INDUSTRY NEWS    

NO, An E&O/Professional Liability policy only covers loss due to damages resulting from the failure to provide professional services, negligence, preventable mistakes, incompetent work, and other professional errors.  If a Title agent suffers a cyber-attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses.

Errors & Omissions covers only the legal costs associated with a lawsuit, including attorney’s fees, court judgments, and, in some cases, settlements. This is considered third-party coverage, i.e., costs brought on by the action of third parties;  clients, vendors, and government agencies. 

This is why nearly every Title agent needs both E&O and Cyber Security Insurance coverages to prevent financial ruin after a cyber-attack.

Cyber Liability policies can also include other kinds of coverage:

• 1.        Media liability, which covers costs stemming from violations of intellectual property, trademarks, and copyrights, as well as slander and libel.
• 2.        Privacy is another common area for cyber liability coverage, though it covers offline data loss, too. In these cases, privacy insurance can cover costs associated with missing physical files, lost laptops, or even sending private information to the wrong e-mail address.
• 3.       Social Engineering Fraud can be covered under two different areas a Crime Policy and/or Cyber Liability Policy.

Cyber Policy vs. Crime Policy

It may seem counterintuitive, but social engineering fraud is not always covered by a crime-policy. Even though this fraud often involves emails and wire transfers, all cyber policies are not designed to cover them either.  As cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.

Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering. 

Cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses.  They cover losses that result from unauthorized data breaches or system failures.

Areas of Risk To Be Aware Of

• 1.        Computer fraud:  This is a loss stemming from the unlawful theft of money due to a “computer violation” or in easier terms – it is the unauthorized entry into or deletion of data from a computer system by a third party. This could include engaging in data mining via spyware and malware or sending computer viruses with the intent to destroy or ruin another party’s computer or system.
• 2.       Funds transfer fraud:  This is a loss that caused by fraudulent instructions to transfer funds made without the insured’s knowledge or consent. This can happen by fraudsters gaining login credentials in order to access protected accounts. 

Tips when shopping for Cyber insurance:

• 1.        Cyber policies are not all the same.  It is important to speak with a broker that knows the Title industry.
• 2.        It is not a good idea to base your decision on price.  Keep in mind, most of the time, the cheaper the coverage, you most likely have less coverage than you may think.
• 3.       Check the policy coverages limits – know what covered and know what is not covered
• 4.       Read the exclusions page:  This spells out what is NOT covered. 

Key Words to Know When Choosing the Correct Coverage:

Network Security: Insurance against cyber-attacks and hacking attacks.

Theft and fraud: Cover destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.

Forensic investigation: Covers the legal, technical, or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack, and to stop an attack.

Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber-event or data loss.

Social Engineering: is the non-technical cyber strategy that relies on tricking people into breaking standard security practices by manipulating victims into performing various actions or providing confidential information. Social engineering fraud (SEF) is a type of fraud that’s become increasingly common over the last several years, with a large majority of this fraud transpiring over email communications.

Cyber extortion and ransomware: Provides coverage for the costs associated with the investigation of threats to commit cyber-attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.

Reputation Insurance: Insurance against reputation attacks and cyber defamation.

Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software, or other information destroyed or damaged as the result of a cyber-attack.

Information Privacy. Covers organizational liabilities arising from actual or alleged non-compliance with any worldwide cyber, information privacy, or identity-related regulation, statute, or the law. For example, this coverage part would cover an organization's legal defense, and ultimate monetary settlement, resulting from a regulatory claim alleging such organization was non-compliant with any covered privacy regulation

Bricking- Bricking refers to a consumer electronic device that has been damaged beyond repair, making it utterly unusable, often because of damaged firmware, malicious or incorrect software. once they are rendered inoperative, they are virtually useless except as a paperweight or a doorstop

Insurance and recovery process: Coverage for business interruption loss under cyber insurance policies is becoming more prescriptive, the language in most insurance policies is still somewhat open ended and subject to competing interpretations.   Most business interruption coverage includes a waiting period of a certain number of hours and a requirement that net profit or loss, charges and expenses be calculated on an hourly basis. It’s important to recognize that cyber insurance policies provide for the recovery of lost net profits and mitigation costs, as well as continuing expenses, such as employee salaries.

