According to PositivePsychology.com, as humans we are innately wired to pursue instant gratification. It’s natural for us to want good things, and to want them NOW. In fact, the urge for immediacy surely benefited pre-modern humans as their very survival often hinged upon making instantaneous decisions followed by taking immediate actions (e.g. “there’s a Tyrannosaurus rex headed my way … I’d better run and take cover!”). Humans today are not so different from their ancient ancestors – we, too, want immediacy, especially when it comes to the acquisition of wealth – whether that translates into the speed with which we receive funds or the swiftness with which we get title to real property under contract.
A Catalyst Corporate Credit Union blog reported that recent studies have shown “[a] staggering 70% of consumers express that having faster payment options from their financial institution is an important driver of satisfaction.” Thanks to advances in fintech, we now have a payment rail with two trains riding upon it to deliver that instant gratification. These two “trains” are Real Time Payments (RTP) and FedNow. They both move so FAST (almost instantaneously) that you and your customers can enjoy the ability to transfer funds 24/7, 365 days of the year in real time. With no waiting periods to transfer funds, just imagine how much faster your closings can take place – they can occur on holidays, weekends, and anytime convenient for you and the parties to the transaction!
Since 2017, RTP has been operated by The Clearing House (TCH), a consortium of member financial institutions; TCH’s RTP Network lists approximately 373 participating Financial Institutions (FIs).
On July 20, 2023, FedNow – the Federal Reserve’s interbank, instant payment infrastructure – went live; it launched with 35 participating FIs, the U.S. Department of the Treasury’s Bureau of the Fiscal Service and 16 service providers, but it has the potential to service all depository institutions eligible to hold accounts at the Reserve Banks – currently estimated at more than 10,000 banks and credit unions! FedNow promises to be a real game-changer for the national economy, and especially for our industry.
Let’s talk about what FedNow can do for you. At this time, the FedNow Service supports account-to-account and consumer-to-business bill pay use cases. The maximum credit transfer amount is $500,000, but participating FIs have the option to provide a lesser amount (so you may want to check with the transferor’s FI in advance to make sure that you know its dollar limits). With FedNow, businesses and individuals can also request a payment (referred to as a RFP or “Request for Payment”) from a recipient. For example, with FedNow you can electronically send “Betty Buyer” a request for the balance of cash needed to close her transaction; there is even a “zero-dollar request for payment” pre-validation tool available to make sure that the end-customer has the ability to receive and act on the RFP prior to the biller actually sending one. We can anticipate that FedNow will be able to do even more in the future as its functionality is expected to increase in phases. To learn more about FedNow, and when and how it may be available for your use, please visit FedNowExplorer.org.
Lastly, if you want to know more about the BIG picture – RTP, FedNow, the Good Funds Laws, and Payment Service Providers (e.g. Venmo and PayPal) – and how these mechanisms and laws affect each other and work together, read our in-depth white paper, “Moving Money in a Real Estate Transaction.”
Progress is never easy or fast, but the rewards are well-worth the effort (and patience)! With the advent of new inventions, innovations and technology, we are continuously improving the quality of our lives and the freedoms we enjoy – both in our personal and business lives, which are inextricably intertwined.
Did you know that the audio-visual technology that makes it possible for families and friends to stay in touch across the globe, as well as the video-conferencing platforms that enable employees to work at home while remotely collaborating, took root from an idea to transmit images and audio over wire that was conceived by Bell Labs in the 1870s? Step by step, that idea became a reality over time, eventually giving rise to the smartphones and smartphone apps with video conferencing in the 2000’s, and then given a catalytic push in 2020 by the Coronavirus pandemic and the need for videoconferencing to allow workers to safely isolate while still conducting business remotely.
