Extend your security bubble further than your business’s front door.
Managing cybersecurity risk is an arduous task for any organization, one that becomes even more challenging when trying to extend your security to vendor relationships. However, it has never been more important. Not only are cyber threats on the rise, but the U.S. Securities and Exchange Commission (SEC) made ensuring operational resiliency and information security one of its 2021 priorities.
Thankfully, last year the agency published a report on the due diligence companies should practice when dealing with vendor relationships. Covering the monitoring of vendors, contracts, customer information policies and other issues, the guidance provides much-needed advice for these complex business partnerships. Let’s explore some of its main tips, takeaways and findings for addressing security concerns with your vendors.
Why Does Information Security and Operational Resiliency Matter?
According to the SEC’s 2021 Examination Priorities report, breaches in information security can in fact “have consequences that extend well beyond [a] firm,” adversely impacting “other market participants.” The report further explains that, due to the radical increase in remote operations in response to the COVID-19 pandemic, cybersecurity concerns have been elevated further, requiring closer scrutiny of endpoint security, data loss, remote access, use of third-party communication systems and, of course, vendor management.
Understand Your Liability
It is a common misconception that if your vendor experiences a data leak, the onus is on them. Not true. State laws typically lay responsibility at the feet of the entity that collected the customer information in the first place. They usually limit vendor requirements to informing you that a data breach or hack has occurred. To safeguard yourself and your business, ensure that your vendor contracts explicitly detail how your customers’ data needs to be handled, what to do in the event of a breach and the expected timeline for dealing with any disruptions.
Vendor Management Programs
You likely already have some experience working with vendors, as well as an understanding of how time consuming such relationships can be. Unsurprisingly, adding cybersecurity concerns into the mix creates an additional set of concerns that need to be managed. Establishing a program that addresses security concerns and expectations at the beginning of the working relationship can help. This program should cover safeguards, how to evaluate vendors, independent audits and processes for terminating and/or replacing vendors.
Understanding and Monitoring Vendor Relationships
One positive finding from the SEC is that many advisers and their personnel already demonstrate a clear understanding of privacy and cybersecurity contract terms. Furthermore, these advisers display an awareness of the risks inherent to outsourcing work to vendors and best practices for limiting such risks. One way that companies accomplish this is through continuous monitoring of vendor relationships, making sure to stay apprised of any changes in the vendor’s services or personnel.
Despite this good news, firms cannot simply assume that their data protection policies are fully up to snuff or even rest on their laurels. Instead, they must treat vendor security as an ongoing, habitual process.
As the SEC noted, designing a vendor management program is a great place to start. Then, be sure to implement it. Build security requirements into your initial vendor contracts and make them as specific as possible. Run regular security audits, using questionnaires if necessary to rigorously evaluate your vendor’s security practices. You can also demand system and organization controls (SOC) for any vendor you choose to work with, requiring them to conduct a SOC for cybersecurity audit on an annual basis. Lastly, you and your company should be performing access and security reviews daily, always staying vigilant for unusual activity.
The hard truth is that, in our digital-first world, we all must work a bit harder to stay safe online and protect the integrity of our customers’ data. But by doing so, you will have a more resilient organization and satisfied client base.
In a hot housing market, many buyers have turned to cash offers to get a leg up on the competition. Cash offers are often much more attractive to a seller, and it is not difficult to understand why. Cash can provide a pathway to a faster closing process. It frequently gives sellers more confidence. These offers even waive the requirement of having to conduct an appraisal.
Cash offers can also generate a bit of a confusion. For instance, how does eschewing a lender affect other parts of the closing process like a title search and insurance? Does it eliminate the need for insurance? If not, how and when should a cash buyer pursue title work? In this blog post, we will examine these questions.
Is Title Insurance Necessary for Cash Buyers?
Title insurance is critical for a buyer to have regardless of whether there is a mortgage. Without a title search and resultant policy, no one is looking into who owns the property and what its issue may be. When a buyer obtains a mortgage, a title search is routine. But the contract and the obligation exist only between a lender and the title company – the buyer has no direct protection. If a defect exists, the title company is not duty-bound to fix it; instead, the buyer/owner could be liable for a lien or another defect.
For example, consider a scenario where a home seller has a first mortgage for $100,000. A new buyer has obtained a loan for $125,000, and the property is worth $200,000 (in other words the buyer has invested $75,000 of their money). Meanwhile, there is a second valid but unknown mortgage of $50,000 against the property.
The lender uses this to assert their right to foreclosure and to take the property away. In such a scenario, the title company is required to defend the lender and protect their lien. The same can not be said for their relationship with the buyer. Instead, the buyer/owner must pay the unknown mortgage because they gave warranties of title to their lender.
Failing to do so could trigger a default. The lender, however, will not suffer losses. Under their title policy, there is enough equity to pay the newly discovered $50,000 mortgage and the lender’s debt. Without an insurance policy, the purchaser of the property could lose the title and, ultimately, their equity. They would be forced to pay the $50,000 to maintain ownership.
In each case, the seller is likely liable to the buyer for the $50,000, but when title insurance comes into play, the insurer will not only pay the loss but sue or pursue the seller for recoupment. But when there is no title insurance to speak off, all the costs fall on the buyer if they decide to sue the seller – who may not be able to pay even if the suit is successful. The same situation can develop in the case of a scam. If the seller is a bad actor and does not own the property, a buyer can wind up with nothing if no record search is conducted.
What should be clear from that example is that, for just a nominal cost, title insurance can offer an easy remedy if there is something wrong. More importantly, it allows the buyer to know of any issues before investing money in the property. Title insurance also does not impede the advantages inherent in making a cash offer. As noted, one clear advantage of a cash offer is that it can speed up the closing process. Conducting a thorough title search does not disrupt this accelerated timeline. Typically, title work can be completed in 2-4 days and, depending on what is found, a commitment can be issued shortly afterward.
How and When Should Cash Buyers Procure Title Insurance?
When considering title insurance, an interesting question emerges regarding who gets to select the title insurance provider: broker, buyer or seller? To some extent, who does the referral and who pays for it is a matter of local practice. Typically, the party that pays makes the choice, but not always.
If possible, purchasers should maintain control over the issuer of the insurance. The buyer should want to know everything they can about the title’s status. Additionally, if the insurance provider is selected by the seller, there is the possibility that they may try to show that the title has few to no problems.
When searching for an agency, a buyer or realtor should vet the agency issuing the title commitment and verify that they are in good standing by obtaining that verification from the insurer. There is a universal ID that the American Land Title Association (ALTA) maintains and will verify an agency’s legitimacy. The insurer can also be contacted directly to verify their legitimacy. Phone numbers for the insurer are typically on the commitments or an online verification may be available at the insurer’s website.
During a cash transaction, it is important to obtain a commitment to issue a policy from a reputable title agency or insurer as soon as possible. Receipt should provide an opportunity under the contract for purchase and sale to review and make objections – although there is usually a time limit. However, obtaining it right before closing does not allow time to object to an unacceptable defect.
To Buy or Not to Buy Title Insurance
It is not a requirement under the law that a cash buyer procures title insurance, so they can choose not to obtain it. However, there is no circumstance where skipping title insurance would be a good idea. Plus, with it being a relatively minor investment in the most expensive of jurisdictions, having the security that a thorough title review provides is more than worth the cost. You simply cannot put a price on peace of mind, and having a valid title policy is a great way to protect your all-cash investment.