If you’ve ever applied for a mortgage, particularly since credit guidelines have tightened in the past few months, you know that the amount of information you must divulge to your lender could sink you financially if it were to get into the wrong hands. That’s really kind of scary when you ponder it a bit. I mean, after all, they have your social security number, your birth date, your bank account numbers, and a hair sample (just kidding on the last one). But, really. How do you know that you’re protected?
The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as “financial institutions” to ensure confidentiality and security of your personal information. Which includes mortgage lenders. In addition as part of this act, the Federal Trade Commission (FTC) issued the Safeguards Rule, which mandates measures to keep customer information safe.
So, if you apply for a mortgage and you’re concerned, your lender should be able to provide you with a written security plan that describes their program to protect you. The plan’s appropriateness should vary in relation to the company’s size and complexity, and the nature and scope of its activities. You wouldn’t expect a company with 20 employees to have the same guidelines as a company with 2000 employees. But there will be some similarities.
The written plan should outline that all staff be trained and informed of the policies. That’s important. How good is a plan if no one knows how to implement it? Typically, a lender should have several methods to detect identity theft apart from suspicious documentation or squirrelly applicants. Most use third party sources to verify a customer’s identity beyond driver’s license or government issued identification. These are background search programs with weird names like Lexis Nexus and Interthinx. And they work.
The company’s policy should require employees to change their various passwords regularly and have good security systems in place to prevent “hackers” from accessing your information. We hear time and time again the horror stories of hackers and their nasty activities. Furthermore, the company should shred documents and lock away files at night. Who wants their W-2 showing up in a company’s dumpster? Who wants the nosy cleaning crew thumbing through their file? Not me. Not anyone.
Furthermore, the staff needs to be educated as to how to detect fraudulent documentation or suspicious activity. And they need to understand they shouldn’t discuss your information with any other employees that don’t need access to your file, nor should they discuss your profile with the spousal unit at home. It’s kind of like being a doctor. They can’t discuss patient’s medical records. A lender can’t discuss your financial records.
And what happens if a lender suspects a borrower has been the victim of, or even creepier, is committing identity theft? The lender should have clear guidelines as to how the individual discovering the discrepancy should handle the “red flag.” After all, when the red flag arises, how does the lender know if she’s talking to a victim or a perpetrator at the time of discovery? So, it has to be handled correctly. And the lender’s employees need to have a clear understanding as to exactly how to handle these situations.
So, when you apply for a loan, find out upfront if you’re being protected properly. You’ve got enough to contend with these days when obtaining a mortgage. You deserve a lender who complies with these regulations and acts. We all deserve this protection.