Appraisal and Cybersecurity in Lending

Questions and Answers

What is the primary purpose of separating an appraiser from the lender's sales and origination staff?

• To ensure the sale of the property
• To facilitate quicker appraisals
• To prevent influence over the appraiser (correct)
• To minimize appraisal costs

What constitutes permissible contact between residential mortgage lenders and appraisers after an appraisal is completed?

• Offering incentives for a higher appraisal
• Requesting the appraiser to modify the property value
• Asking the appraiser to consider additional comparable sales (correct)
• Discussing the appraisal with sales staff

Under what conditions must material adverse information in an appraisal report be disclosed to borrowers?

• If it detracts from the property's value (correct)
• If it is based on speculation
• If it is considered confidential
• If it is damaging to the lender's reputation

What is the maximum time frame for a residential mortgage lender to provide an applicant with a copy of the appraisal?

Three business days prior to consummation (D)

Which tool is NOT typically used by companies to protect their information systems?

Name and shame tactics (B)

What is the ethical responsibility of Mortgage Loan Originators (MLOs) regarding consumer information?

To keep consumer information private (D)

What must an applicant for a high-risk loan do regarding the timing of receiving their appraisal copy?

They have the option to waive the timing requirement (A)

What is a primary focus of the Safeguards Rule for lenders?

Managing system breakdowns (B)

What should MLOs do to protect customer information when they are away from their computer?

Lock their computer screens. (B)

Which of the following is considered a common hacker scheme?

Key Logging (B)

If an MLO suspects a security breach, what is the first action they should take?

Disconnect the compromised computer from the Internet. (B)

What should be done with sensitive customer information when disposing of computers?

Shred or erase data on electronic media. (C)

What is social engineering in the context of cybersecurity?

Manipulating people to gain access to secure systems. (B)

When using public Wi-Fi, MLOs should utilize which of the following for security?

A VPN (Virtual Private Network). (A)

What action should be taken if a customer's personal information is compromised?

Inform law enforcement if criminal activity is suspected. (C)

What should MLOs do with removable mass storage devices such as USB drives?

Treat them as sensitive and secure them properly. (C)

What is phishing in the context of cybersecurity?

A tactic to request sensitive information using deceptive emails. (B)

How should MLOs treat company passwords to ensure security?

Keep them confidential and not posted in work areas. (C)

Flashcards

Separation of Appraiser and Lender Staff

The practice of keeping a lender's sales and origination staff separate from the appraiser to minimize influence on the appraisal.

Permissible Contact with Appraisers

A lender can ask an appraiser to consider additional information, clarify valuation conclusions, or correct errors in the appraisal report.

Disclosing Adverse Appraisal Information

Material information that detracts from the property's value, safety, or saleability must be disclosed to borrowers.

Appraisal Disclosure to Borrowers

Borrowers must receive a copy of the appraisal promptly, usually three business days before closing.

Safeguards Rule for Consumer Data

The Safeguards Rule requires lenders to implement security measures to protect consumer information.

Ethical and Legal Duty of Confidentiality

Protecting consumer information is an ethical and legal obligation for mortgage loan originators (MLOs) and lenders.

Cybersecurity Tools for Data Protection

Firewalls, encryption, and threat detection software are some tools used to secure systems from intrusion.

Managing System Breakdowns

Lenders must be prepared to handle system breakdowns and ensure business continuity in case of a cybersecurity threat.

Physical Security

Preventing unauthorized access to sensitive customer information by using physical measures like locking rooms and file cabinets.

Data Encryption

Protecting sensitive data by scrambling it so only authorized individuals with the right decryption key can access it.

Designated Information Access

A practice where trained and designated individuals handle customer information requests. This is to ensure that the information is only accessed by people who are authorized and equipped to manage it.

Reporting Suspicious Activity

Promptly reporting any suspicious attempts to obtain customer information to the appropriate authorities, helping to prevent potential data breaches.

Social Engineering

Preventing unauthorized access by hackers who pose as trustworthy individuals to gain access to sensitive information or systems.

Phishing

A type of cyberattack where hackers use deceptive emails or messages to lure victims into revealing sensitive information or clicking malicious links.

Malware

Malicious software designed to harm computer systems or steal data.

Ransomware

A type of malware that encrypts a victim's data, demanding a ransom to decrypt it.

Keylogger

A program that secretly records every keystroke made on a computer, allowing hackers to steal passwords and other sensitive information.

Responding to a Security Breach

The immediate actions taken to contain a security breach, such as disconnecting a compromised computer from the internet and notifying relevant authorities.

Study Notes

Appraisal of Client's Property

• Lenders must keep appraisers separate from sales and origination staff to prevent influence on appraisal reports.
• Lenders can interact with appraisers to request additional information, like comparable sales, clarify valuation conclusions, or correct errors.
• Material information (adverse info) in the appraisal report must be disclosed to the borrower if it's supportable, impacts property value, poses danger, or affects saleability/contract enforceability.
• Lenders must provide borrowers with appraisal copies promptly, or three business days before closing, whichever is sooner.
• Borrowers can waive the timing requirement for copies if it is not a high-risk loan (HPML) or a Qualified Mortgage (QM).

Cybersecurity Scenarios

• Lenders must ensure information system security and manage system breakdowns (Safeguards Rule).
• Protecting consumer data is an ethical and legal responsibility.
• Information security practices include using firewalls, encryption, and threat detection software.
• Physical security measures for MLOs include locking rooms/file cabinets, not sharing passwords, encrypting emails, referring requests to trained personnel, reporting suspicious activity, and securing computers/devices.
• Data disposal methods include burning/shredding paper, securely destroying electronics, and permanently erasing data.
• Avoid using company computers for personal internet devices and using VPNs on public Wi-Fi.

Hacker Schemes and Tricks

• Social engineering manipulates people into granting system access. Hackers impersonate trusted individuals.
• Phishing involves fraudulent emails requesting sensitive information or passwords.
• Malicious software (malware, ransomware, keyloggers) tricks employees into downloading harmful programs, often pretending to be system updates.
• Other tricks include fake wireless connections, infected storage devices, cookie theft, and fake contests/surveys.

Security Breach Procedures

• In case of a suspected breach, secure compromised information (e.g., disconnect from internet).
• Notify company management immediately.
• For independent brokers, preserve files, review the breach causes, notify consumers if personal info is compromised, notify law enforcement (if applicable), and the credit bureaus.
• Check for state-mandated breach notification requirements.