Tuesday, November 21, 2017

HMDA, ECOA and What's an Application?... again

Regulators do not understand Pre-Qualifications

Implications for NMLS Call Reporting and HMDA Reporting


Recent discussions make it apparent that regulators do NOT understand the concept of pre-qualification versus qualification or pre-approval. This is critical given the impending 2018 data recording season where, with substantially lower thresholds for reporting, even the smallest company becomes a potential HMDA reporter with its incumbent responsibilities and tasks.

Make sure you are armed with the facts when confronting a regulator who insists you are under-reporting your call volume or HMDA data.

What is Pre-Qualification?


"Pre"-Qualifying is a prior to application discussion of eligibility and rates, applied against published standard qualifying guidelines; ratios, down payment, loan type, and maybe even credit score. This analysis should result in a number, which is the maximum loan amount a customer could possibly afford. It's not an application and the result states "THIS IS NOT AN UNDERWRITING DECISION", something that you must feature prominently on any correspondence. This is so consumers don't represent or think that they have been approved when they haven't.



Why Do Regulators Think Pre-Qualifications are Applications?


Buried in Reg B (ECOA/Fair Lending) commentary, is a statement which has now become the lynchpin for the argument that pre-qualifications are applications. This opinion that holds that pre-qualifications, if failed, must be disposed of via Adverse Action and consequently, are subject to activity reporting.

Comment for 1002.2(f)-3 When An Inquiry Or Prequalification Request Becomes An Application.
 3. When an inquiry or prequalification request becomes an application. A creditor is encouraged to provide consumers with information about loan terms. However, if in giving information to the consumer the creditor also evaluates information about the consumer, decides to decline the request, and communicates this to the consumer, the creditor has treated the inquiry or prequalification request as an application and must then comply with the notification requirements under § 1002.9. Whether the inquiry or prequalification request becomes an application depends on how the creditor responds to the consumer, not on what the consumer says or asks. (See comment 9-5 for further discussion of prequalification requests; see comment 2(f)-5 for a discussion of preapproval requests.) 

This comment illustrates the conundrum because, in this case, the consumer doesn't have to ask (apply) for credit but rather simply being ineligible for financing (according to the comment), the discussion must be treated as an application and denied. It also belies the intent of the pre-qualification which is, by its very nature, a positive discussion of what is possible. Even if the current scenario yields a $500 loan, it's positive, not a negative. You CAN offer someone a loan if the income increases by a prospective amount, decrease debts by some prospective amount, save some prospective amount of money, and then identifying what would the pre-qualification yields. This is the purpose of the pre-qualification discussion - educating the consumer about how he or she should proceed if trying to obtain financing in the future.

This also shows the other flaw in the logic of considering a failed pre-qualification a reportable event; what's the number? It's ZERO! Where do you report that?



A "Failed Pre-Qualification" Doesn't Actually Exist


If we agree with the regulator that declining to issue a pre-qualification is a declined loan, you should consider this instance a "Failed Pre-Qualification." A "Failed Pre-Qualification" doesn't mean you issued a pre-qual that didn't meet the customer's expectations - such as one where the customer was looking at a 500,000 house, but could only afford 125,000 - but merely should reflect the result of the qualification calculation, subject to underwriting.  So if they can afford a $500 loan, you should issue a pre-qual for $500 and call it a day - no reporting required. In theory, under this structure, you should never have a failed pre-qualification.

Your pre-qualification process must show you are determining a maximum loan amount, not meeting a specific loan request criteria. Once you begin trying to meet a specific criteria, it's no longer a pre-qualification , but a qualification. 

Regulators are Correct About Pre-Approvals and Qualifying


Logically, the regulatory interpretation of pre-qualification activity WOULD be true if we called the process "qualification," eliminating the "pre-," instead. In a qualification exercise you start with a specific number - a desired property or particular loan amount - and work through the prospect's financial profile to determine whether the customer is eligible for that particular number. Results of this process identify, in binary form - YES/NO - whether the prospect can afford or is eligible for that number. In this case, if the borrower has too many debts, or has insufficient income or cash, or because of the limited profile, the credit score is insufficient for this particular instance, you now have a number that you are not eligible for. Either change the number (counter offer) or decline to proceed (adverse action).

Similarly, a Pre-Approval is a loan commitment resulting from a customer's application for a specific amount of financing prior to property selection. A customer submits an application and all supporting documentation which the lender completely processes in the absence of a property - no sales contract and subject to appraisal, title and property conditions. All decisioning rules apply.  If the amount the borrower requests cannot be approved, then the underwriter may counter-offer for different terms, which the customer may accept. If not accepted, the loan must be declined and notices provided. Disclosures, except those which apply to a property, must also be provided.

You Can't Fight City Hall


Sadly, to this date, logic doesn't necessarily dissuade regulators from attempting to corral these innocuous discussions into a regulated process. According to several state regulators and the NMLS, while you don't count pre-qualifications in your call report, you must report declined pre-qualifications.

