Safeguard Properties

<- Return To Industry Alerts

FHFA AB 2015-07 Fraud Risk Management

Investor Update
September 29, 2015

Purpose

This Advisory Bulletin communicates to Fannie Mae and Freddie Mac (the Enterprises) the Federal Housing Finance Agency’s (FHFA) supervisory expectations for fraud risk management, including the establishment and maintenance of internal controls to prevent, deter, and detect fraud or possible fraud. 

Background

Effective fraud risk management is essential to the safe and sound operations of the Enterprises.  Potential exposure to the risk of fraud exists in Enterprise business operations.  For example, single-family and multifamily mortgage operations have exposure to the risk of fraud associated with activities of borrowers, loan originators, mortgage brokers, loan sellers, attorneys, servicers, appraisers, property managers, and third parties engaged to perform functions relating to loans or the collateral securing the loans.  Capital markets activities may expose an Enterprise to fraud committed by counterparties involved in securitizations.  The Enterprises also have potential exposure to fraud risk resulting from insider malfeasance.[1]

Fraud may subject an Enterprise to financial, operational, legal, or reputational harm.  For example, mortgage fraud may result in financial losses for an Enterprise if a seller does not have the financial ability and willingness to honor its obligation to repurchase fraudulent loans.  Other types of fraud may result in financial losses if the fraud is not fully covered by fidelity bond insurance.  An Enterprise may be exposed to litigation or civil money penalties for failure to comply with fraud-related statutes and regulations.  Further, fraud may cause reputational risk if an Enterprise’s operations are used or perceived to be used to perpetrate fraud.  While experience demonstrates that fraud may not be prevented completely, it may be deterred or reduced through appropriate anti-fraud procedures that are maintained and reviewed over time.

Examples of Fraud

The Enterprises may encounter various types of fraud.  For example, mortgage fraud may occur in mortgage loans purchased for an Enterprise’s own portfolios or for securitization.  Fraud may be committed as part of the origination, underwriting, or closing process or in conjunction with the servicing of a loan on behalf of an Enterprise. 

Mortgage-related fraud may be committed by various participants in the origination, selling, and servicing of mortgage loans.  Borrowers may provide false identification, employment, or income information to obtain approval for a mortgage loan.  Parties involved in loan originations, such as appraisers, attorneys, and title agencies, may engage in misrepresentation of collateral or performance of contracted responsibilities, or through diversion of funds.  Sellers of mortgage loans may misrepresent underwriting standards or deliver a single mortgage loan multiple times.  Servicers may divert custodial or other funds received to accounts used for their own purposes. 

Mortgage-related fraud may be part of larger schemes that include originating mortgage loans through the use of straw borrowers, illegal property flipping, double-pledging of collateral, and builder bailouts.  Post-origination mortgage fraud may target financially distressed borrowers to steal equity in or secure title to a property through fraudulent workout schemes or short sales. 

Insider fraud (i.e., fraud involving current or former employees and contractors) may include accounting fraud, payroll fraud, embezzlement, or collaboration with external parties in a fraud against an Enterprise or other financial institution. 

The wide variation of possible fraudulent activities creates a broad range of fraud risk; therefore, an Enterprise should implement a risk-based approach to fraud risk management that takes into account the scope and potential harm to the Enterprise of possible fraud.

Guidance

This Advisory Bulletin describes FHFA’s expectations for the oversight of fraud risk management, key elements of a risk-based approach to fraud risk management, and the training and independent testing functions that should accompany an Enterprise’s fraud risk management approach.  As described below, FHFA expects the Enterprises will take steps to manage fraud risk in all business lines and operational functions.[2]

Oversight of Fraud Risk Management

Each Enterprise’s board of directors has a responsibility to ensure that the Enterprise’s management is committed to effective fraud risk management and that the Enterprise has appropriate policies for preventing and detecting fraud or possible fraud.  The Enterprise should have documented processes in place to appropriately inform the board about fraud risk management activities and significant instances of fraud or possible fraud.  Fraud risk should be included in the risk management policies that are approved by the board or a committee thereof, and reviewed on a periodic basis. 

The policies should establish the Enterprise’s standards and reporting processes relating to fraud and possible fraud.  The policies should designate the management official(s) responsible for the oversight of fraud risk management and define specific roles and responsibilities for personnel with fraud risk management responsibilities. 

Enterprise management should develop and oversee the implementation of business unit policies and procedures to implement and support anti-fraud and regulatory reporting programs and controls consistent with the Enterprise’s policies.  Business unit policies should detail the Enterprise’s fraud risk management processes, including risk assessments, internal controls, training, independent testing, fraud response protocols, and board and senior management reporting. 