The above is provided as informational only from the Cyber Security Committee. It should not and does not represent insurance advice or legal advice. Be sure to consult with your insurance and/or legal team for additional information.

BACK TO INDUSTRY NEWS

Following a public notice and comment period, the Department of State's revised Online Notary Rule will go into effect on February 22, 2022. Here's what the Rule states:

1N-7.005 Online Notary Public and RON Service Provider Required Information.

(1) Online notary public.

(a) Within 30 day of the effective date of this rule, a currently registered online notary public shall provide the Florida Department of State the name of the online notary public’s RON service providers, the effective dates during which the online notary public used each RON service provider, and, if applicable, the name of any secured repositories to which the online notary public may have delegated his or her duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

(b) An individual registering as an online notary public, shall provide this information at the time of his or her registration.

(c) The online notary public shall submit this information on Form Number DS-DOC-50, titled “Online Notary Public: Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at https://dos.myflorida.com/sunbiz/other-services/notaries/notary-forms/ or http://www.flrules.org/Gateway/reference.asp?No=Ref-14032.

(d) An online notary public that changes, adds, or removes a RON service provider or secured repository from the online notary public’s use shall submit to the Department within 30 days of the change an amended Form DS-DOC-50 identifying the online notary public’s updated RON service providers and, if applicable, secured repositories.

(2) RON service provider.

(a) Within 30 day of the effective date of this rule, and annually thereafter, a RON service provider shall provide the Florida Department of State, a self-certification form confirming that its audio-video communication technology and related processes, services software, data storage, or other services provided to online notaries public for the performance of online notarization satisfy the requirements of Chapter 117, F.S., and any rules promulgated by the Florida Department of State pursuant to Section 117.295, F.S.

(b) The RON service provider’s self-certification is effective for a period of 1 year after the date the RON service provider files it with the Department.

(c) If applicable, the RON service provider shall, at the same time it files its self-certification, identify any secure repositories to which the RON service provider may have delegated its duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

(d) The RON service provider shall submit this information on Form Number DS-DOC-51, titled “RON Service Provider: Self-Certification and Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at https://dos.myflorida.com/sunbiz/other-services/notaries/notary-forms/ or http://www.flrules.org/Gateway/reference.asp?No=Ref-14033.

(e) A RON service provider that, pursuant to Section 117.245(4), F.S., delegates its duties to a secured repository after it has already filed its annual certification shall submit to the Department an amended Form DS-DOC-51 within 30 days after making such delegation.

(f) An entity that seeks to begin providing RON service provider functions after the effective date of this rule shall submit the information required by this section prior to providing RON service provider functions.

Rulemaking Authority 117.295 FS. Law Implemented 117.245, 117.295 FS. History–New 2-22-22.

 “Let’s get Physical”

Acknowledging that good Cyber Security starts with addressing any “physical or tangible” information breaches is the best first step toward achieving a higher level of security for your company.  This article will address physical areas that should be considered when looking at the overall Cyber Security health of your organization. 

1.  Vendor Management – When contracting a 3^rd party who will have access to your office and physical client data/NPI, you become responsible for any risks posed by their activities.  These vendors include, but are not limited to: cleaning services, trash/waste services, shredding companies, alarm companies and copier maintenance companies. It is important to have a vetting process in place to get to know your vendor, ensure they meet any regulatory requirements and are protecting your most valuable asset - your reputation. Key elements of your due diligence process should include:

a.  Make sure you are dealing with a licensed and registered business. Get a copy of their business licenses and check it’s standing online.

b. Verify their reviews.

c. Gather information on their general liability insurance, cyber insurance, or insurance specific to their services.

d.  Have them sign a Non-Disclosure Agreement (NDA) and Confidentiality Agreement.

2.  Visitor Protocols

                a.  Know who is in your office and why.

                b.  Have visitors present their credentials, sign visitor log and state the service they will be providing.

                c.  Only allow visitors in the areas needed for their particular function.

                d.  If the visitors are service providers, then make sure you have a privacy protocol in place for them to review, as well as receiving their privacy protocols for your review.          

