Episode 10: Navigating the complexities of risk management on Wall Street

Show Notes

Join host Ravi Madavaram from Regulo in this captivating episode of the Fraud Technology Podcast as he delves into the world of financial fraud with Tremayne Carr - Head of Credit Risk and Fraud at Mocafi. From subprime auto to fintech giants, Carr's journey unfolds, revealing insights into the dynamic landscapes of credit risk, fraud prevention, and quality control. Discover the secrets behind spotting synthetic fraud, leveraging biometrics, and staying ahead of emerging threats as Carr shares his firsthand experiences and strategies for combating fraud in the digital age. Get ready to uncover the hidden stories behind the scenes of financial security with Carr Chronicles.

Transcript

0:00

Welcome back to listeners. Welcome to the fraud technology podcast. Today we have Tremaine Kerr. He has almost like two decades of experience in the financial institutions from the East coast, as well as the West coast. And I have the pleasure of talking to him today. Tremaine welcome. Hey Ravi, how you doing? Thanks for having me. I greatly appreciate you reaching out and I'm excited about this conversation we're about to have here. Yes. We love to have you here as well. Tremaine, you've worked in a lot of, a lot of companies. We'd love to know a little bit about your journey and probably some highlights of your career as well. Yeah, sure. I started this long journey of credit risk and fraud actually in the subprime auto space many, many years ago. And then from there. Branched out into what I would consider my first love, which is the mortgage industry. That's where I really got a lot of my knowledge from. And I really, really enjoy the mortgage industry. Like I said, it's my first love. But then I moved on from there, kind of doing some of the things on Wall Street as far as related to mortgages, which is RMBS securitizations for a lot of the Wall Street firms. Made it through the mortgage crisis. Thank goodness. And ventured over to Morgan Stanley, where I was part of the warehouse lending facility. So that's basically, for lack of a better term, a large balance credit card for all of the fintech industry. And so that's why I got the chance to understand the fintech industry, whether it was SoFi, Lending Club, Prosper, Avant, Chime, Biro, you name it. And from there, SoFi recruited me from Morgan Stanley. That began my fintech journey. So I also noticed that we moved from the East to the West. And I mean, we have heard a lot of stories about how the regions are different. And I also see that you worked for predominantly banks when you were in the East and fintechs in the West, right? So how has your experience been, especially working for large banks versus fintechs itself? Yeah, it was a hard adjustment for me to go from first from the West Coast to the East Coast from New York to San Francisco. When I tell folks that are thinking about moving, making that same transition is New York is a nighttime city. San Francisco is a daytime city. Oh, wow. So if you are a person who loves to go out, hang out at bars and do the happy hours, then San Francisco is going to be an adjustment for you, which was adjustment for me. But if you're a daytime person, you get up early, you go for runs, bikes. Go for swims, go hiking, do all those things. Then San Francisco is the perfect place for you. But since I've been here now almost seven years, San Francisco is home, bought a house, and it's where I want to be. I can't see myself moving back to New York, although I do miss it. And I do visit regularly. And to answer your question regarding the transition from banks to FinTechs and startups, for me, it wasn't a huge adjustment. I understand how some folks it is, but for me, I like to be innovative. I like to do. wear multiple hats. So the box that traditional banks put you in didn't suit me. And I didn't know that until I joined SoFi and realized that I was able to wear multiple hats. I was able to do different things. I was able to collaborate across the organization with Every single department, because for the most part, risk compliance, maybe legal are the only ones that really collaborate across the entire platform across their entire organization. So, me being part of risk, I was able to be a part of marketing product, legal compliance. Whatever the case was, I was able to be in those conversations. So that was something that I really enjoyed. And then as a startup, you have your hand, not only do you have your hands and all and everything, you're also building a lot of the processes from the ground up. And so that's good to see that you're making a difference and see that day one, when you started what you had versus five years later, four years later, and you see where the companies was. where your group was versus where it is and how much you've had an impact. And so I enjoy that. And so now that's pretty much all I look for in opportunities is a place to build processes from the ground up and have those foundational things put in place because of me. I understand. One thing that I also want to especially understand also is, so with the recent story of SVB and how their risk management was not a hundred percent there, right? There has been questions around while the Silicon Valley focus on growth. And that may sometimes tilt the balance between growth and risk. So I wanted to understand what are your thoughts is growth because evaluation is the most important thing for Silicon Valley related companies. Right. So I wanted to understand your thoughts on how the balance is, is that really different or how you see that? Yeah, I still think risk is part of growth. I think some people who don't think risk is part of growth probably don't understand the full picture of risk. So I think there's certain types of risks that you want to take. as a company. And I think there's other parts that you kind of want to stay away from. And I think risk is different in every economic environment. I don't think you want to be that risky in this particular economic environment, but pre pandemic, I think there's always going to