Similar to the evolution of videoconferencing, the development of the U.S. money rails has had a profound effect on the way we live and do business. I remember my mother saying how she thought the invention of the credit card was life-changing during her youth! In the U.S., the financial system has been relatively slow to evolve, but within the last 10 years it has picked up speed and there have been some amazing technological advances, such as Real Time Payments (RTP) and FedNow, the Federal Reserve’s version of RTP, which is on the cusp of being publicly rolled out. These newer payment rails, along with the convenience of modern payment methods – like PayPal, Venmo, Apple Pay and others – hold great promise for transforming the real estate and title insurance industries, and we want to share some special insights with you.
Ever have a client who was sure their transaction had to be written on a large underwriter? Hey, I get it. Clients are sometimes drawn to the big title insurers, assuming that there are benefits to partnering with a large organization. They may feel a smaller underwriter won’t be able to meet their needs, and the deal is just too large or important to leave anything to chance.
As an independent title agent, you know the importance of selecting a trustworthy, reliable, and responsive partner to provide title insurance for your clients. In this blog, we’ll dive into the features that matter most when selecting an underwriter, debunk some common myths, and show why bigger isn’t necessarily better when selecting a title insurer. First, let’s consider some of the reasons a client might ask you to ensure a transaction with one of the big guys to see if that request aligns with their interests or if they are simply following a common myth.
If I go with a big underwriter, won’t I get better coverage?
There’s a common misconception that the product of the title insurer – the title policy and endorsements – often varies meaningfully in the terms and coverage between underwriters. It’s just not so.
The truth is that generally the product is the same regardless of who underwrites the policy. In states where the forms are promulgated by law, the insurance regulator determines for the entire industry what language is acceptable, and what terms and conditions will be incorporated into their contracts. In states where the forms are not promulgated, most insurers use either the American Land Title Association forms, or the California Land Title Association forms, with little variation.
Basically, the policy will be the same or similar regardless of the underwriter.
If I go with a big underwriter, won’t I get a better rate?
At first glance, this seems like a very reasonable question. In some industries, larger companies have a natural pricing advantage. But in title insurance, it’s hard for an underwriter, no matter how large, to distinguish itself on rates. In states where the rates are promulgated, the insurance regulator decides what to charge and all insurers must follow the regulator’s set rates. Even in those states where regulators do not mandate rates, there may be a ratings bureau that files rates on behalf of its member insurers – which means that most, if not all insurers, will be offering the same rates. And, in those states where insurers file their own rates, they are typically competitive and therefore very similar.
So, the rates will be the same or similar, regardless of the underwriter.
If I have a claim, won’t a big underwriter be in a better position to pay?
Again, this question seems reasonable. Title claims can run into the millions of dollars on commercial properties, so a client might think a big underwriter naturally has more resources to pay claims compared to a smaller underwriter. However, two broad factors level the playing field when it comes to paying claims: state regulation and reinsurance.
State regulators take great pains to protect the public by ensuring that title underwriters of all sizes have the resources to pay claims. Statutorily required reserves must be set aside to pay claims. Regulators carefully monitor the financial soundness of the insurers authorized to do business in their states, and title insurers submit both annual and quarterly financial statements. Title insurers have annual independent CPA audits and are subject to financial examination by the regulator, typically at least once every five years. This means that no matter the size of the insurer, there is a financial threshold that each insurer must meet to ensure its financial stability and continued operation. Moreover, many states have single risk limit formulas that cap the amount a title insurer may insure for a particular transaction risk without having to provide reinsurance.
When reinsurance is provided, there are essentially two insurers – the primary title insurer, and the reinsurer who stands behind the reinsured policy amount. So, while it’s true that a large title insurer may retain a larger dollar amount by itself as a single risk, a smaller title insurer utilizing reinsurance for that single risk is giving the insured two layers of financial security at no additional expense to the insured. A title insurer should be happy to provide you with information regarding its reinsurance, and as a customer or agent, you are entitled to ask for it.
