Correspondent Lending

Be Aware of Cyber Risks in the Loan Process

Woman working on a computer

Just like any process that incorporates new technologies, the lending process has evolved. New digital solutions have helped make serving your clients easier, but they also come with a new set of priorities and concerns.

Cyber risks are common in many industries, but the lending world is especially prone to attacks due to the amount of data that gets shared between you and your clients. Follow these best practices to help safeguard you and your clients.

Tips for addressing common challenges

You’ve likely heard some common cybersecurity and fraud buzzwords, such as phishing, wire fraud, or malware attacks. Even if you have security precautions in place as part of your daily operations, it’s worth knowing some common best practices that you can quickly implement on your own to ensure you are best serving your clients.

  • Verify requests: Regardless of how many security systems you have in place, simply opening an attachment from a fraudulent email can put your entire network at risk. Whether it is seemingly from a prospective client or an internal memo, be sure to take a close look and verify the source of every piece of digital communication.

91 percent of cyber attacks start with a phishing email1

  • Know your clients: Relationships are key, and in addition to following the necessary protocols that are in place, such as the CIP (customer identification program), you should also trust your general intuition. If something seems out of place, such as unexpected requests for access to an existing account, it may be a fraudster trying to acquire sensitive information. Make sure you give all correspondence a closer look.
  • Keep your database current: Your clients will communicate and share information in a variety of ways, from hand-signed paperwork to email to mobile deposits to receiving information and documents on multiple devices. Make sure you are familiar with the devices your clients rely on so you can better judge whether activity is legitimate. For example, if your client is not one to email, and you receive an email in your correspondence, then take extra steps to verify they are who they claim to be. This verification can be as easy as having a conversation and being in the know about your client’s behaviors and preferred communication channels.

Fraudulent attempts evolve as technology changes. For example, Internet of Things (IoT) attacks increased 600% between 2016 and 2017.2 While IT and security departments are often responsible for making sure systems and software are up-to-date, it’s up to you to monitor client communications and ask the right questions.

After all, clients would likely rather understand the risks and go through updated protocols—even if it takes some time and effort—rather than have their data put at risk.

Find out how the SunTrust Correspondent Lending team can help you better be prepared to serve your clients.

1 “Cyber Security Statistics for 2019,” March 2019, Cyber Defense magazine

2 “As IoT attacks increase 600% in one year, businesses need to up their security,” March 2018, techRepublic

This content does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.