be a wider aperture for letting folks in and having that a larger risk appetite than it is today. And so I think those are some of the key things that you want to keep in mind when You're building credit products when you're building your credit risk models and you're calibrating your engines. Hmm. Okay. And I also see in your profile, when I went through that, you talk about quality control and I guess some of your roles have been in quality control as well. But you also talk about risk teams doing quality control. I mean, I was like, I actually intrigued with that thought process itself and have not heard that thought process before. And so I want to understand how you view quality control as well as risk or fraud teams. Yeah. So again, I think that comes back to my time at mortgage companies. So when mortgage companies originate alone, right, it goes through risk. It goes through the different groups, but that's not the end of that loan, right? When it's closed, they have what's called post closing quality control or this quality control is at the end of the loan closing quality assurances at the beginning before the loan closes. Right. So these two different processes. Allow for you to review the loan before it's closed to make sure all the guidelines were adhered to before it closes. And then at the end, you do another sample to make sure the loan was approved according to those same guidelines and policies and procedures. Right? What you're achieving is, if you're doing a. 10 to 15 percent sample in the beginning. You're making sure that everything, all your I's were dotted and T's were crossed a good loan is going through. If it's not, you're stopping it right there. You're sending it back to whatever department you need to, to get those things fixed before it closes. Right. Or we found fraud and now it shouldn't close. Right? So you've saved the company money. Then on the back end, you're reviewing that same 10 or 15%, but a different segment. On the back end, you're doing one or two things, right? You're making sure that the people on the front are doing their job, and you use it for OKRs, metrics, whatever. You're also checking for false positives. In the process, and you're calibrating any tools or any policies and procedures you need. But then you're also making sure that that loan is a sellable loan at the end of the day. Right? So a lot of the fintechs today still sell loans, still securitize loans, right? They still sell their personal loans, their student loans, their credit card debts, all those things. So they still need to make. Not only good loans that make them profitable, but they also need to make sure that those loans are sellable on the secondary market. So I still think a lot of companies should be doing this, right? You should be having some sort of quality control in the front and some quality assurance, some quality assurance in the front, excuse me, and some quality control in the back end. So I implemented that at SoFi and I was responsible for the first mortgage securitization there. And all of the portfolios for their personal loans and student loans were good sales because we implemented this process. So what would a quality control team do? So let's say you have issued a personal loan. And then what does the quality control team do post that? They basically re underwrite the loan. Ah, okay. So if it's a personal loan, right, you're going to look at that personal loan and say, did Ravi have? The right FICO score for the particular loan amount, the particular program, the particular interest rate that he was approved for. Okay, he had 700, 720, whatever it is. Ravi's income was 100, 000. How is that verified? Is that accurate or not? Was there anything on the credit that needed to be reviewed? This is a credit report. have any collections that it's simply got through all those different things. They would re underwrite and say this loan passed or no, this was missed. And this probably should not have been a loan. We closed, or it shouldn't have been a tier one. It should have been a tier two. And then they write up what the difference in the tiers are and how much that loan cost. And is it still sellable or not? Because now it might not be sellable. You probably can't sell it as an A loan, but you can sell it as a B loan, which there's a price difference between the two. Okay. I understand. So all these checks are already done when you're already giving the original loan, when you're closing the original loan, but you're double checking the same information. And when you're doing that, are you getting extra information from the customer or any other system or you're just using the same product? At POST, you're never reaching out to the customer, you're just basically going on the information that you have at the time in the file, any notes that may be in your system, wherever they are, and you're going from that. Now, if it's pre closing, you're doing the same underwrite, but then you send it back to the person who did the initial, and you're having them either gather any other documentation they need, or you're telling them this loan shouldn't close and here's why. Okay, got it. So the main purpose of that quality control process is essentially to resell the loan portfolio. It's the checks and balances in the beginning. It's a check and balances for whomever is responsible in the beginning. It's a checks and balances for whoever's responsible in the beginning, but also throughout the process. Okay. I understand. And when you're doing this, you are going to be doing all the loans or a sample of the loans. Yeah. What you want to do is you want to take a sample and how you take the sample is, let's say you want to do. 15 percent sample. You're going to do 5 percent random, 5 percent targeted, and the other 5 percent is what we'd call a discretionary, right? So you would put loan numbers in an Excel and do the random calculator for 5%. The targeted would be, let's say you have a person who's underperforming. Who last month you caught three loans or three, whatever underwriting that shouldn't have closed. And you want to target that person or you