CFPB cracks down on real estate brokerage to tune of $500,000

Real estate brokerages need to be aware of the risks of writing into the contract a title company with which they have either an Affiliated Business Agreement (ABA) or a Marketing Service Agreement (MSA).

In the past, we have issued warnings on this blog that the Consumer Financial Protection Bureau (CFPB) is looking closely at Marketing Service Agreements.

Well, last month the CFPB came down hard on a major real estate company in Alabama. I strongly recommend any broker that refers a title company with which it has either an ABA or an MSA to carefully read the details (Bureau Orders Alabama Realty Firm to Pay $500,000).

While having an ABA or an MSA is not per se a violation of RESPA, it does require that the real estate company provide a written disclosure that makes it clear to the client that: (1) use of the referred company is not required and (2) the client has the right to shop for services.  

In this scenario, RealtySouth was writing the title company name in the contract. They did provide a disclosure, but the required language was buried and the CFPB found that it "did not properly highlight consumers’ rights."

The key point here is that the consumer was not given the opportunity to choose. I’m sure that most agents reading this are thinking, "I always let my client choose their title company," and those of you who do this deserve to be commended.

But I assure you that the practice of filling in the title company without properly informing the client of their right to shop and choose occurs daily.

Often buyers call or email us for a quote, only to tell us later that, unbeknownst to them, the title company was already written into the contract by the agent.  

According to last month’s ruling, if said title company has an agreement with the real estate company, they may both be subject to a substantial fine. 

In memory of Bonnie

The Federal Title family is deeply saddened after learning of the loss of our dear friend Bonnie Lewin. All of us wish to extend our heartfelt sympathies to Bonnie’s family and her many friends. We will remember her as someone of great character and a devoted advocate of those she served.

How can real estate agents protect against Internet security threats?

Thanks to the Internet, small businesses are better able to compete with their bigger competitors. Most boutique real estate agencies are hip to the importance and value of maintaining a website with an active blog and social network, as are top-producing agents in many of the big brokerages.

A solid Web marketing strategy can be a boon to business of any size, but it can also make a business more vulnerable to cyber attacks if proper precautions are not taken. Two recent security breach incidents – the Heartbleed bug and Internet Explorer security flaw – have prompted me to take a closer look at security for Federal Title's website.

Real estate agents out there who manage their own websites and social networks, may want to do the same. This post highlights a few of the issues I've been dealing with.

What is Heartbleed?

This story broke during the second week of April. For a bit of background, read "Why Heartbleed is the Ultimate Web Nightmare," a nice article from Mashable that explains what's at the crux of the matter: OpenSSL.

In short, OpenSSL makes it possible to send private information between two computers by encrypting the message. It's like passing a note in a cryptex from The Da Vinci Code. Only those with the key can unlock it.

For example, let's say you want to log into Facebook. You enter your private password and press enter. The password is then encrypted as the data is sent to the server at Facebook, where the private information is unlocked so you can log in safely. It's the same thing for making purchases on Amazon or sending email through Google.

Heartbleed is a flaw in OpenSSL that makes it possible for someone else to gain access to that secret, private information by intercepting the key, which is especially bad because about 66% of the Web uses OpenSSL to send encrypted messages.

What's most interesting (and scary) about Heartbleed is that it went undetected for two years, so there's no telling how many people knew about the flaw – and how many bad guys exploited the flaw.

A patch was introduced to eradicate the threat, but as precaution you should change your passwords if you have not done so already. Here is a comprehensive list of Heartbleed-affected websites that advise you to change your password. Among those listed are Facebook, Google, Amazon, GoDaddy, YouTube, Instagram, Wordpress, Dropbox and more.

Why are you still using Internet Explorer?

I've been telling our office for years that IE is the worst. Anyone who develops and/or maintains websites, including our own IT vendors, tends to agree with me. (Read "Why do so many geeks hate Internet Explorer?")

Microsoft's browser is buggy. It doesn't adhere to Web standards – much to the chagrin of developers – which is why websites look great in every other browser and require special code fixes to render properly in IE. And as a news story that broke over the weekend illustrates, Internet Explorer remains susceptible to security breaches.

In case you missed it, IE versions 6 through 11 are affected and users running the no-longer-supported Windows XP are particularly vulnerable because there will be no security patch for them.

The flaw has the federal government on high alert because the bug could potentially give data thieves using a network computer the same level of access as a legit user, and at least 10 percent of federal government computers are running in this vulnerable configuration.

The best way to protect yourself and your business from IE security breaches is to stop using IE!

What is a brute force attack?

"How I became a password cracker" is a pretty interesting blog post from a guy who had never cracked a password before his "experiment" but was able to crack 8,000 passwords in one day. It sheds light on the technical side of how brute force attacks work.

In a brute force attack the hacker typically uses a software tool called a password cracker, which enters usernames and passwords over and over again until it gains access. (This is why you're not supposed to use passwords like "123456," and why it's best to avoid usernames like "admin.")

This threat hit particularly close to home for me a few weeks ago when I received a call from my Web host alerting me to a high number of login attempts – the call sign of a brute force attack. Our content and website were safe because the username and password were strong, but the incident led me to install additional security features on our site.