The golden rule applies. No amount of good reasoning will persuade a regulator, who has made a public determination about a policy, to admit that he or she is incorrect. So if you are in a state where the industry has allowed the regulator to control the definitions of what construes a credit inquiry, then you have to build policies around it, to ensure you comply.

Building a Compliant Pre-Qualification Process


Since this ECOA interpretation can open your business to regulatory scrutiny, you should build a process that inoculates you against under-reporting or fair lending findings. Simply, you could issue a pre-qualification certificate or letter for every single discussion, even if the result included a prospective versus current solution.


  • Generate and retain a copy of all pre-qualification letters/certificates from every discussion.
    •  Create a standard pre-qualification letter or certificate
      • There may be multiple formats
        • as is or
        • prospective
  • If you do not issue a pre-qualification (a failed pre-qualification) you should issue an adverse notice stating "we don't offer any program matching your requirements."  
A defined pre-qualification identifies a potential maximum, but does not state any basis for a declination. 




Thursday, July 27, 2017

Aspirin for Risk Assessments - Relieving Pain for Small Mortgage Firms

What could go wrong?

Demystifying risk assessments by evaluating your solutions


New York State examiners recently began requesting Risk Assessments for NYS Department of Banking applications and some renewals. These requirements applied even to single proprietors who, naturally, felt overwhelmed and confused about what the examiners requested. In fact, risk assessments represent a prudent step in the process of building a business. It's simply asking the question: "what could go wrong?"

In that spirit, here is a sample risk assessment policy and procedure.

The CFPB provides a sample risk assessment in its examination guides, which you can access here. In our view, the CFPB assessment addresses many items, but misses some as well. There is the regulator's well-known penchant for diving into minutia in some elements (like corporate governance and certain regulations), then overly broad assessments of others. The best approach remains thinking through your process.

Risk Management Process for Mortgage Bankers and Brokers


Mortgage Companies small and large face the same risks as any company; physical damage and infrastructure damage from disasters, employee and workplace safety. But financial institutions also face risks specific to the business model: compliance, counter party risk, process management issues and particularly fraud and information security.

Even the smallest company needs to address these issues, and it can seem like an almost insurmountable task. By structuring our business with systems that regularly address these risks and then rationalizing these checks into a standard business flow, the task becomes more manageable and understandable.

The standard risk management process should look like this:

  • 1.      Identify what risks a company faces,
  • 2.      Identify the level of risk to the company, its customers and counter-parties,
  • 3.      How the company mitigates those risks through procedures and other provisions

  • We have compiled a risk assessment for standard retail mortgage brokering or lending operations, identified the level of risk, and shown how, through policies or procedures, these companies mitigate this risk.

    Risk Levels

    We follow the CFPB’s model for assessing the risk to the customer.




    Quality of Risk Controls


    A non-system based Risk Control produces haphazard results. For instance, if there is simply an individual who is responsible for the execution of a risk mitigation procedure, it is likely to be missed. By integrating controls into processes that we already conduct, scheduling regular audits, and using pre-programmed systems like LOS, Credit Reporting tools such as fraud guards, web alerts like Google Alerts, we control these risks automatically.


    At the heart of all our risk mitigation is the implementation of a “systems-based” approach that does not rely on an individual to oversee the process. For instance, checklists, step-by-step procedures, and automation all contribute to systematic risk management.

    Risk Assessment For Mortgage Companies



    Customers of MortgageManuals.com can download samples for their own use here:


    Wednesday, May 31, 2017

    Investor Renewals - Broker/Mini-Corr Lender lack of distinction may cause problems

    My lender/investor is asking for our post-closing quality control plan and 10% audits... We are a non-delegated correspondent or broker. What now?


    With the propagation of categories and levels of correspondent, including mini-correspondent, non-delegated mini-correspondent, funding non-delegated correspondent, and wholesale/broker, we see many wholesalers request quality control plan elements that do not apply to a specific business model. Specifically, lenders are asking brokers or non-delegated correspondents for agency-level post-closing reviews, including 10% random sampling, re-verification of all loan file exhibits, appraisal reviews, closing document reviews, and re-underwriting.

    If you are not delegated underwriting and closing this should not apply to you.


    The requirement for random sampling and post-closing reviews of loans doesn't apply if you aren't underwriting or drawing closing documents yourself. We have found that this is usually the result of a miscategorization of the originator as a lender. Explaining that this requirement is like asking the broker or correspondent to underwrite and evaluate the lender's credit decision - something the broker/correspondent had NOTHING to do with in the first place - clears this requirement.

    Some wholesalers will not budge, though. This is the golden rule: He who has the gold makes the rules. In this case, evaluate how important the wholesaler is to your business. If it's a critical product or service, you may have to start conducting these reviews in order to maintain the investor. But DO NOT simply capitulate to the requirement and start a post-closing review process without ensuring that the requirement is absolute. Beyond being redundant for loans underwritten by someone else, post-closing reviews are expensive.

    "Do they even review this stuff?.."


    Wholesalers have been reviewing our quality control plans for years. It is important to note that many of these reviewers don't actually read an entire plan, so that if something doesn't jump off the page at them, they may mark your plan as deficient. That doesn't mean it isn't in the plan.  99.9% of the time we draft a rebuttal, we are simply citing the page numbers where the reviewer can locate the information he or she couldn't find (or didn't look for) the first time.