The Enterprise should provide for appropriate coordination across business lines and functions of fraud risk management activities and resources.  Areas of coordination may include risk assessments, oversight of the design and implementation of anti-fraud and regulatory reporting programs and controls, and reporting to senior management and the board or a committee thereof, as appropriate, the results of the Enterprise’s fraud risk management efforts. 

Elements of Fraud Risk Management

Effective fraud risk management should include:

  • Ongoing risk assessments to determine areas of heightened risk for possible fraud and adequacy of the control environment.
  • Risk-based internal controls that are designed to prevent and deter fraud from occurring.
  • Risk-based internal controls that are designed to detect fraud when it occurs.
  • Processes for responding to and reporting fraud or possible fraud.

Risk Assessments

An Enterprise should have an ongoing process for performing risk assessments to identify and assess risk of fraud and to evaluate controls in place to mitigate risk.  Risk assessments should consider factors such as products, services, customers, counterparties, and geographic locations, and should cover business units and operational and control functions.  Fraud risk assessments should provide the basis for internal controls to prevent and deter fraud and to detect fraud or possible fraud.  An Enterprise should have in place a process for periodically updating fraud risk assessments and making associated changes to internal controls. 

Fraud Prevention and Deterrence

Each Enterprise should maintain effective internal controls designed to prevent and deter fraud.  The type and scale of internal controls will vary depending on the operational area, product type, and fraud risk.  Types of controls include segregation of duties; a system of proper authorizations; physical safeguards to prohibit access to assets and records; a system of independent checks; and records to provide an audit trail. 

Internal controls should be clearly documented and subject to ongoing review to determine whether they are followed, are effective, and reflect current industry sound practices.  With regard to potential insider fraud, policies related to the consequences of committing or concealing fraud should be communicated clearly to all personnel. 

Fraud Detection

The complexity and extent of the internal controls for detection of different types of potential fraud in different business activities should be based on the fraud risk assessment, in light of the size, structure, risks, complexity, and vulnerability to fraud of the particular activity.  Fraud detection controls and tools may include, but are not limited to, internal and external tip hotlines; whistleblower vehicles; audits; quality control reviews; and analysis of financial, operational, and transaction data.  Detection methods may involve a review of transactions for possible fraud and, where possible, should include a review for red flags that indicate fraud or possible fraud.  Examples of red flags may include patterns of inconsistency in borrower information, loan documentation, servicer records, and significant servicer performance issues, as well as adverse public information.  Additionally, an Enterprise may identify individuals and firms known to have been involved in fraud.  Fraud detection procedures should document when findings will warrant the expansion of the scope of review consistent with current risk assessments.

Each Enterprise should have adequate information systems to timely capture information needed to detect fraud or possible fraud and comply with regulatory reporting requirements. 

Fraud Response and Reporting

Each Enterprise should have documented processes for evaluating and responding to various types of possible fraud and for complying with regulatory reporting requirements.  An Enterprise should take steps to make its employees and third parties aware of methods by which they may report possible fraud relating to Enterprise operations.  Furthermore, an Enterprise should ensure that its procedures and resources are sufficient to timely investigate possible fraud. 

An Enterprise’s process should address investigation procedures, protocols for gathering evidence, decision-making authority, internal and regulatory reporting, escalation protocols, remedial action, and disclosure.  Individuals assigned to investigations should have the necessary training, authority, and skills to evaluate possible fraud and determine the appropriate course of action.  The process should include a tracking or case management system(s) where allegations of fraud are logged.  As appropriate, an Enterprise’s procedures should also include a review of incidents to determine if improvements need to be made to processes or internal control systems to prevent future incidents of possible fraud. 

Each Enterprise should have effective, risk-based processes to timely investigate potential fraud to minimize and prevent loss.  Procedures should be in place for reporting investigation findings regarding fraud or possible fraud in accordance with regulatory requirements and Enterprise policy. 

Training

Each Enterprise should promote fraud awareness by conveying the importance of fraud prevention and penalties for fraud to all employees.  Each Enterprise should provide and document adequate fraud risk management training that is risk-based and commensurate with trainees’ roles and specific responsibilities.  Training should include instruction on regulatory requirements and the Enterprise’s policies and procedures to comply with those requirements.  Board and senior management training should reflect their oversight role.  Training should be updated as needed to reflect regulatory changes and industry sound practices, as well as changes to the Enterprise’s risk assessments and internal controls. 

Independent Testing

Each Enterprise should conduct regular independent testing in all business lines to determine the overall adequacy and effectiveness of the Enterprise’s fraud risk management.  Testing scope, procedures performed, and findings should be documented.