3.  File Management - In most instances, several people may be working on files simultaneously.  Thus, it is important to have best practices in place to ensure the integrity and privacy of the transaction from start to finish.

                a.  Assure that all computers and laptops are locked or shut down when not in use.

                b.  Lock doors to internal offices, desks & filing cabinets when outside vendors have access to the main office. 

                c.  Never share passwords or use common/same passwords with others, and change passwords frequently.

d.  When files are shared on a network, review shared settings often to determine access privileges.  If access is not needed for an individual, delete or de-activate sharing capabilities.

                e.  Archive files in an encrypted environment when the transaction is completed.

                f.  Physical files should be secured in closed filing cabinet when employees are not physically present.

4.  Clean Desk Policy and Conference Room Protocols - Computer screens and equipment, paper documents (including post-it notes), white boards, and chalk boards are all vulnerable to unauthorized exposure of NPI by anyone who has physical access to the workspace.  Oftentimes it can be impossible to know who accessed the exposed NPI, and what the intentions of the culprit might be.  Making sure employees are aware of the dangers, with the precaution of a clean desk policy, clean screen policy, and conference room protocols can help to prevent these unnecessary breaches.

                a.  Things to consider for a clean desk policy

                                1.  ALLOWED:  Landline phones; laptops and computers; files when actively working on them.

                                2.  PROHIBITED:  iPhones or android phones with the capabilities of taking photos; access cards to the office or building; keys to the office.

                                3.  Implement use of screen blockers for computer screens and personal handheld devices to eliminate “visual hacking.” 

4.  Locking your computer or turning it off when leaving your desk.

5.  Notify management and security immediately upon discovery of lost or stolen items.

                b.  Things to consider for conference room protocols.  Conference rooms are often the place where the most NPI is shared among participants.  Complete purging of all information needs to occur.

                                1.  Clean up any leftover notes or paper left on the table or thrown into the trash can.

                                2.  Erase notes on the white board, if applicable.

                                3.  Check to make sure post-it notes have not been left behind with information written on them.

                                4.  If there is a dedicated computer or laptop make sure it is locked and secured prior to leaving.

                                5.  If meeting is breaking for a period of time and participants are leaving the room, make sure the conference room is secured without access to others, or that any items with confidential information is put away.

5.  People Risk Management -  When people are under financial pressure they can act or do things that are out of character, – taking chances in order to feel financially secure once again. 

a.  Financial stress considerations:

1.  Watch for employees that may be showing signs of abnormal behavior, such as not finishing tasks completely, showing signs of depression, exhibiting lower work quality, demonstrating high agitation with others, asking for pay advances, etc.

                2.  Have resources to direct them to for assistance – do not ignore these symptoms.

                3.  Conduct employment background checks at regular intervals.

 In conclusion, security breaches of NPI or private and sensitive information happen not just in the cyber world, but also in the physical, tangible data environment.  It is important to keep vigilant in your security practices in both realms.  For further information regarding how to protect yourself, your business and your employees, we have included the below articles:

1.  Vendor Management:  Office of Compliance Inspection and Examinations, Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features

2.  Visitor Protocols: Blog: 9 visitor policy basics to keep your business secure

3.  File Management/Access: 6 Simple Ways to Ensure Data Access Governance for File Server

4.  Clean Desk Policy and Conference Room Protocols: List of security templates available from SANS Institute

5.  Forensic Investigation: Blog: What Does a Cyber Forensic Investigation Do and How Much Does it Cost?

Article by the Cyber Security Committee

Back to Industry News.

Washington, D.C., Oct. 13, 2021 — The American Land Title Association (ALTA), the national trade association of the land title insurance industry, announced that the ALTA Registry, the national database of title and settlement agents, added a new feature that allows companies to quickly provide errors and omissions (E&O) policy information to underwriters. 

The new feature allows title and settlement companies to upload their E&O information to the ALTA Registry. Underwriters can then access the data to quickly verify the information. This new tool includes document level automatic scrubbing using Deep Secure by Forcepoint’s malware removal technology and data extraction via AREAL’s artificial intelligence powered document processing technology. 

“The ALTA Registry has evolved into a data clearinghouse for title underwriters, lenders and settlement agents,” said Jack Rattikin III, CEO of Rattikin Title and co-chair of the ALTA Registry Committee. “The Registry provides an optimal way for underwriters to manage oversight of their agents’ E&O data.” 