want to target a specific group or a specific team. And then you, that would be the targeted approach. And then the random and discretionary is another 5%. This is like a mix between targeted and random. Okay. I understand. So now the other topic that I also wanted to understand a little bit on is. You started with quality control a little bit and then went into credit risk, especially. Then you started doing more on fraud as well. So can I understand what are the similarities between these two functions that you're doing? Most of the companies that I've seen, fraud seems to be a separate department, whereas you seem to be handling both together. Yeah. So I think credit risk is a large umbrella with a lot of things under it, right? Whether it's actual credit risk, whether it's fraud, whether it's quality control, whether it's third party risk vendor management, it's a wide umbrella. And so I think how I was able to have the experience of all these different touch points with underneath the credit risk umbrella is that again, in the mortgage industry, I try to explain to folks, it's like, if you're a mortgage underwriter, you can underwrite anything because mortgage underwriting is. It's harder than personal loan underwriting, auto underwriting, credit card underwriting. If you're a mortgage underwriter or commercial loans underwriter, you can underwrite anything. So as a mortgage underwriter, where I started, you see it all. You have the skills to identify red flags for fraud. You understand quality assurance. You understand quality control. You understand credit risk. You know what your guidelines are going to be. So you know that I can't approve someone. Below a 750 FICO score. I know how to calculate income. I know how to calculate DTI. I know how to look at tax returns, complicated tax returns, business tax returns, trust income, royalties, income, any type of income you name, I can underwrite it and I can give you a monthly or annual salary on that. So it was easy for me to transition to say, Oh, you want me to just to do. X, Y, or Z, this is easy, I can do that. Oh, and by the way, guess what? I'm underwriting this, but I'm noticing these red flags, and this is potential fraud. And they would say, well, just send it to the fraud team. And I would send it to them, and they'd be like, oh, thanks for catching this. A lot of underwriters couldn't do this. Or, Tremaine, we did a 10 percent sample of your production for the month. All of them came back great. No issues. Right. And so throughout my career, every place I've worked, I've been able to just incorporate all three of those. And so when I came to fintech, I was like, you guys don't do this. Oh, well, let's do it. Here you go. This is how we do it. And this is what we should do. And I just somehow became the subject matter expert in implementing these particular procedures in various companies. And they've always Stayed under me under one umbrella. Understand. So you talked about mortgage and how you do pretty much everything when you're doing mortgage. So I also understand, and mortgage typically is a higher ticket size also typically longer cycle to close a mortgage load, whereas a FinTech would expect things to be. A lot more faster or a personal loan, for example, need to be approved a lot more faster time becoming your challenge, right? So how do you, because one is a manual process, mortgage definitely has to be a manual process, whereas Fintechs prefer to be more automation. So how do you see this? How do you balance this? Where should you go towards automation and where can you go? Do you definitely need? When you're thinking about personal loans, student loans, that's a fast, that's the same day close, right? That's same day approval, same day get through the process, maybe second day funding of that, or first day funding, it just depends. And for those particular products, automation is way ahead of, The mortgage industry. So you have all these different tools today that can automatically underwrite the income, give you what the actual income is, have people log into different solutions to determine what the income is, and then calculate it for them, right? It's easy. And that's great. There are those cases though. In all vectors that there's a 3 to 5 percent manual review process, right? I don't think I've ever been any place that there wasn't some sort of manual review process. So for those particular cases, you're going to need someone with the experience to at least look at that and be able to calculate an income or to verify employment, to verify some red flags to clear those red flags. I should say, well, yes, it's a lot of automation these days, which I enjoy and I embrace. I implement them everywhere I go, those different automations. I still think you're going to need, there is some sort of human element that's, there's going to need to be involved at some point in the process. So when you have that human involvement, then guess what? You're going to need them to have that experience. I would say that I think in an ideal world, a lot of these fintechs would love to have three to 5 percent manual review process, but in reality, some of them have manual review processes are greater than 10%. So I think you need the staff to be able to handle that. I understand. So one of the things that I keep hearing when I'm talking to practitioners in the industry is something around synthetic fraud where somebody creates a stitching of different information and creates an identity and then gets a loan, right? So how do you handle this? Or is this something that you've encountered? And if you do, how do you handle something like this? Synthetic fraud ebbs and flows. I think technology is getting really good at catching it now. And so people have to be a little bit more creative in their synthetic fraud, but you're right. It is an issue. I think it will always be an issue and people will always attempt synthetic fraud. So I think it's more of a problem for the subprime or the near prime. Fintechs, because a person who's trying to commit synthetic fraud, they don't start at the prime lenders, right? They start at