Related FHFA Guidance

Enterprise Fraud Reporting, Federal Housing Finance Agency Advisory Bulletin 2015-02, March 26, 2015, communicates to the Enterprises FHFA’s fraud reporting requirements pursuant to 12 CFR Part 1233.

Oversight of Single-Family Seller/Servicer Relationships, Federal Housing Finance Agency Advisory Bulletin 2014-07, December 1, 2014, communicates to the Enterprises FHFA’s supervisory expectations for managing counterparty risk associated with their relationships with single-family Seller/Servicers.

Suspended Counterparty Program at 12 CFR Part 1227, generally sets forth the requirements by which each regulated entity submits reports to FHFA when it becomes aware that an individual or institution with which it has been engaged in a covered transaction (as such term is defined in the regulation) within the previous three years has been convicted, debarred, suspended, or otherwise sanctioned, based on specified financial misconduct.  FHFA may issue suspension orders in appropriate cases, requiring the regulated entities to cease doing business with such individuals or institutions.

[1] For purposes of this Advisory Bulletin, fraud occurs when a person(s), knowingly and willfully (1) falsifies, conceals, or covers up a material fact by any trick, scheme, or device; (2) makes any materially false, fictitious, or fraudulent statement or representation; or (3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry.

[2] The risk management guidance in this Advisory Bulletin complements the requirements for reporting fraud and possible fraud found in: (i) 12 C.F.R. Part 1233, Reporting of Fraudulent Financial Instruments; (ii) 31 C.F.R. Parts 1010 and 1030, Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Housing Government Sponsored Enterprises; and (iii) Advisory Bulletin 2015-02, Enterprise Fraud Reporting (March 26, 2015).

Advisory Bulletins communicate guidance to FHFA supervision staff and the regulated entities on specific supervisory matters pertaining to the Federal Home Loan Banks, Fannie Mae, and Freddie Mac.  This advisory bulletin is effective immediately upon issuance.  Contact Bobbi Montoya, Associate Director, Examination Standards Branch at Bobbi.Montoya@fhfa.gov or (202) 649-3406, Kathy Beach, Principal Advisor, Office os Supervision Policy at Kathy.Beach@fhfa.gov or (202) 649-3521, or Ellen Joyce, Principal Risk Analyst, Risk Analysis Branch at Ellen.Joyce@fhfa.gov or (202) 649-3409 with comments or questions pertaining to this bulletin.   
 
Attachments: Advisory Bulletin 2015-07

Source: FHFA

Related Posts

HUD Allocates More than $2 Billion to Advance Equitable Disaster Recovery, Build Climate Change Resilience

The U.S. Department of Housing and Urban Development today announced the allocation of more than $2 billion ($2,040,617,000) in CDBG-Disaster Recovery and CDBG-Mitigation funds appropriated in the continuing resolution, the Extending Government Funding and Delivering Emergency Assistance Act, signed into law on September 30, 2021.

Read More

HUD Employees Receive Management Excellence Award

A group of U.S. Department of Housing and Urban Development employees on Thursday were awarded the 2021 Samuel J. Heyman Service to America Medals.

Read More

<- Back To Newsroom Next Article ->

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing our website, you agree to our use of cookies.

x

CHIEF EXECUTIVE OFFICER

Alan Jaffa

Alan Jaffa is the chief executive officer for Safeguard, steering the company as the mortgage field services industry leader. He also serves on the board of advisors for SCG Partners, a middle-market private equity fund focused on diversifying and expanding Safeguard Properties’ business model into complimentary markets.

Alan joined Safeguard in 1995, learning the business from the ground up. He was promoted to chief operating officer in 2002, and was named CEO in May 2010. His hands-on experience has given him unique insights as a leader to innovate, improve and strengthen Safeguard’s processes to assure that the company adheres to the highest standards of quality and customer service.

Under Alan’s leadership, Safeguard has grown significantly with strategies that have included new and expanded services, technology investments that deliver higher quality and greater efficiency to clients, and strategic acquisitions. He takes a team approach to process improvement, involving staff at all levels of the organization to address issues, brainstorm solutions, and identify new and better ways to serve clients.

In 2008, Alan was recognized by Crain’s Cleveland Business in its annual “40-Under-40” profile of young leaders. He also was named a NEO Ernst & Young Entrepreneur of the Year® finalist in 2013.

x

Chief Operating Officer

Michael Greenbaum

Michael Greenbaum is the chief operating officer for Safeguard. Mike has been instrumental in aligning operations to become more efficient, effective, and compliant with our ever-changing industry requirements. Mike has a proven track record of excellence, partnership and collaboration at Safeguard. Under Mike’s leadership, all operational departments of Safeguard have reviewed, updated and enhanced their business processes to maximize efficiency and improve quality control.

