not necessarily covered and does not have recourse back to lenders from the consumer impact. Reputational risk and lawsuits are starting to emerge. There’s also this trend where lenders, brokers, real estate agents, title companies, title agents and escrow officers are constantly warning consumers of the risk of wire fraud, but not providing any tools to the consumer to mitigate it. So, that's the pretext on one side of the consumer equation.
On the lender side of the equation, you have the following: lenders are spending money for these loan closings. Consider a $200,000 transaction, a $20,000 down payment and a $180,000 loan amount sent by the lender. From a financial consequence perspective, the vast majority of the dollars at risk are coming from the lenders, so when you have quantum of risk, they bear the burden in vast majority.
Lenders have more frequent transactions. They're also dealing with more disparate settlement parties and title companies that they're sending money to on a daily basis. There's about 60,000 of those individual entities, parties, roles or commissions in the country—title companies, escrow companies, attorneys, notaries, depending on the jurisdiction or what state they live in. It's one of the most disparate settlement networks out there.
IS: We’ve quantified the 60,000 entities through an inside look into some of our bank clients, such as Wells Fargo, Bank of America and others. We know the size of the industry that they have managed in the past versus what is active today.
AC: We can look at this from the perspective of a mortgage lender that is operating at a national, state or multi-state level. They're having to interface and deal with hundreds, if not thousands or tens of thousands of clients. One lender, a national or super regional bank, could have 22,000 relationships that it knows of today. Next year, of the 22,000, there will probably be 30-40% that they haven't dealt with before and that they will have to add to their database.
It's a daunting task to try to credential, validate and keep track of these parties in those metrics, either vendor management style approval or onboarding of these entities is being done once a year. You may close one in a year with a title company and never again. You may close a hundred times with a settlement company, and each time you settle with that company, it's a new transaction—there's a potential for risk to be interjected into those transactions at the time of closing.
As you think about the lender's risk, it's as follows. They have to find a way to confirm that the instructions are receiving from these innumerous parties that they deal with, whether they know them or don't, and have to authenticate the information they're receiving from these parties. Part of the reason for that is business email compromise (BEC), phishing, packing... Those sorts of attacks and threats can penetrate even your known and trusted partners. So, just because you say you know a party, have been working with them for 5 years or 10 years, and know the owners, you don't know when they may be susceptible to an attack and you don't know if that attack will impact your transaction.
To validate and confirm that the transactions are going to bank accounts with the appropriate parties, you need a third-party tool that helps you validate and verify that information. If it's from a consolidated source and ecosystem of data that isn't just one lender specific, but market agnostic, and looks across the market... that's what Wire Account Verification System (WAVS) is. We maintain that database on a live basis by confirming that the bank accounts that come into that system are bank accounts that are owned and held by licensed parties. We ensure that they are active and approved to provide services to the real estate community. We have various metrics to confirm that the bank account is, in fact, owned by the licensed party, directly with the depository institution that holds that. For example, if John's Title Company of California and Huntington Beach is going to be providing you your escrow settlement closing and title work, you want to make sure that the bank account they have at Wells Fargo is, in fact, the name of John's Title Company. We have ability to do that directly through set protocols that confirm and then house the information.
If it's purely the wiring decision, which is what WAVS is, it's purely a service to protect against the wire. Our other product, Guardian, is a more comprehensive tool to provide additional recourse to the actual lender. WAVS gets confirmed that the bank account being used is owned by the licensed party, whereas Guardian goes a step further and asks on this individual closing:
- Is the party that you're sending money to, and getting your title commitment from, a valid licensed party?
- Is the money going to the right place that leverages WAVS database?
- Are all the documents supporting the closing, including the CPL, enforceable recognized by the title insurance underwriter and covering the specific transaction at?
- Has FundingShield been able to certify that the CPL would stand water, if it needs to be filed and used in a claim for misuse of funds, absconding of funds, defalcation or fraud, as committed by the title and escrow party, or because of a third-party intrusion that occurs to that title and escrow.
The reason that last piece matters is because there's two types of fraud that can occur. Let's not forget—there are still bad actors out there. It's not just cybercriminals. We stop these fraudulent attacks all the time and we get our clients paid out with recourse all the time under CPL claims. That matters because now we're not just talking about wire fraud, we're talking about an increase in asset quality and protections back to the lender, which matters to the CFO of an entity because now they can go to their investors and say, 'hey, this is what we have in every one of our loans.' It also helps in terms of the office workflow perspective because a lot of this work is being done by operational teams in the actual closing review process.
I'm going to echo something Ike said earlier. The nexus for risk and potential for human error to fraud intrusion is really the closing process because there's so much taking place in those three to four days, where the CDs are trying to get out. You're trying to process the paperwork. You have to get the documents out, ship the docs. It's only getting tighter with this new eMortgage process because we're tightening the timelines. It's putting more stress in this process and, let's not forget, in digitized paperwork, process and workflows. To validate authenticity and verify the authority to confirm that all documents hold water, you still must do that work.
Lenders don't really have the tools to conduct those validations in-house in a cost and time-effective manner. We can show a very significant ROI for our services. On the Guardian service we generally show anywhere between 150-300% return on investment for the services and that's been actually proven by our clients. That does not include recovery on one loss or avoiding one loss—it's just on the operational workflow aspects of it.
IS: This goes back to optimization of their workflows through our proprietary software solutions, then leveraging the database that no one has—that we make available—to verify the wire accounts. I want to stress that the advanced technology that we have today is also available to the hackers. They're expecting folks to be disjointed, to be vulnerable, to be emotional, to be overlooking things just to close a transaction, and to be relying on systems and networks that they built trust on the people. However, they don't control any of their dependencies on the network, switches, routers, carriers, other technological dependency that they have and their own ability to deal with technology at these levels that's out of their control.
How do you secure that? It's very hard to capture all of them to go through this one pipeline of collection. It becomes very important to be there at the transaction level to make sure that just before the transaction is closing, everybody has been measured, quantified, checked, validated, vetted, verified.
AC: One of the things that I brought from Wall Street is that I've set up a lot of new products in different markets around the world and know that one of the biggest challenges that you have when you set new products is the settlement and back office is clearing aspects of the products. When you think about all the transactions in an existing market, which is the mortgage market as well as the general U.S. real estate market, on a global scale, we're talking anywhere between $1.5-2 trillion per year. It's the largest market in the world that doesn't have a clearinghouse or exchange and is probably the most disparate setup in terms of the settlement parties you have to work with. There's 60,000 of those agents. It just lends itself to so much potential fraud, so much potential misinterpretation from incorrect transliteration.
The key to a lot of this is the title insurance underwriters, who are taking steps to improve this, but do not have the intelligence that we have. We're trying to create a safe harbor approach that doesn't require all parties that come through our portal, or our workflow, to change the way that they settle but allows them to operate in the same way they've been operating. We want them to be able to do so in a way that allows lenders, consumers and downstream investors to have confidence that the transactions have been handled properly and there will be recourse.
You can't prevent the wrongful intentional act of a bad actor. You can't prevent their desire from conducting fraud. What we can do is identify that this party is not working according to the requirements of the individual state law and make sure that our clients have every form of recourse. One of our clients recently got paid off with a $1.7 million return because we created an audit trail to cover them. This is real. It's happening, but we also have the ability to give recovery to clients so that they're not financially attacked.
END OF INTERVIEW
Get updates from BeSmartee sent directly to your inbox! Subscribe to our newsletter here.