the bottom. They start at, I don't want to name any fintechs, but they start at the bottom, the ones that are subprime or geared towards subprime, the unbanked, underbanked communities, right, to get a 200, 300 secure credit card. Or the bank account, and then as they create the synthetic persona online right now, they've had this secure credit card for a year. Now you start getting offers for real credit cards. It's okay. 1000 here and they keep going up the ladder until they become. Now they've had this persona for five years and they look like they're legitimate and now they go for the other, the prime lenders. And so technology is able to kind of see through some of that. Like, if you are a 45 year old, your credit only goes back five years, then that's a red flag. Right. But if you're 18 or if you're 21 or 25, then not so much. Right. Because. But again, technology says, well, this date of birth was issued. I mean, this social security was issued in whatever year, and it's a couple of years after your date of birth, which doesn't make sense because now social securities are issued at birth. And so there's a lot of things to catch synthetic fraud, but folks are still trying it and they're getting creative with it. So one thing that I would like, if I can hear from you is how do you even define synthetic fraud, because there seems to be so many different ways that people are defining a synthetic fraud itself. What is synthetic fraud? Yeah, I define synthetic fraud as. As someone who is not real, basically in the shortest term, the social security number is made up. The name is made up. The date of birth is made up. The online persona doesn't match the actual persona that they're creating or they've created and you're unable to determine who they are, who the real person is behind the persona. They created first, but they became legitimately for a few years because first thing that everyone does is a bureau check, right? If I am creating something fake, the bureau check would come out as no file or no information itself. If you create it today and try to do something, yeah, it'll come back probably with no file, but that's not how they work. It's a long process. They play the long game, right? Because they understand that they have to put time in to create this online persona and they have to get started at the bottom and work their way up. Okay. So that's where you mentioned the subprime for subprime. There is no bureau check. There might be, but what the subprime lenders understand is that if it comes back with no file, this person could have just been incarcerated. They could have just come to the U. S. They could had bad credit and now they've had it all wiped out. There's different reasons why a person has no file or limited trade lines. So they're willing to take that risk. And then this person is just needs just one trade line to start the process. Okay. And so they build that. They get the 200, 300 loan. They actually repay it. They are good. So they slowly start increasing the loop itself until they get to the bigger fish. Okay. I understand. Got it. I also see a lot of biometrics and the behavior analytics for fraud itself, and I'm sure they're also being used heavily for credit risk. So I wanted to understand your thoughts on how effective they are and what are some of the challenges and what are the surprising things that I encountered is, for example, I come from Singapore and that part of the world where it's very common to use biometrics for everything, basically, but in the U. S. especially, I've seen that the biometric penetration is actually fairly limited. So I wanted to understand what are some of the challenges associated with implementing this. Yeah, I enjoy using the biometrics and from the different solutions that offer it. I mean, I think it's a good way to prevent fraud. You're making sure that the person who's applying for whatever product you're offering is who they say they are. The tools work how they're supposed to work. They verify the legitimacy of the particular documents that you're providing. I think what most people will say about biometrics is that it adds that layer of fraud. Friction to the process to the customer that they may not want because their first argument is this is a layer of friction to the customer that's going to create fall off and conversion rates going to affect conversion rates, which isn't necessarily true. And if someone's going to. fall out of the funnel because you're asking them to upload a driver's license or passport, chances are that's not a customer that you really want, right? And there's ways that you can implement biometrics within the funnel that prevent fallout, right? So you would only implement these particular solutions if some of the information that the person submitted doesn't check out. And then you provide, you ask them for additional documentation, which would include the biometrics. So, because one of the things that I always keep thinking about biometrics obviously does add a friction, but it also provides a lot of protection for the customer as well. I mean, it's not like the institution is actually getting the benefit. They themselves get a benefit of even protected from fraud as well. I always keep hearing these arguments. I also think it's to do with privacy and the perception in the market as well, that the moment we talk about biometrics, customers may feel hesitant in providing something like that. Not just about friction, but about perception, basically, I think there's a couple of thoughts on this depends on the demographic. You're soliciting your products to write. I think the younger folks, younger generation are used to uploading your documents used to asking for these particular things. And so that friction doesn't bother them. But I think if your product is for older generation, then maybe they have those sort of reservations to uploading it because of What you mentioned, privacy and things of that nature. But again, I think you don't ask for everyone. You ask for the ones who information can't be verified. Right. And again, it goes back to the manual review rate, right? If you're