FCTR 11.3 Consolidated examples of good and poor practice

FCTR 11.3.1G

1Governance, culture and information sharing

Examples of good practice

Examples of poor practice

A firm’s efforts to counter mortgage fraud are coordinated, and based on consideration of where anti-fraud resources can be allocated to best effect.

A firm fails to report relevant information to the Information From Lenders scheme as per the guidance on IFL referrals.

Senior management engage with mortgage fraud risks and receive sufficient management information about incidents and trends.

A firm fails to define mortgage fraud clearly, undermining efforts to compile statistics related to mortgage fraud trends.

A firm engages in cross-industry efforts to exchange information about fraud risks.

A firm does not allocate responsibility for countering mortgage fraud clearly within the management hierarchy.

A firm engages front-line business areas in anti-mortgage fraud initiatives.

FCTR 11.3.2G

1Applications processing and underwriting

Examples of good practice

Examples of poor practice

A firm’s underwriting process can identify applications that may, based on a thorough assessment of risk flags relevant to the firm, present a higher risk of mortgage fraud.

A firm’s underwriters have a poor understanding of potential fraud indicators, whether through inexperience or poor training.

Underwriters can contact all parties to the application process (customers, brokers, valuers etc.) to clarify aspects of the application.

Underwriters’ demanding work targets undermine efforts to contain mortgage fraud.

The firm verifies that deposit monies for a mortgage transaction are from a legitimate source.

A firm does not allocate responsibility for countering mortgage fraud clearly within the management hierarchy.

New or inexperienced underwriters receive training about mortgage fraud risks, potential risk indicators, and the firm’s approach to tackling the issue.

A firm relying on manual underwriting has no checklists to ensure the application process is complete.

A firm requires underwriters to justify all declined applications to brokers.

FCTR 11.3.3G

1Mortgage fraud prevention, investigations, and recoveries

Examples of good practice

Examples of poor practice

A firm routinely assesses fraud risks during the development of new mortgage products, with particular focus on fraud when it enters new areas of the mortgage market (such as sub-prime or buy-to-let).

A firm’s anti-fraud efforts are uncoordinated and under-resourced.

A firm reviews existing mortgage books to identify fraud indicators.

Fraud investigators lack relevant experience or knowledge of mortgage fraud issues, and have received insufficient training.

Applications that are declined for fraudulent reasons result in a review of pipeline and back book cases where associated fraudulent parties are identified.

A firm’s internal escalation procedures are unclear and leave staff confused about when and how to report their concerns about mortgage fraud.

A firm has planned how counter-fraud resources could be increased in response to future growth in lending volumes, including consideration of the implications for training, recruitment and information technology.

A firm documents the criteria for initiating a fraud investigation.

Seeking consent from the Serious Organised Crime Agency (SOCA) to accept mortgage payments wherever fraud is identified.

FCTR 11.3.4G

1Managing relationships with conveyancers, brokers and valuers

Examples of good practice

Examples of poor practice

A firm has identified third parties they will not deal with, drawing on a range of internal and external information.

A firm’s scrutiny of third parties is a one-off exercise; membership of a panel is not subject to ongoing review.

A third party reinstated to a panel after termination is subject to fresh due diligence checks.

A firm’s panels are too large to be manageable. No work is undertaken to identify dormant third parties.

A firm has planned how counter-fraud resources could be increased in response to future growth in lending volumes, including consideration of the implications for training, recruitment and information technology.

A firm solely relies on the Financial Services Register to check mortgage brokers, while scrutiny of conveyancers only involves a check of public material from the Law Society or Solicitors Regulation Authority.

Where a conveyancer is changed during the processing of an application, lenders contact both the original and new conveyancer to ensure the change is for a legitimate reason.

A firm’s internal escalation procedures are unclear and leave staff confused about when and how to report their concerns about mortgage fraud.

A firm checks whether third parties maintain professional indemnity cover.

A firm has a risk-sensitive process for subjecting property valuations to independent checks.

A firm can detect brokers ‘gaming’ their systems, for example by submitting applications designed to discover the firm’s lending thresholds, or submitting multiple similar applications known to be within the firm’s lending policy.

A firm verifies that funds are dispersed in line with instructions held, particularly where changes to the Certificate of Title occur just before completion.

FCTR 11.3.5G

1Compliance and internal audit

Examples of good practice

Examples of poor practice

A firm has subjected anti-fraud measures to ‘end-to-end’ scrutiny, to assess whether defences are coordinated, rather than solely reviewing adherence to specific procedures in isolation.

A firm’s management of third party relationships is subject to only cursory oversight by compliance and internal audit.

There is a degree of specialist anti-fraud expertise within the compliance and internal audit functions.

Compliance and internal audit staff demonstrate a weak understanding of mortgage fraud risks, because of inexperience or deficient training.

FCTR 11.3.6G

1Staff recruitment and vetting

Examples of good practice

Examples of poor practice

A firm requires staff to disclose conflicts of interest stemming from their relationships with third parties such as brokers or conveyancers.

A firm uses recruitment agencies without understanding the checks they perform on candidates, and without checking whether they continue to meet agreed recruitment standards.

A firm has considered what enhanced vetting methods should be applied to different roles (e.g. credit checks, criminal record checks, CIFAS staff fraud database, etc).

Staff vetting is a one-off exercise.

A firm adopts a risk-sensitive approach to managing adverse information about an employee or new candidate.

Enhanced vetting techniques are applied only to staff in Approved Persons positions.

A firm seeks to identify when a deterioration in employees’ financial circumstances may indicate increased vulnerability to becoming involved in fraud.

A firm’s vetting of temporary or contract staff is less thorough than checks on permanent staff in similar roles.

FCTR 11.3.7G

1Remuneration structures

Examples of good practice

Examples of poor practice

A firm has considered whether remuneration structures could incentivise behaviour that may increase the risk of mortgage fraud.

The variable element of a firm’s remuneration of mortgage salespeople is solely driven by the volume of sales they achieve, with no adjustment for sales quality or other qualitative factors related to compliance.

A firm’s bonuses related to mortgage sales will take account of subsequent fraud losses, whether through an element of deferral or by ‘clawback’ arrangements.

The variable element of salespeople’s remuneration is excessive.

Staff members’ objectives fail to reflect any consideration of mortgage fraud prevention.

FCTR 11.3.8G

1Staff training and awareness

Examples of good practice

Examples of poor practice

A firm’s financial crime training delivers clear messages about mortgage fraud across the organisation, with tailored training for staff closest to the issues.

A firm fails to provide adequate training on mortgage fraud, particularly to staff in higher-risk business areas.

A firm verifies that staff understand training materials, perhaps with a test.

A firm relies on staff reading up on the topic of mortgage fraud on their own initiative, without providing formal training support.

Training is updated to reflect new mortgage fraud trends and types.

A firm fails to ensure mortgage lending policies and procedures are readily accessible to staff.

Mortgage fraud ‘champions’ offer guidance or mentoring to staff.

A firm fails to define mortgage fraud in training documents or policies and procedures.

Training fails to ensure all staff are aware of their responsibilities to report suspicions, and the channels they should use.