Nearly 8,800 title agents, settlement companies and real estate attorneys appear in the ALTA Registry. The ALTA Registry allows title insurance agents and settlement companies to communicate with underwriters to confirm their company name and contact information—providing mortgage lenders with a trusted industry online database to identify transaction partners. 

The ALTA Registry also closes an access point for potential malware and drives down oversight costs by improving accuracy and automated data downloads.  

“A secure and neutral data-sharing utility that benefits all title agents and underwriters will be a welcome solution to maintaining current E&O coverage details,” said Eddie Oddo NTP, vice president of Corporate Business Solutions for First American Title Insurance Company and co-chair of the ALTA Registry Committee. “The Registry standardizes the process and eliminates the need for title agents to send E&O information to multiple underwriters, allowing industry professionals to focus on the tasks that drive their business.” 

The ALTA Registry confirms that mortgage lenders are working with the correct title agent, settlement company or real estate attorney. Every title agent office location is identified by a unique ALTA ID, allowing quick verification. Each entry is also fully confirmed by title insurance underwriters. Using the ALTA Registry, mortgage lenders can increase accuracy, reduce production expenses, combat fraud and improve compliance. The ALTA Registry is offered to mortgage companies on a subscription basis. 

Last year, the Registry added an indicator to designate title and settlement companies that can perform remote online notarization (RON) closings. This helps mortgage companies identify closing companies that allow homebuyers to review, sign and notarize documents online.

an article by the Cyber Security Committee

In a world of smart phones, computers, laptops, tablets, Alexa, Siri…. Do you ever wonder if your devices are listening to you? That perhaps your “private” conversations aren’t so “private” after all?

The short answer is “Yes”, these devices have the ability to listen to you and in many cases, they are. Facebook, Google, and Amazon are just a few of the companies that are listening and collecting information, not to mention cybercriminals who are potentially listening in on your smart devices. After all, the device itself may not be recording this information, but once a cybercriminal has access, the fraudster could be recording this information.

As more and more of us continue to work remotely, away from corporate security overlays, it is important for you to think about the conversations you are having while using these types of devices. For example, consider:

1.   Are you discussing sensitive transaction information with a client or customer?

2.   Are you in meetings discussing proprietary company information?

3.  What about the personal conversations you may be having about your health issues or other personal matters?

You may feel safe discussing this kind of information in the privacy of your own home, but always keep in mind that these conversations, and especially the information disclosed, may not be as safe as you think!  So, what can be done?

Here are some security tips to consider to keep your private conversations as safe as you can!

• A.  Turn off microphone access to all third-party apps (such as Facebook) in the Settings on your smartphone:
• o   iPhone: Go to Settings > Facebook (or any other app) > slide the toggle next to the Microphone to the left, so it turns from green to white.
• o   Android:  Go to Settings > Applications > Application Manager > look for Facebook (or any other app) > Permissions > turn off the mic.
• B.  Assume every app is corruptible, and that anything you download can be used against you.
• C.  Never download an app from outside of the App Store.   There are numerous fake app sites that use “click” bait to gain access to your devices.
• D.  Be aware of where your electronic devices are located in your work space.  Remove or isolate them from “hearing” as a precaution when appropriate.
• E.  Turning your cell phone off and then back on (rebooting) at least once a week.  This helps to prevent hackers from accessing personal information. According to the National Security Agency (NSA), this simple weekly action can make personal devices more secure and make it harder for criminals to steal data. Rebooting a phone is a quick and easy way to make it more difficult for these criminals to make you their next victim.

The most important thing to remember is that your personal devices are akin to mini-computers.  Gaining access to them allows the cybercriminals to access a great deal of personal information that can ultimately be used on the black market against you and your employer.  Employing a few safety tips such as the ones mentioned above are easy ways to help safeguard your privacy.

Where are your Secrets being Kept?

Printer Risks/Vulnerabilities

Article by the Cyber Security Committee

Office printers/scanners/fax machines (hereinafter “printers”) are a treasure trove of sensitive data. Because they often come with a web-based interface or an internet connection, they have a huge attack surface, making them easy to hack.

How are printers vulnerable?

