Published on: November 29, 2017
BY STEWART CONTENT TEAM
Disclaimer: This blog is provided for informational/instructional purposes only and does not constitute the giving of legal advice or establish an attorney-client relationship. Stewart makes no express or implied warranties with regard to and shall have no liability for any errors or omissions or for the results of the use of such material. You should not assume that this information and materials is error-free or that it will be suitable for the particular purpose that you have in mind. It is not intended to direct your closing practices or to change the provisions of Stewart’s underwriting agreements. Escrow and settlement services are outside the scope of Stewart’s agency contracts. You should seek the advice of your own legal counsel in making all decisions pertaining to escrow and closing matters under state and federal law.
One of the myths related to eClosing is that it is not safe and secure. In light of the recent Equifax breach, where a potential 143 million Americans may have had private information exposed, the impact of a security breach is top-of-mind for many companies – and a significant disruptor for title companies and lenders. There are things the title and mortgage industry can do to mitigate legal and compliance risks on the path to eClosing and eClosing integrations. Even though escrow matters are outside the scope of our underwriter/agency agreement, this blog is intended to provide information for you to consider becoming an eClosings enabled company.
Federal and state laws (including the Gramm-Leach-Bliley Act) require title companies and lenders to develop a written information security program that describes the procedures you employ to protect data and personal information. This program must be appropriate to your size and complexity; the nature and scope of your activities; and the sensitivity of the customer information you handle. You should evaluate and adjust your program regularly, in light of changes in your business operations and the results of security testing and monitoring. For title companies and lenders, it is important to look at how cybersecurity laws and regulations are enforced by state and federal regulators, and also how mortgage lenders address this are compliance requirements for settlement agents, as both may be a target for enforcement by regulators. Title companies and lenders should endeavor to follow regulatory guidance to ensure best practices in cybersecurity and to mitigate their regulatory risk. In addition, being responsive to this guidance is essential as private plaintiffs are likely to rely on any deviation from regulatory guidelines, as well as your own policies and procedures, as evidence of inadequate cybersecurity requirements in litigation in the wake of a cyber breach.
You should perform your own due diligence to assess whether or not eClosing technology vendors have sufficient security policies, procedures and programs and other protocols in place to protect consumer information. Data Security and audit rights should also be included in any vendor contract, especially in the case of eClosings, which would be heavily dependent on data transfer via computers. Most eClosing vendor technology has increased security for personal information. eClosing vendors should be able to demonstrate the following:
Vendor technology should provide a secure method for each signer to access the eClosing platform and securely eSign and eNotarize the documents. There are a number of ways vendor technology can authenticate the signing parties:
Title companies and lenders should ensure any eClosing vendor technology is consistent with specific state requirements for the eNotary and Online/Remote Notary, as allowed by state law. These requirements may include specific hardware and technical requirements, as well as separate registration and education with the Secretary of State or state agency which regulates and licenses the notary.
Title companies and lenders may want to consider mitigating liability risks for cyber breaches through front end contractual liability provisions in the event of breach. Your legal department or attorney should review all indemnity and warranty protections in any vendor agreements. It is important for contracts to include provisions for data security and breach notifications if your company will use the eClosing vendor to store data or if the vendor will have access to data (for operational matters). eClosing vendor contracts should set out your expectations regarding vendor performance. They should also seek to mitigate risk and allocate liability in the event of a security breach. Each contract should be written to reflect your cybersecurity strategy and how you assess the risk for the type and size of the transaction. Contractual provisions will vary; however, each party has an interest in identifying and mitigating cybersecurity risks especially in light of the issuance of title insurance policies and duties thereunder.
Ongoing management and compliance with cybersecurity regulations – as well as protecting consumer data and information – is critical as you move towards eClosing and eClosing integrations. Title companies and lenders should ensure any electronic signature technology has sufficient audit capability and full compliance with eSign and UETA, and it is important to review technology solutions for technical compliance with industry best practice standards, as well as state and federal law compliance.
Dawn Lewallen