implementing your solutions the correct way, and you're calibrating them on a monthly basis, you're providing feedback files to your vendors so they can calibrate their tools so you can show them the false positive rates of their solution and they can make their tools better. Then your manual review rate should never be over 5 percent and you're able to now reduce the number of folks that come through that require documentation upload. I understand. Okay. And that's, I mean, because fraud and even probably credit risk for that matter, probably are like credit risk probably less so than fraud is more a cat and mouse game. So you plug one hole, people are always trying to figure it out. Can I make a hole somewhere else, right? So how do you adopt emerging threats? How do you continuously stay on top of this game? Yeah. Any experienced credit risk or fraud person, whatever you're doing, I would say I don't think this is even for credit risk or fraud. I think it's just whatever your profession is. I think in order to stay relevant in that particular field, you have to have a great network of folks to ping questions off of, to collaborate with, attend a lot of conferences, roundtables, meetings like this that you and I are having, because you haven't seen everything, right? You don't know everything. There may be a fraud ring or fraud scheme happening in Florida that hasn't hit the West Coast yet, right? So honestly, that's how I stay relevant in this space. I attend a lot of conferences. I'm on fraud roundtables I have conversations like this with folks because you just don't know, right? Especially when I was at SoFi. SoFi is at the top of the pyramid in terms of prime lenders, right? So the fraud that we saw A company at the bottom of the pyramid probably saw six months before we did, right? And so you want to have those conversations, because again, it starts at the bottom. It doesn't start at the top. Here's a good example. Most people in the industry understand, and I think there was an article on this recently too, understand that for a long time, Glendale, California was like the number one fraud location in the U. S. Everyone knew that there was a certain demographic there that was perpetrating fraud. Across the fintech space, everyone got hit by them. If you didn't, you were very, very, very, very, very, very lucky. You should have played lotto. And so you don't know about this particular group unless you have conversations with folks and say, oh, you're being hit by this. So are we, well, what did you do? Well, how can we prevent this? So when I first found out about them, I immediately started talking to some of my counterparts in the space and a couple like, yeah, this is what we did. We had them a month or two ago. This is what we did. Okay, great. But then they're going to switch up. And then when they switched up, I was able to say, hey, listen, they've switched up. This is what they're doing now. Oh, you know what? No wonder we're seeing a lot of losses amongst our self employed borrowers. Okay, well, great. Thanks for letting me know. And so I think that's how I. Plug holes. I mean, yeah, you run reports internally, you calibrate your tools, you see where the trends are and see where there's, but again, I think the conversations that you have with your counterparts in the space are invaluable. Okay. So is that like a community for, I do know the conferences itself, but is that like a community for let's say credit risk professionals or fraud professionals itself? Yeah, there's a ton out there. You know, I mean, I think there are fraud roundtables, there are consortiums, there are LinkedIn groups. They're out there. You just have to find them, right? There's Slack groups. Some of these folks have groups on Slack and they send their messages there. And so, yeah, they're out there. You just have to find them and they're not hard to find. You just type in fraud in LinkedIn. You're going to get a ton of stuff there. Yeah. Okay. My final question is, so one of the things that you Let's say you've been in this pro in the financial space for almost 20 years, right? What is something that you wish that happens? For example, like you keep thinking that this should have happened, but it has not happened for a long time, right? You think that this is actually simple or easy. What's the frustration that you have that on that? It would probably be around just the idea that credit cycles. They're cycles. Yep. They go up, they go down. That's why they're called cycles. They go up, they go down. They go up, they go down. Yeah. And I wish they didn't take people by surprise. Maybe. Well, companies by surprise, not to say that you can predict them, but I mean, you can kind of tell where they're going. Right. And so it's always interesting to see when we're in a down cycle, companies are freaking out. And. Trying to change their policies at the last minute or tighten up. Well, if you change them at the last minute, tighten up is too late. And if you're trying to loosen them at the last minute is too late, you've lost money. So that was a great question. And I think that's the only thing I can think of right now is that the up and down this of cycles take companies by surprise. So you've gone through two cycles, right? Mainly. Actually, so let's think about that. So I started my career at the end of the first mortgage crisis. Not 2008. I'm pretty seasoned in my age. So yeah, I think I've started my career at the end of the first mortgage crisis in the late nineties. Oh, okay. Mid nineties, mid to early nineties, right? I think the first one was in 96, 90s. Finish that one. And then the mortgage crisis in 2007, eight, and then I guess COVID. So yeah, three, two or three. Yeah. Yeah, cool. Awesome. That was my last question. And thank you so much for answering all the questions with patients and all the listeners would love to hear some of the insights. I mean, I've particularly also heard some of the fascinating things that I've probably have not heard before. Thank you for that. And nice to have you here. Hey, thanks Robbie. Greatly appreciate it. Thanks for having me. Thank you.