• Open External Ports (USB, memory cards, etc.)
• Wi-Fi, Bluetooth and other wireless connections

• Printers have a memory – all items printed, scanned and copied are stored in memory on hard drive of printer

What do hackers want with printer access?

• Access to Non-Public Personal Information and other sensitive information
• Backdoor access to network – printers can become a “hot spot” for others to use your internet access which could compromise your data and slow the speed of your Wi-Fi

What are common methods of attack?

• Criminal sending an image of a file to a company’s printer with Trojan malicious code, which can allow them to capture the content of all images that are printed
• Criminal will change printer configuration to re-route print jobs to outside the company
• Criminal will attack through Wi-Fi by getting the printer to connect to a malicious network and then execute/install harmful code

Steps/suggestions to protect your printers:

• Change the password access to printer regularly
• Consider having all employees have their own long, unique passwords
• Change the printer’s name
• Change the printer’s Wi-Fi password
• Regular updating with security patches and software
• Regularly update and upgrade your printer for latest in security features 
• Consider disabling USB port on the printer
• Turn off all application options that come pre-configured with your printer
• Turn on dual 2-factor authentication, if available
• Turn off “notifications” for proactive maintenance being sent to suppliers (any messaging going outside your company is taking a risk)
• Configure network settings so that the printer can only answer commands that come from specified ports on your network router

• Use a firewall on your printer
• Enable the hard disk setting to encrypt/set to overwrite
• Consider turning off all Wi-Fi or Bluetooth options
• Awareness is key - Recognizing the risk that printers have and making it a priority is crucial in managing and mitigating these threats

 Special considerations to protect your printers AT HOME:

• Shred all sensitive information that you print at home office prior to throwing it away
• Update your driver when prompted 
• If you get rid of a home printer, destroy the hard drive or change the printer settings to make sure that the hard drive is not storing any information
• If using Wi-Fi – make sure you have a secure connection using VPN - Consider hard wiring if possible
• Disable Internet Printing Protocol (IPP) printing and enable Secure IPP printing instead
• Make sure your wireless security is WPA2 or stronger
• Change setting and redirect to https
• Set encryption strength to high

An article from the FLTA Cyber Security Committee

1.  COMMUNICATION WITH CONSUMER:

A.  Initial Phone Call to Consumer in the beginning of the transaction:

2.  COMMUNICATION WITH REALTORS

A.  Speak with Realtors at the beginning of the transaction: How are we communicating with them?

B.  Email discussion with Realtors  

Aaron Davis flew from Tampa, Florida, to Austin, Texas, on Friday — because he wanted to help people affected by the snow and ice storm.

"I just felt incredibly guilty sitting down in Tampa, Florida, in the sunshine watching the rest of the country suffer," Davis, 45, tells PEOPLE. "I've weathered many storms in my life in Florida, the hurricane capital of the world."

During the last Florida hurricane, he bought and delivered generators to people in need. "I just try to step up and do what I can," he says.

A business owner (his company does remote real estate closings), Davis told his staff he was taking a month off to volunteer in Texas. "I felt the need to be feet on the ground in Texas to help out however I could," he says.

Read the complete story on People Magazine.

Through Aaron's work with the Harper, TX Fire Department a GoFundMe account has been created calling for funds to assist the community. Aaron has gone on to say, the need is absolutely real and any amount will be a great help.

GoFundMe Account: Harper Winter Storm Disaster 2021.