At Alliant National, we reinsure high liability transactions up to $20 million with the Lloyd’s of London markets, and that’s one of the reasons we can confidently say: No title insurance underwriter can offer you better protection for your title risk than Alliant National.
So, if the policy and the price are similar, and the capability to pay claims is sound, what are the real differences between those big underwriters and a smaller underwriter like Alliant National? Moreover, what are the reasons a client might want to select Alliant National over a larger underwriter?
We Don’t Compete Against You For Customers
Alliant National does not compete against you for the customers in your market. Our sole focus is to support the independent title agent. Alliant National will never take a transaction or a customer from you. We strive to help you build better relationships with your customers, and to help you succeed.
Fast And Innovative Answers To Underwriting Questions
Underwriting delays put deals at risk. That’s bad for you and your clients. Sometimes big underwriters back-burner underwriting requests to service their company-owned title offices, and they sometimes provide “canned” or “by-the-book” responses when an underwriting challenge arises. Alliant National does not compete with its independent agents, so it’s able to put all of its underwriting resources to work for independent title agents and their clients. As a smaller underwriter, Alliant National also has the flexibility to find innovative solutions for you and your clients when underwriting challenges arise.
At larger underwriters, the agency and underwriting units can often be at odds with each other. There can also be communications breakdowns between corporate, regional, and state-based teams. At Alliant National, however, the absence of a multi-tier management structure gives our agency, underwriting and other teams the ability to work together closely and seamlessly. Everyone pulls in the same direction to deliver the best outcomes for our agents and their clients.
Real Service When Claims Emerge
We already discussed why the big underwriters generally are not “better” when it comes to the ability to pay claims. However, some big underwriters fall short when it comes to the claims process by making it seem like their goal is to pay no claims at all. At Alliant National, we have flipped the script when it comes to claims. We recognize that the claims department is where our title insurance product goes to work. We strive for timely and clear communication with insureds and agents, seeking first to understand the situation from all points of view. It’s a unique and collaborative approach to claims that agents and insureds value.
The Courage To Care When it comes to choosing an underwriter, it’s important to consider what really matters: finding a partner who prioritizes your needs and the needs of your clients. Unfortunately, larger underwriters may lack the flexibility and personal touch that independent agents and their clients require. Don’t get me wrong, there are a lot of great people working at large underwriters, but size can lead to conflicts, friction, and a lack of flexibility. At Alliant National, we pride ourselves on being able to deliver customized solutions that meet the goals of the real people behind each transaction. Whether it’s a multi-million-dollar commercial deal or a starter home for a young family, partnering with Alliant National means choosing a team that truly cares about you and your clients.
(Updated June 20, 2023)
The Federal Trade Commission (FTC) updated a key data security rule, and the changes will place new compliance requirements on nonbank financial institutions including title, escrow and settlement agents. Among other things, the Safeguards Rule amendments finalized in October 2021 require covered institutions to beef up their information security programs (ISPs). The changes are a response to widespread data breaches and attacks that have caused significant consumer harm in recent years, the FTC said.
Before discussing the changes, it may be helpful to review the state and federal compliance framework of which the Safeguards Rule is an important element.
GLBA, state law and the Safeguards Rule
The 1999 Gramm-Leach-Bliley Act (GLBA), codified as amended at 15 U.S.C. Chapter 94: Privacy, establishes basic privacy standards for “financial institutions,” including title insurers, title agents, and settlement/escrow agents. Unique in their role as third-party vendors to lenders, real estate settlement service providers also have a separate obligation to comply with the GLBA on behalf of the obligations owed by their lenders.
As long as states afford consumers the same or greater protection as GLBA, they can enact their own privacy laws, and they have all done so to different degrees and standards. Asserting their own authority, many states have privacy laws that substantially mirror GLBA, while others have their own, distinctive laws; and still others simply point to GLBA and mandate compliance with it.