All websites with login forms are susceptible to brute force attacks, including Wordpress used by many real estate agents. Wordpress is a popular content management system and therefore a common target. Another popular target is the content management system Joomla, which is what I use to run our website.

Both the Wordpress and Joomla communities have developed several methods for preventing brute force attacks beyond the basics of creating a unique username and complicated password. Many of the solutions are free and easy to install so there's really no reason not to install login protection to your website.

5 safety tips for real estate agents

A female real estate agent who was preparing to show a vacant property in New Carrollton, MD was robbed on Monday, according to news reports. It appears the attacker took her purse and some personal items, but the woman will be O.K.

While rare, attacks on real estate agents do happen from time to time and (sadly) women in particular are vulnerable. In light of this recent event, I thought it'd be good to explore the topic and offer some safety tips for real estate agents.

Stranger danger! Verify customer information

In addition to getting your new client's full name and phone number, find out what where he works. Ask for an email address. Ask for multiple telephone numbers. Google is your best friend. While some might consider it creepy to Google an individual before a first date, it's totally acceptable to Google a potential client in the name of personal safety. What's more, you might learn a thing or two about your new client that you can use to help him find the perfect property.

Use the buddy system. Tell someone in your office where you're going

If you're out in the field, let people know. Ideally you shouldn't host public open houses or show vacant property alone. Bring a friend. But since that isn't always practical, at minimum it's a good idea to tell a co-worker and perhaps a personal contact, too, where you're going to be and when you expect to return.

Have new clients meet you in your office or another public place whenever possible. In those situations where you must meet a new client one-on-one, remember Google is your friend. (See the first tip.)

Carry your cell phone and keep it in your hands

Since you've already told your buddy that you will be showing houses or meeting a new client, why not pre-program that contact into your phone in case you need to make a quick call? Bonus points for downloading one of those personal safety apps. Some basic personal safety apps are free while fancier ones cost money. Of course, your phone will be useless in a pocket or purse, so keep it in your hands as much as you can. In the event you have to send a distress call, you can make it quickly and then throw your phone at the perp's face (just kidding).

Familiarize yourself with your surroundings

Take a drive around the neighborhood and keep an eye out for safety concerns. Do a quick Internet search before you go to look up crime reports and other information about the neighborhood. At the property, survey the exits and make sure you're able to get out easily in the event you have to make a quick escape.

Likewise, if you're in a property with your client, make sure you know where he is. Keep your client in sight, ideally in front of you and at a safe distance. Let him enter a room first while you linger by the doorway. You don't have to be weird or obvious about it, but keep your guard up. One of the best ways to avoid a compromising situation is to not allow yourself to get into a vulnerable position where a would-be attacker can take advantage.

Trust your gut

If something doesn't feel right, get out of there. Or don't meet the client one-on-one. It's that simple. Don't discount the lessons taught to us in kindergarten about stranger danger and the buddy system. Take extra steps to ensure your personal safety.

While it's unfortunate to hear about what happened with the female agent at the vacant house in New Carrollton, hopefully her experience will remind others of the inherent dangers of working with the public as a real estate agent. Stay safe out there!

Avoid the DC recapture tax 'surprise'

If you are an agent listing a property for a decedent’s estate/personal representative in DC, help your client and the prospective purchaser avoid a potential big surprise – the real property recapture tax.

DC Office of Tax and Revenue has recently been imposing a recapture tax against properties that were receiving senior citizen tax relief but ineligible due to the property owner’s death – i.e., a change in eligibility.

That is, upon the death of the owner, the personal representative for the estate would be responsible for notifying DC, within 30 days, that the property is no longer eligible for the benefit.

Since it’s unlikely the personal representative is aware of this requirement, the property continues to unjustly receive the benefit until such time as the property is sold.

Once the property is conveyed, DCOTR is notified by DCROD of the change in status and retroactively applies the proper tax status from the date of death through the date of conveyance. This often results in a hefty recapture tax amount then applied against the real property tax account.

As the settlement company, we are being proactive in our efforts to notify DC prior to closing and obtain the recapture tax amount such that it can be handled prior to or at the time of closing.

In some cases, due to timing, this is not possible and the purchasers are left with a recapture tax incurred by the decedent’s estate.

We advise all agents listing a property for a decedent’s estate to be aware of this issue, check the tax status to determine whether it is unjustly receiving the senior citizen tax relief benefit, and make the personal representative aware of the requirement to notify DC of the status change and be prepared to pay a recapture tax.

  • Ways to save at closing

    Title charges are the largest chunk of closing costs and can vary by hundreds of dollars.

    Learn more

  • What are closing costs?

    The real estate closing process involves loan steps, legal steps and title steps.

    Learn more

  • What's title insurance?

    Insure your legal ownership just like you'd insure the building, but for lots cheaper.

    Learn more

Connect with us


Our blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. Rate tables and figures that appear on our blog are deemed reliable but not guaranteed. For current rates & policies, refer to our Quick Quote and Consumer Guide. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on our blog.