On average, problematic loans had 2.2 issues per loan indicating the lack of appropriate controls by closing agents to identify and fix issues.
With the fourth quarter traditionally being the highest risk quarter of the year for fraud, 2023 was no exception with higher-than-average findings across wire related issues.
Closing protection letter (CPL) issues were found on 49% of transactions, CPL validation issues on 8% of entire transactions and wire risks on 9% of transactions in Q4.
“Q4 was a challenging period on the risk front for financial services, mortgage, and real estate firms where more sophisticated cybersecurity events have taken place,” said Ike Suri, CEO and chairman of FundingShield.
“We saw the challenges created by the Fidelity National Financial and First American Title cyber events prompted lenders’ risk & compliance, operations, funding & accounting teams to address the impact of bank closures, widespread technology or data outages and preparing for those challenges today,” Suri added.
Two of the four largest title firms — First American Financial and Fidelity National Financial — were affected by a cyberattack in the last two months of 2024 raising alarm bells of growing cybersecurity challenges.
While normal business operations have resumed at First American, the firm believes the cybersecurity incident will have a material impact on its fourth quarter 2023 financial results.
Fidelity National Financial also suffered a ransomware attack in November that took its systems offline for a few days.
“These intentional acts of cybercrime create financial losses within impacted firms but also threaten the enterprise valuations of listed public firms. This creates additional motivation for short players or parties who are looking to express their negative view in free markets,” said Suri.
An increase in wire and title fraud risk highlights ongoing cybersecurity challenges such as Business Email Compromise (BEC) events and phishing attacks, noted FundingShield.
BEC is a sophisticated combination of phishing and spoofing used to extract $2.7 billion from victims in 2022, a 47% increase since 2020, according to a 2022 FBI Internet Crime report.
BEC involves fraudsters gaining access to your company’s actual email accounts, often after targeting one of your employees with a traditional phishing attack.
Once inside the company’s system, perpetrators can reach out to customers via the employee’s email address but request them to send closing funds to the wrong bank account.
Phishing is the most prevalent tactic used for wire fraud today, affecting more than 300,000 victims, the FBI report noted.
“Cyber security events at Fidelity and First American created the perfect storm for social engineering attempts by bad actors to impersonate and deploy numerous other schemes to seek the rerouting of funds,” said Suri.