Mike joined Safeguard in July 2010 as vice president of REO and has continued to take on additional duties and responsibilities within the organization, including the role of vice president of operations in 2013 and then COO in 2015.

Mike built his business career in supply-chain management, operations, finance and marketing. He has held senior management and executive positions with Erico, a manufacturing company in Solon, Ohio; Accel, Inc., a packaging company in Lewis Center, Ohio; and McMaster-Carr, an industrial supply company in Aurora, Ohio.

Before entering the business world, Mike served in the U.S. Army, Ordinance Branch, and specialized in supply chain management. He is a distinguished graduate of West Point (U.S. Military Academy), where he majored in quantitative economics.

x

CHIEF INFORMATION OFFICER

Sean Reddington

Sean Reddington is the new Chief Information Officer for Safeguard Properties LLC. Sean has over 15+ years of experience in Information Services Management with a strong focus on Product and Application Management. Sean is responsible for Safeguard’s technological direction, including planning, implementation and maintaining all operational systems

Sean has a proven record of accomplishment for increasing operational efficiencies, improving customer service levels, and implementing and maintaining IT initiatives to support successful business processes.  He has provided the vision and dedicated leadership for key technologies for Fortune 100 companies, and nationally recognized consulting firms including enterprise system architecture, security, desktop and database management systems. Sean possesses strong functional and system knowledge of information security, systems and software, contracts management, budgeting, human resources and legal and related regulatory compliance.

Sean joined Safeguard Properties LLC from RenPSG Inc. which is a nationally leading Philintropic Software Platform in the Fintech space. He oversaw the organization’s technological direction including planning, implementing and maintaining the best practices that align with all corporate functions. He also provided day-to-day technology operations, enterprise security, information risk and vulnerability management, audit and compliance, security awareness and training.

Prior to RenPSG, Sean worked for DMI Consulting as a Client Success Director where he guided the delivery in a multibillion-dollar Fortune 500 enterprise client account. He was responsible for all project deliveries in terms of quality, budget and timeliness and led the team to coordinate development and definition of project scope and limitations. Sean also worked for KPMG Consulting in their Microsoft Practice and Technicolor’s Ebusiness Division where he had responsibility for application development, maintenance, and support.

Sean is a graduate of Rutgers University with a Bachelor of Arts and received his Masters in International Business from Central Michigan University. He was also a commissioned officer in the United States Air Force prior to his career in the business world.

x

General Counsel and Executive Vice President

Linda Erkkila, Esq.

Linda Erkkila is the general counsel and executive vice president for Safeguard and oversees the legal, human resources, training, and compliance departments. Linda’s responsibilities cover regulatory issues that impact Safeguard’s operations, risk mitigation, enterprise strategic planning, human resources and training initiatives, compliance, litigation and claims management, and mergers, acquisition and joint ventures.

Linda assures that Safeguard’s strategic initiatives align with its resources, leverage opportunities across the company, and contemplate compliance mandates. Her practice spans over 20 years, and Linda’s experience covers regulatory disclosure, corporate governance compliance, risk assessment, executive compensation, litigation management, and merger and acquisition activity. Her experience at a former Fortune 500 financial institution during the subprime crisis helped develop Linda’s pro-active approach to change management during periods of heightened regulatory scrutiny.

Linda previously served as vice president and attorney for National City Corporation, as securities and corporate governance counsel for Agilysys Inc., and as an associate at Thompson Hine LLP. She earned her JD at Cleveland-Marshall College of Law. Linda holds a degree in economics from Miami University and an MBA. In 2017, Linda was named as both a “Woman of Influence” by HousingWire and as a “Leading Lady” by MReport.

x

Chief Financial Officer

Joe Iafigliola

Joe Iafigliola is the Chief Financial Officer for Safeguard. Joe is responsible for the Control, Quality Assurance, Business Development, Accounting & Information Security departments, and is a Managing Director of SCG Partners, a middle-market private equity fund focused on diversifying and expanding Safeguard Properties’ business model into complimentary markets.

Joe has been in a wide variety of roles in finance, supply chain management, information systems development, and sales and marketing. His career includes senior positions with McMaster-Carr Supply Company, Newell/Rubbermaid, and Procter and Gamble.