Dear fellow members, I would like to start this message by acknowledging the steady leadership and excellent work of our association staff, our Board of Directors (BOD), and everyone who is contributing so significantly with our various committees and working groups.  A quick review of the other sections of this Newsletter will reveal the current efforts and priorities of our Association being powered by our industry’s most dedicated professionals.  Despite the incredible challenges of the current pandemic, I am very grateful and proud that our Association is in a stronger position at this moment, both financially and structurally, than it was before the pandemic hit us around this time last year.  And we have big plans and opportunities to continue our success.  A big focus for this coming month will be our first fully virtual Lobby Days.  Those of you that have participated in past years already know that Lobby Days has become one of the most important and impactful events of our Association as we generate awareness and engagement between FLTA members and key policymakers around current Association legislative priorities and promote the overall benefits that the title insurance and real estate settlement industry provides.  And now this event is open to easier access and more participation by being virtual.  Are you interested in participating?  Get more specific details and register.  Another big focus that I would like to highlight starts with the charitable action of past BOD member, Aaron Davis, who has travelled to Texas to help with the natural disaster caused by their recent storm.  Our Association was inspired by Aaron’s efforts and has contributed $250 to the Harper, TX, Fire Department GoFundMe Account and we encourage any interested members to contribute individually as well.   I know that giving back is an integral part of who we are as individuals, and I am very proud that our Association is evolving in a way that will put formal structure and resources around these efforts.  What started with our BOD decision to donate $20,000 to be split between five Florida area food banks with  increased demands created by Covid-19 and a call to action for our members that was met with so much enthusiasm has now evolved into formal BOD approval to establish an FLTA affiliated Charitable Action Foundation with 501(C)(3) status and a commitment to strengthening the communities where our members live and work.  We envision our foundational philanthropy will not be simply about writing a check.  This new organization will put structure around our ongoing relationships, collaborations, shared missions to serve our communities, and the giving of our time and talents to specific need driven challenges as well as the broader long-term goals.   Our Foundation will heighten our Association’s identity internally and externally. The scientific research, and the development and rollout of vaccines gives us hope that the dark and isolating days of this pandemic are numbered.  And in its wake, we will have an opportunity to connect in ways both old and new in order to advance the interests of our title insurance and real estate settlement industry in Florida and to serve our communities better than we have before. I hope this newsletter contains information that is helpful for you and that you are also proud and engaged in our Association.  Your ideas, comments and questions are always welcome!  I can be reached at lprescott@firstam.com. Respectfully, Len Prescott, 2020-2021 President

Wells Fargo Settlement Agent Communications
News for Wells Fargo Settlement Agents	January 21, 2021

 

