Appraisal and Cybersecurity in Lending

Questions and Answers

What is the primary purpose of separating an appraiser from the lender's sales and origination staff?

To ensure the sale of the property

To facilitate quicker appraisals

To prevent influence over the appraiser (correct)

To minimize appraisal costs

What constitutes permissible contact between residential mortgage lenders and appraisers after an appraisal is completed?

Offering incentives for a higher appraisal

Requesting the appraiser to modify the property value

Asking the appraiser to consider additional comparable sales (correct)

Discussing the appraisal with sales staff

Under what conditions must material adverse information in an appraisal report be disclosed to borrowers?

If it detracts from the property's value (correct)

If it is based on speculation

If it is considered confidential

If it is damaging to the lender's reputation

What is the maximum time frame for a residential mortgage lender to provide an applicant with a copy of the appraisal?

Three business days prior to consummation

Which tool is NOT typically used by companies to protect their information systems?

Name and shame tactics

What is the ethical responsibility of Mortgage Loan Originators (MLOs) regarding consumer information?

To keep consumer information private

What must an applicant for a high-risk loan do regarding the timing of receiving their appraisal copy?

They have the option to waive the timing requirement

What is a primary focus of the Safeguards Rule for lenders?

Managing system breakdowns

What should MLOs do to protect customer information when they are away from their computer?

Lock their computer screens.

Which of the following is considered a common hacker scheme?

Key Logging

If an MLO suspects a security breach, what is the first action they should take?

Disconnect the compromised computer from the Internet.

What should be done with sensitive customer information when disposing of computers?

Shred or erase data on electronic media.

What is social engineering in the context of cybersecurity?

Manipulating people to gain access to secure systems.

When using public Wi-Fi, MLOs should utilize which of the following for security?

A VPN (Virtual Private Network).

What action should be taken if a customer's personal information is compromised?

Inform law enforcement if criminal activity is suspected.

What should MLOs do with removable mass storage devices such as USB drives?

Treat them as sensitive and secure them properly.

What is phishing in the context of cybersecurity?

A tactic to request sensitive information using deceptive emails.

How should MLOs treat company passwords to ensure security?

Keep them confidential and not posted in work areas.

Study Notes

Appraisal of Client's Property

• Lenders must keep appraisers separate from sales and origination staff to prevent influence on appraisal reports.
• Lenders can interact with appraisers to request additional information, like comparable sales, clarify valuation conclusions, or correct errors.
• Material information (adverse info) in the appraisal report must be disclosed to the borrower if it's supportable, impacts property value, poses danger, or affects saleability/contract enforceability.
• Lenders must provide borrowers with appraisal copies promptly, or three business days before closing, whichever is sooner.
• Borrowers can waive the timing requirement for copies if it is not a high-risk loan (HPML) or a Qualified Mortgage (QM).

Cybersecurity Scenarios

• Lenders must ensure information system security and manage system breakdowns (Safeguards Rule).
• Protecting consumer data is an ethical and legal responsibility.
• Information security practices include using firewalls, encryption, and threat detection software.
• Physical security measures for MLOs include locking rooms/file cabinets, not sharing passwords, encrypting emails, referring requests to trained personnel, reporting suspicious activity, and securing computers/devices.
• Data disposal methods include burning/shredding paper, securely destroying electronics, and permanently erasing data.
• Avoid using company computers for personal internet devices and using VPNs on public Wi-Fi.

Hacker Schemes and Tricks

• Social engineering manipulates people into granting system access. Hackers impersonate trusted individuals.
• Phishing involves fraudulent emails requesting sensitive information or passwords.
• Malicious software (malware, ransomware, keyloggers) tricks employees into downloading harmful programs, often pretending to be system updates.
• Other tricks include fake wireless connections, infected storage devices, cookie theft, and fake contests/surveys.

Security Breach Procedures

• In case of a suspected breach, secure compromised information (e.g., disconnect from internet).
• Notify company management immediately.
• For independent brokers, preserve files, review the breach causes, notify consumers if personal info is compromised, notify law enforcement (if applicable), and the credit bureaus.
• Check for state-mandated breach notification requirements.

Description

Explore key concepts related to property appraisal and cybersecurity scenarios within the lending process. Understand the importance of keeping appraisers independent, ensuring timely disclosures to borrowers, and safeguarding consumer data. This quiz covers essential practices and regulations that lenders must follow.