Joe has an MBA from The Weatherhead School of Management at Case Western Reserve University, is a Certified Management Accountant (CMA), and holds a bachelor’s degree from The Ohio State University’s Honors Accounting program.

x

AVP, High Risk and Investor Compliance

Steve Meyer

Steve Meyer is the assistant vice president of high risk and investor compliance for Safeguard. In this role, Steve is responsible for managing our clients’ conveyance processes, Safeguard’s investor compliance team and developing our working relationships with cities and municipalities around the country. He also works directly with our clients in our many outreach efforts and he represents Safeguard at a number of industry conferences each year.

Steve joined Safeguard in 1998 as manager over the hazard claims team. He was instrumental in the development and creation of policies, procedures and operating protocol. Under Steve’s leadership, the department became one of the largest within Safeguard. In 2002, he assumed responsibility for the newly-formed high risk department, once again building its success. Steve was promoted to director over these two areas in 2007, and he was promoted to assistant vice president in 2012.

Prior to joining Safeguard, Steve spent 10 years within the insurance industry, holding a number of positions including multi-line property adjuster, branch claims supervisor, and multi-line and subrogation/litigation supervisor. Steve is a graduate of Grove City College.

x

AVP, Operations

Jennifer Jozity

Jennifer Jozity is the assistant vice president of operations, overseeing inspections, REO and property preservation for Safeguard. Jen ensures quality work is performed in the field and internally, to meet and exceed our clients’ expectations. Jen has demonstrated the ability to deliver consistent results in order audit and order management.  She will build upon these strengths in order to deliver this level of excellence in both REO and property preservation operations.

Jen joined Safeguard in 1997 and was promoted to director of inspections operations in 2009 and assistant vice president of inspections operations in 2012.

She graduated from Cleveland State University with a degree in business.

x

AVP, Finance

Jennifer Anspach

Jennifer Anspach is the assistant vice president of finance for Safeguard. She is responsible for the company’s national workforce of approximately 1,000 employees. She manages recruitment strategies, employee relations, training, personnel policies, retention, payroll and benefits programs. Additionally, Jennifer has oversight of the accounts receivable and loss functions formerly within the accounting department.

Jennifer joined the company in April 2009 as a manager of accounting and finance and a year later was promoted to director. She was named AVP of human capital in 2014. Prior to joining Safeguard, she held several management positions at OfficeMax and InkStop in both operations and finance.

Jennifer is a graduate of Youngstown State University. She was named a Crain’s Cleveland Business Archer Award finalist for HR Executive of the Year in 2017.

x

AVP, Application Architecture

Rick Moran

Rick Moran is the assistant vice president of application architecture for Safeguard. Rick is responsible for evolving the Safeguard IT systems. He leads the design of Safeguard’s enterprise application architecture. This includes Safeguard’s real-time integration with other systems, vendors and clients; the future upgrade roadmap for systems; and standards designed to meet availability, security, performance and goals.

Rick has been with Safeguard since 2011. During that time, he has led the system upgrades necessary to support Safeguard’s growth. In addition, Rick’s team has designed and implemented several innovative systems.

Prior to joining Safeguard, Rick was director of enterprise architecture at Revol Wireless, a privately held CDMA Wireless provider in Ohio and Indiana, and operated his own consulting firm providing services to the manufacturing, telecommunications, and energy sectors.

x

AVP, Technology Infrastructure and Cloud Services

Steve Machovina

Steve Machovina is the assistant vice president of technology infrastructure and cloud services for Safeguard. He is responsible for the overall management and design of Safeguard’s hybrid cloud infrastructure. He manages all technology engineering staff who support data centers, telecommunications, network, servers, storage, service monitoring, and disaster recovery.

Steve joined Safeguard in November 2013 as director of information technology operations.

Prior to joining Safeguard, Steve was vice president of information technology at Revol Wireless, a privately held wireless provider in Ohio and Indiana. He also held management positions with Northcoast PCS and Corecomm Communications, and spent nine years as a Coast Guard officer and pilot.

Steve holds a BBA in management information systems from Kent State University in Ohio and an MBA from Wayne State University in Michigan.

x

Assistant Vice president of Application Development

Steve Goberish

Steve Goberish, is the assistant vice president of application development for Safeguard. He is responsible for the maintenance and evolution of Safeguard’s vendor systems ensuring high-availability, security and scalability while advancing the vendor products’ capabilities and enhancing the vendor experience.

Prior to joining Safeguard, Steve was a senior technical architect and development manager at First American Title Insurance, a publicly held title insurance provider based in southern California, in addition to managing and developing applications in multiple sectors from insurance to VOIP.

Steve has a bachelor’s degree from Kent State University in Ohio.