Why do they use Scare Tactics? They get the phone ringing.
But they also create a lot of unnecessary disruption for companies that are trying to comply. For instance, one e-mail we saw recently, sent from a compliance company, warned Florida mortgage brokers over license suspension issues for non-compliance. As you know, we always try to shed light on issues that confuse participants, and there are some misleading problems with this solicitation. The first one is that the enforcement action WASN'T IN FLORIDA, it was in North Carolina, so Florida brokers can stop worrying about why they weren't aware they needed certain disclosures that don't exist in Florida.
Beyond this misleading alarm, there are other elements to consider.
First, let's just clarify one thing: you have to do something egregious to receive a cease and desist order. In the case of the broker who was the subject of this cautionary tale (whose name was redacted in the marketing piece), the egregious act involved charging borrowers fees which they did not agree to in writing. When a regulator cites you for this type of behavior, if it was unintentional and not systematic, you can usually negotiate to correct the activity by making restitution for the unearned portion of fees. As we all know, most investors WON'T LET US collect more than we are legally entitled to, so one can conclude that this particular broker didn't have that type of oversight.
Second, in this case the broker surrendered his or her license, rather than deal with compliance. In this case, the broker likely didn't submit or negotiate any required policies and procedures. For regulators, this is standard procedure. If you cite an entity for one element, you cite them for everything that they lacked. Certainly, the lack of a compliance system was not the primary violation.
That said, brokers do need to have a compliance system in place. Regulators generally require policies to cover the elements for which they cited the broker:
- Lack of control and supervision over its operations and staff; (a quality control plan should provide supervisory guidelines for staff - part of our broker pack)
- Failure to have a written information security plan; (Information Security is a requirement of FACTA - part of our broker pack)
- Failure to have a written Anti-Money Laundering Program and policies and procedures for reporting and maintaining Suspicious Activity Reports; (AML required by FinCEN, is a fraud detection plan - your Quality Control plan doesn't have legs if there isn't a reporting structure - we provide a plug-in)
- Good Faith Estimates that did not comport with state and federal laws and regulations pertaining to mortgage lending; (Compliance policies and procedures address how to properly disclose - clearly this action is also pre-10/3, due to the GFE reference)
- Improper charging or collecting of third party fees for loan-related goods, products, and services; (A quality control plan should address the completion of a loan agreement, retention of documents and financial audit to avoid these types of findings)
- Failure to maintain required records; (you should conduct a Quality Control Compliance audit on each loan you close. This procedure, which is part of Quality Control, identifies documents you must keep and any deficiencies)
- Failure to provide required disclosures to borrowers (Your production quality control should include a checklist that identifies all required disclosures - this way you can prove you sent and checked for them, even if the borrower doesn't return a signed copy)
Laundry Lists Don't Help you Identify What's Needed
Regulators and investors often provide lists of specific policies or procedures they want to see. Complying with the laundry list creates a false impression that you have satisfied all concerns when in reality much risk remains in the uncertainty of how your procedure gets implemented. The individual responsibility for compliance starts at the function level; the person who actually does the work. If you map out a person's job duties, and provide a detailed rubric for how it gets completed, you ensure compliance.
There exists a panoply of policy solutions for mortgage industry participants, but only those which specifically spell out HOW you comply will eliminate the risk of non-compliance.