Typically, state privacy laws and the federal GLBA overlap in the following general categories of privacy protections:
- Disclosure Protections consisting of a privacy notice, “Opt Out” or “Disclosure Authorization” notice, and limits on what types of disclosures of Nonpublic Personal Information (NPI) may be made by a nonaffiliated third party who receives the information from a “financial institution”;
- Security Protections consisting of a written security program, including administrative, technical, and physical safeguards;
- Security Breach Notification Requirements consisting of laws requiring a business to send out notice of any improper disclosure of NPI in its possession or control.
The FTC’s Safeguards Rule (16 CFR Part 314) is one of the federal regulations that implements the GLBA by requiring a written security program. The rule provides “elements” in 16 CFR 314.4 to develop, implement, and maintain the ISP, including risk assessment, management and control, oversight of service providers, evaluation and adjustment.
On Oct. 27, 2021, the FTC issued a news release announcing that the agency was updating the Safeguards Rule to provide better protection against breaches and cyberattacks; it includes a link to the publication of the final rule’s amendments in the Federal Register. The agency later posted a webpage to help businesses understand their compliance obligations under the rule.
There have been numerous newsletters and blog articles buzzing about the final rule’s new requirements. Davis Wright Tremain LLP has a particularly good blog that summarizes the key requirements of the final rule.
There is a lot to talk about, and while the amended final rule is much more prescriptive in its approach, it is also drafted to provide flexibility and clarity. In particular there are helpful suggestions and information about alternative security options for small businesses that may qualify for limited exemptions. It also makes it clear that the ISP is intended to protect information in both its digital and physical forms.
The final rule contains tons of commentary, including discussion regarding stakeholder input and the commission’s rationale behind its final decisions. Some noteworthy highlights, as abbreviated, are:
- designating a single, qualified individual as responsible for overseeing, implementing, and enforcing the ISP;
- base the ISP on a written risk assessment which includes specific criteria described in the amendment;
- designing and implementing safeguards, including:
- access controls;
- system inventory (i.e. knowing where the data is kept, and how everything is connected);
- secure development practices for in-house developed applications, and security assessments for externally developed applications (reference applications involving customer information);
- multi-factor authentication;
- disposing of customer information which hasn’t been used for two years (unless required for a legitimate business purpose);
- periodically reviewing record retention policies to minimize unnecessary retention of information;
- change management procedures;
- monitoring and logging user activity;
- biannual vulnerability testing on information systems, and additional assessments when there is an elevated risk of new vulnerabilities (e.g. when there are material changes to operations or business arrangements, and those changes will have a material impact on the ISP);
- implementing policies and procedures – which include training, updating, and verification requirements – and ensuring qualified personnel are available to enact the ISP;
- overseeing service providers, requiring them by contract to implement and maintain appropriate safeguards;
- evaluate and adjust the ISP due to circumstances which may have a material impact upon it;
- establish a written incident response plan which addresses specific areas described in the amendment;
- required regular reporting, in writing, by the qualified individual – at least annually – to the board of directors, or to a senior officer (when there is no board of directors) responsible for the ISP, concerning 1) the overall status of the ISP and its compliance with the final rule; and 2) material matters related to the ISP; and
- exemptions for financial institutions which handle the information of fewer than 5,000 customers, from the requirements of (referring to sections of 16 CFR Part 314, as amended by the final rule):
- 314.4(b)(1) – a written risk assessment
- 314.4(d)(2) – continuous monitoring or annual penetration testing and biannual vulnerability assessment
- 314.4(h) – a written incident response plan
- 314.4(i) – an annual report by the Qualified Individual
The FTC is phasing implementation of the final rule, with certain parts having already taken effect Jan. 10, 2022. Other rule provisions that had been scheduled to take effect Dec. 9, 2022, were delayed six months to June 9, 2023 as announced in the Federal Register’s Supplementary Information. Provisions taking effect June 9 included (referring to sections of 16 CFR Part 314, as amended by the final rule):
- 314.4(a) – appointment of a qualified individual
- 314.4(b)(1) – conducting a written risk assessment
- 314.4(c)(1)-(8) new elements of the ISP
- 314.4(d)(2) – continuous monitoring or annual penetration testing and biannual vulnerability assessment
- 314.4(e) – training for personnel
- 314.4(f)(3) – periodic assessment of service providers
- 314.4(h) – a written incident response plan
- 314.4(i) – annual written reports from the qualified individual
This article is for informational purposes and does not contain or convey legal advice. Any opinions, or perceived opinions, are strictly those of the authors and should not be construed as legal advice or a legal opinion. Consultation with an attorney for specific advice based upon the reader’s situation is recommended.