This newsletter edition contains a combination of both new and updated information, along with a few reminders worth repeating. Closing process updates Continuous process improvement is an important part of our business to enhance the customer experience, while improving efficiency and quality. Following are several examples of process improvements you will begin to notice in our closing process as these changes are implemented in phases over the coming months: Delivery of the borrower Closing Disclosure (CD) to our customer earlier, at a more consistent point in the loan process. System changes will trigger the initial Closing Prep Package delivery and notify the closer to initiate the CD collaboration when pre-requisite loan processing actions have been completed. As soon as the CD collaboration with the settlement agent is successfully completed, the CD will be delivered to the customer. Settlement agents should see earlier requests to initiate CD collaboration, and fewer rush requests. Auto-populated email templates for use by closers to communicate critical loan information to settlement agents nationally. Email templates for consistent communication of required loan information will be used by all closing teams. Manual data entry is eliminated. Settlement agents should see increased consistency and accuracy in these communications for all loans. Note: Managed vendors should continue to follow defined communication processes. Consistent and timely notification of transaction changes. System changes will notify the closer when there is a change in the transaction that impacts the CD, loan documents, or any other aspect of the loan closing. This will reduce potential delays for closers to be notified of or detect changes. Settlement agents should see a reduction in last minute change notifications. Improvements to enable a more timely delivery of the loan documents for closing. The closer's ability to release loan documents is sometimes blocked by deferred approval conditions, expiring documents, etc. Process changes will prevent loans that are not clear to close from being prematurely scheduled for closing, and will increase oversight of loan document delivery timing. Settlement agents will see improvement in the timing between scheduling and delivery of loan documents, and fewer closings needing to be rescheduled due to delayed loan documents. Title order response timing Fast receipt of the title commitment* is important to expedite the loan process for on-time closings. Wells Fargo's expectation for return of the title commitment is within 5 business days after the title order is placed. For title commitments not received within this timeframe, our follow up process has been enhanced to include the following: Follow up emails are generated from WellsFargoTitleOrder@wellsfargo.com for all title commitments not received within 5 business days following the order date. Follow up emails will also include other outstanding title-related documentation, such as the closing protection letter, where applicable. Emails are now sent twice weekly, on Tuesdays and Thursdays. All outstanding documents for the same settlement agent location will be batched into a single email. This reduces the number of follow up emails being sent to your company or firm. If the outstanding documents have not been received after 2 follow up attempts, a representative from the Title Order team will contact you by phone. These contacts will repeat every 3 days until the documents are received. Documents should be delivered to WellsFargoTitleOrder@wellsfargo.com. Managed vendors should continue to follow defined processes for delivery of these documents through the Black Knight Exchange. For new construction transactions, the title order timing is aligned to the targeted date for construction completion and closing, but once the order has been placed the same timing expectations and follow up process will be applied. While most title commitments can be reviewed and cleared quickly upon receipt, unexpected title issues can quickly derail a closing when they are detected late in the process. We appreciate your focus on title commitment turn times, and hope that the information in the follow up reports is helpful to you. *For Iowa properties, this same follow up process applies to Iowa Title Guaranty orders. COVID-19 related reminders Thank you for the innovative options provided for customers to continue to close their loans as safely as possible. Please continue to ensure that anyone who comes in contact with a Wells Fargo customer for closing — including notary signing agents you engage to meet with customers outside of your office — wears a mask and takes all applicable precautions to protect customers and colleagues. Please also continue to protect our customers' rights to protect the privacy of their health information. Note that Wells Fargo cannot accept or retain any personal health information in our loan file, including any health questionnaires. If we become aware that a customer is not able or willing to proceed with a closing due to health concerns, we will not request an explanation. While the frequency of recording delays has been reduced, we continue to see examples due to a county recorder office that is closed or with reduced capacity related to COVID-19. When this occurs, Wells Fargo will allow the loan to close subject to the following: Title insurance gap coverage effective from the date of consummation (the date the Note is signed) to the date of recording. Gap coverage that does not take effect until the date of recording will not be accepted. There can be no exceptions to coverage in Schedule B pertaining to COVID-19 or the county recorder closing/delay. If the commitment includes an exception requiring the borrower to sign an indemnification agreement, an updated title commitment or other documentation evidencing that this has been satisfied will be required. Wells Fargo will not sign any indemnification agreement required by the title agent or title underwriter as a condition for closing and/or title insurance. These conditions impact legal, compliance, and investor requirements and will not be signed. Please consult with your title underwriter as needed if you are unable to meet these requirements. A final important reminder is that Wells Fargo does not allow loan closing documents to be signed electronically or remotely notarized outside