DSNews delivers stories, ideas, links, companies, people, events, and videos impacting the mortgage default servicing industry.
Issue link: http://digital.dsnews.com/i/1175156
» VISIT US ONLINE @ DSNEWS.COM 15 WHAT ARE SOME OF THE WAYS THAT ADVANCING TECHNOLOGY IS CHANGING HOW LEGAL PROFESSIONALS INTERACT WITH SERVICERS ABOUT THEIR PARTIES THAT ARE INVOLVED IN DEFAULT SPACE? ere's a lot of change going on in the IT world and how compliance interacts with that—disaster recovery, business continuity issues, data breach, cybersecurity issues. ey are all huge issues and their impact is growing every day. e fraudsters get better and better at everything they do, and so we must be vigilant on those issues. AI is something that law firms are finally starting to explore, and I think the technology is finally catching up with a lot of AI possibili- ties. Many of us are looking at artificial intel- ligence projects wrapped around military and bankruptcy searches—how the name searches are structured, and what kind of intelligence we can use to do those searches. We can also use AI to automate processing of new referrals. In a lot of ways, many of these more mundane processes in our industry, and law practice in general, are going to be replaced by artificial intelligence in the coming years. WHAT ARE SOME OF THE WAYS THAT A LAW FIRM HAS TO TRY TO STAY AHEAD OF FRAUD? e most dangerous element in cybersecurity and fraud is the human interaction. Your weakest link is your weakest employee. e actual technology piece of cybersecurity is now widely available and is good, by and large, within most organizations. It comes down to the training of your people. If you look at the big frauds that are being committed, that's where they're coming from. ey're doing targeted fishing to get at your weakest link, and most often that is a company's staff. It is a constant struggle to train your staff and keep them one step ahead of the fraud- sters. It is not always easy, that's for sure. e other critical piece is data-retention on cybersecurity and data breach issues. Law- yers, traditionally, have been of the theory that they're going to retain all records forever. ere's obviously a direct business storage cost involved, although it's less so now because you don't have as much paper, but there is a cost, often tens or hundreds of thousands of dollars, for long-term server storage space. However, the biggest issue you're going to see come about in the next couple years is a push by the major servicers to encourage or mandate data destruction. What they're looking for is a way to limit the overall quantity of data that is compromised in the event of a breach. e way the world works now, everybody is going to be breached at some point in time. It's not a matter of if, it's a matter of when. A critical review of how you control those issues, reduce your costs, and reduce your liability risk is so important to all of us. I would suggest that one of the primary ways to limit risk and thereby reduce potential liability is by elimi- nating PII as soon as it is not needed. My prediction is that, over the coming years, you will see more clients adopt a required destruction period. You will also see the cyber- insurance underwriters make the same type of recommendations. Because, as companies re- new their cyber-insurance, they will start to see questions about how many data elements they actually have in their possession that are subject to potential breach. ey will want to know how long the company retains them. e more private data elements the company has, the greater the risk. at will become super critical to the premium the company is going to pay. People in the credit card collections area have seen more of these data security issues because their PII tends to be more sensitive in nature because it's comprised of credit card numbers and other more recent and actionable data for a fraudster. You get ahold of those ele- ments, and you can use them much more effec- tively than mortgage related data. Of course, you could still use a social security number, but it's not quite as easy as it is to use a credit card number to commit fraud. If the fraudster gets a loan number on a first mortgage, they can use it, but again, it's not as risky. Our firm also runs a collections practice, and on that piece, we're seeing compliance and audit review ramp up to make sure that we consolidate that data and keep it in as secure a vault as possible. FROM A COMPLIANCE STANDPOINT, WHAT DATA DO YOU NEED TO KEEP? AND WHAT DATA CAN YOU DESTROY? Every client has different contractual requirements, and you must go and read in detail what their specific requirements are. You are obligated to follow their rules by contract. Also, some clients may be on a specific litigation hold. en you obviously have tax requirements—the IRS, for example, generally requires you to keep certain things for seven years. Employment records might be required to be retained for a year or two. It depends what state you're in, how big of an employer you are; all those items factor into what kind of data you have to retain. Finally, as attorneys we all have record retention requirements placed upon us by the various state bar associations. e real question is, what do you do when all those periods pass? Are you, as a law firm, properly categorizing your data? e day after the need to retain it expires, what are you do- ing with it? We're focusing heavily on how we deal with it. GET YOUR DAILY DOSE OF DEFAULT SERVICING NEWS Start your day with the most current and critical news on the mortgage default servicing industry from DSNews.com. Sign up for our e-mail newsletter and get the top stories delivered direct to your inbox every day. Register to receive your Daily Dose at DSNews.com GET YOUR DAILY DOSE OF DEFAULT SERVICING NEWS Start your day with the most current and critical news on the mortgage default servicing industry from DSNews.com. Sign up for our email newsletter and get the top stories delivered direct to your inbox every day. Register to receive your Daily Dose at DSNews.com