Extend your security bubble further than your business’s front door.
Managing cybersecurity risk is an arduous task for any organization, one that becomes even more challenging when trying to extend your security to vendor relationships. However, it has never been more important. Not only are cyber threats on the rise, but the U.S. Securities and Exchange Commission (SEC) made ensuring operational resiliency and information security one of its 2021 priorities.
Thankfully, last year the agency published a report on the due diligence companies should practice when dealing with vendor relationships. Covering the monitoring of vendors, contracts, customer information policies and other issues, the guidance provides much-needed advice for these complex business partnerships. Let’s explore some of its main tips, takeaways and findings for addressing security concerns with your vendors.
Why Does Information Security and Operational Resiliency Matter?
According to the SEC’s 2021 Examination Priorities report, breaches in information security can in fact “have consequences that extend well beyond [a] firm,” adversely impacting “other market participants.” The report further explains that, due to the radical increase in remote operations in response to the COVID-19 pandemic, cybersecurity concerns have been elevated further, requiring closer scrutiny of endpoint security, data loss, remote access, use of third-party communication systems and, of course, vendor management.
Understand Your Liability
It is a common misconception that if your vendor experiences a data leak, the onus is on them. Not true. State laws typically lay responsibility at the feet of the entity that collected the customer information in the first place. They usually limit vendor requirements to informing you that a data breach or hack has occurred. To safeguard yourself and your business, ensure that your vendor contracts explicitly detail how your customers’ data needs to be handled, what to do in the event of a breach and the expected timeline for dealing with any disruptions.
Vendor Management Programs
You likely already have some experience working with vendors, as well as an understanding of how time consuming such relationships can be. Unsurprisingly, adding cybersecurity concerns into the mix creates an additional set of concerns that need to be managed. Establishing a program that addresses security concerns and expectations at the beginning of the working relationship can help. This program should cover safeguards, how to evaluate vendors, independent audits and processes for terminating and/or replacing vendors.
Understanding and Monitoring Vendor Relationships
One positive finding from the SEC is that many advisers and their personnel already demonstrate a clear understanding of privacy and cybersecurity contract terms. Furthermore, these advisers display an awareness of the risks inherent to outsourcing work to vendors and best practices for limiting such risks. One way that companies accomplish this is through continuous monitoring of vendor relationships, making sure to stay apprised of any changes in the vendor’s services or personnel.
Despite this good news, firms cannot simply assume that their data protection policies are fully up to snuff or even rest on their laurels. Instead, they must treat vendor security as an ongoing, habitual process.
As the SEC noted, designing a vendor management program is a great place to start. Then, be sure to implement it. Build security requirements into your initial vendor contracts and make them as specific as possible. Run regular security audits, using questionnaires if necessary to rigorously evaluate your vendor’s security practices. You can also demand system and organization controls (SOC) for any vendor you choose to work with, requiring them to conduct a SOC for cybersecurity audit on an annual basis. Lastly, you and your company should be performing access and security reviews daily, always staying vigilant for unusual activity.
The hard truth is that, in our digital-first world, we all must work a bit harder to stay safe online and protect the integrity of our customers’ data. But by doing so, you will have a more resilient organization and satisfied client base.