of limited RIN and RON LPOA processes implemented through specific, managed vendors. State-specific update: Florida reduced mortgage and/or intangible tax The State of Florida - Department of Revenue allows for reduced mortgage tax and/or reduced intangible tax on some refinance transactions. To qualify for the reduced tax, a specific Renewal, Extension and Modification Agreement (REMA) and process to modify the original lien is required. Wells Fargo policy and process does not support executing this REMA process for our refinance transactions, and therefore requires the Florida tax to be calculated on the entire loan amount and disclosed accordingly in our borrower CD. We have experienced some examples where settlement agents are attempting to apply the reduced tax to refinance transactions outside of the REMA process. This may be happening due to differing legal opinions on the Florida law, or for other reasons. In any case, this is not allowed on a Wells Fargo transaction. We appreciate your cooperation to adhere to our instructions on this matter for Florida refinance transactions. IRS Form 1099-NEC Wells Fargo is required to send Form 1099 to a business that is paid by Wells Fargo for services performed, or for known compensation paid to a business. For settlement agents who closed Wells Fargo loans, Wells Fargo wired loan proceeds to your business, and some of these loan proceeds paid for title and/or closing services performed. Form 1099-NEC is required when Wells Fargo is acting as a "middleman", making payments of income for services on behalf of someone - in this case, the borrower. This reporting is required because Wells Fargo directly provided payment to your business and has oversight or management of the payment, or has a significant economic interest in the payment being made. Please reference the Middleman Regulations under IRS Regulation Section 1.6041-1(e), "Payments made on behalf of another person". Applicable 1099-NEC statements for 2020 activity will be mailed on or before January 31, 2021. The Form 1099-NEC provided by Wells Fargo includes fees paid to your business for loan closing services provided during 2020. Wells Fargo referenced the final Closing Disclosure(s) from applicable transactions to determine the amount(s) paid to your business for these services. Reported income was aggregated by Tax ID Number for all Wells Fargo loans closed and funded in 2020. The 1099-NEC is issued using information contained in the W-9 that was provided to Wells Fargo for your business. Form 1099-NEC can be used as a supplemental document to your accounting books and records. Wells Fargo cannot provide tax advice, so please consult your tax advisor if you have questions. If you or your tax advisor require additional information, please send a written request to us at wellsfargosettlementagent1099inquiries@wellsfargo.com with a detailed description of the information being requested. Consumer financial protection notice Consumer financial protection laws and regulations may apply when you have direct or indirect contact with a consumer related to a financial product or service. The following information may be useful to you as a resource to identify the federal consumer financial laws and regulations that are applicable to the services you provide to Wells Fargo customers when you act as the settlement agent. This is not an all-inclusive list of laws and regulations that your business is subject to, so please consult with your compliance officer or legal advisor with any questions you may have. We appreciate the importance that you place on consumer protection for our mutual customers. Regulation Subject Reference Information Americans with Disabilities Act, Title III ADA; Availability of programs, products and services 28 CFR Part 36 Subpart C 36.303; 28 CFR Part 36 Subpart C 36.302 Equal Credit Opportunity Act Fair Lending 12 CFR 1002.4; 24 CFR 100, Subparts B-H Fair Credit Reporting Act/Fair and Accurate Credit Transactions Act Duties regarding detection, prevention and mitigation of Identity Theft, including indication of Fraud and/or Active Military Duty FCR 605A; 12 CFR 222.90 or 12 CFR 41.90; Section 615(e ); 15 U.S.C. 1681m(e ) Financial Elder Abuse Reporting Elder Financial Abuse 12 USC 3423(a)(2); 12 USC 3423(b)(1); 12 USC 3423(b)(2)(A)-(C ) Real Estate Settlement Procedures Act Prohibition against Kickbacks and Unearned Fees and Required use of Title Company 12 CFR 1024.14; 12 CFR 1024.16 Privacy of Consumer Financial Information — Restrictions on Disclosing Non-Public Information Under GLBA Restrictions on Sharing, Receiving, or Reusing Information 12 CFR 1016.11, CFTC Rules 160.11, Reg S-P 248.11, 12 CFR 1016.12, 12 CFTC Rules - 17 CFR 160.12 Reg S-P Rules - 17 CFR 248.12(d) Telephone Consumer Protection Act (Privacy) Fax Identifying Information 47 C.F.R. § 68.318(d) Truth in Lending (Regulation Z) Disclosures - Consummation 12 C.F.R. §1026.38; 12 C.F.R. §1026.27; 12 C.F.R. §1026.22; 12 C.F.R. §1026.14; 12 C.F.R. §1026.17 and 18; 12 C.F.R. §1026.19; 12 C.F.R. §1026.5 and 6; 12 C.F.R. §1026.4 Truth in Lending (Regulation Z) Record Retention (Regulation Z) 12 C.F.R. §1026.25 Truth in Lending (Regulation Z) Rescission 12 C.F.R. §1026.23; 12 C.F.R. §1026.15 Unfair, Deceptive (or Abusive) Acts or Practices - Consumer Transactions PRICE: Appropriate Pricing 16 C.F.R. §433; 16 C.F.R. §444; 15 U.S.C. §45(a) and 45(n); Dodd Frank Act 12 USC §5536; Dodd Frank Act 12 USC §5531 Unfair, Deceptive (or Abusive) Acts or Practices - Consumer Transactions PLACE: Responsible Sales Methods & Appropriate Channels 16 C.F.R. §433; 16 C.F.R. §444; 15 USC § 45(a) and 45(n); Dodd Frank Act 12 USC §5536; Dodd Frank Act 12 USC §5531 Unfair, Deceptive (or Abusive) Acts or Practices - Consumer Transactions PROCESS: Responsible Servicing/Decision Making 16 C.F.R. §433; 16 C.F.R. §444; 15 USC §45(a) and 45(n); Dodd Frank Act 12 USC §5536; Dodd Frank Act 12 USC §5531   Thank you for your time to review this important information. Please share this with your staff and management teams. To request copies of any past newsletter editions, subscribe to future editions, or to provide suggestions, questions and comments please write to us at: WellsFargoSettlementAgentCommunications@wellsfargo.com. We appreciate your partnership and the service you provide to our customers, and wish you a safe and successful year ahead. Regards, Wells Fargo & Company