    This also doesn't mean that we don't value the feedback. We always want to know if we have missed something, so we can include it for any of our clients who might get similar feedback. That's one of the ways our products have evolved since 1996.  It's also why we can guarantee our products' acceptability.

    It's a PROCEDURE, not a POLICY


    The most important thing to remember is that you want your plan to reflect PROCEDURES about how you work to catch ANY possible error. This is completely different from writing a POLICY, which simply states that you will look for various elements. For instance, a recent communication showed:

    The Pre-Funding Quality Control Requirements (and where they are located in your Broker Plan):


    • Quality Control is Conducted by someone other than a party to loan origination (Page 22)
    • The Borrower Social Security number is re-verified on all loans (Page 14)
    • Income calculations and supporting documentation are reviewed. (Page 13)
    • Verbal verifications of employment are conducted (Page 20)
    • Assets needed to close or meet reserve requirements are reviewed (Page 15)
    • Appraisal or other property valuation is reviewed (Page 16)
    • Documentation is reviewed to assure adequate mortgage insurance coverage (Page 12)
    • Review loan to determine automated underwriting info is accurate (Page 18)
    • Liabilities between 1003 and credit report are reconciled (Page 12)


    The page numbers show where you can locate the requirement as it is addressed as part of the much more extensive documentation review.  This is the key. You can get a repurchase request or denial for an item which is not a requirement for the quality control plan. To combat this - WHILE YOU ALSO COMPLY WITH THE QC REQUIREMENT - you need a thorough system, using checklists and peer reviews.




    DO NOT write a policy that states that you will simply check for these items, as it opens you up for liability for missing other elements associated with the items requested, that have not been requested to be stated in policy in writing.

    Wednesday, April 5, 2017

    Brokers: Do I Report HMDA Data?

    4/6/2017 Update

    As we approach the 2018 HMDA reporting window, with the wider rubric for filing requirement, we are getting many calls from brokers about preparing to become reporters. We want to reiterate that a broker business that categorizes its customers as PRE-QUALIFICATIONS until the loan is referred to an investor DOES NOT HAVE TO REPORT HMDA DATA.

    1.) HMDA is an extension of ECOA, so if you are not making credit decisions, you do not report. Only the ultimate decision maker reports.
    2.) Technically, brokers CANNOT make decisions because they do not have the funds available to unilaterally fund applications. 
    3.) Many states sanction brokers who represent that they are lenders

    Original Post From 12/5/13


    As compliance season descends on the mortgage business again, we start to hear growing numbers of concerns over how a firm will comply with a nuance of a rule.  Often the concern originates with a rumor or other misinformation from a networking group or an e-mail from a service provider looking for business. With respect to brokers, you should generally avoid reporting HMDA denial data for the simple reason that BROKERS DO NOT MAKE CREDIT DECISIONS.

    Among the risks you expose yourself to:

    • State Regulator sanctions for acting as a lender without a lender license.
    • Scrutiny from a Federal regulator regarding why ALL your loans are denied?
    • Inconsistent reporting/reporting errors on other reports

    NMLS Call Report - Requests Denied Applications


    The idea that brokers should report HMDA data may come from the fact that the NMLS Call Report has a line item for "Denied."  However, this is not the intention of this element of call reporting:  this is to identify the "net loan volume."  (Pipeline + New Loans - Closed, Withdrawn and Denied Loans = Ending Pipeline) The denied loans, in this case, should be loans that you will never close because ALL of your wholesalers or investors have denied them.

    Brokers should only put the loans which the INVESTOR has denied in this column.

    NMLS Call Report - Don't include pre-qualifications you have denied.

    Is It Really a Loan Until the Lender Has It?


    If you are a straight broker, and not a mini-correspondent, you should define your application policy to ensure that loans which will not be sent to an investor, for whatever reason, are coded as pre-qualifications. Pre-Qualifications do not trigger HMDA Reporting.  This does not mean that you will not send GFE or other property or application related disclosures if you are actively processing the file.


    According to the staff commentary in the HMDA Small Entity Compliance Guide: "2. Pre-Qualification. A pre-qualification request is a request by a prospective loan applicant (other than a request for preapproval) for a preliminary determination on whether the prospective applicant would likely qualify for credit under an institution’s standards, or for a determination on the amount of credit for which the prospective applicant would likely qualify. Some institutions evaluate pre-qualification requests through a procedure that is separate from the institution’s normal loan application process; others use the same process. In either case, Regulation C does not require an institution to report pre-qualification requests on the HMDA/LAR, even though these requests may constitute applications under Regulation B for purposes of adverse action notices." Commentary Appendix D, Supplement I

    HMDA Small Entity Guide

    ECOA, Fair Lending and Loan Disposition - Not to be Confused with HMDA Reporting


    Due to the overlay of so many regulations, it can be easy to confuse what rule requires what actions.  You are still required to adhere to Fair Lending and Equal Credit Opportunity Act (Regulation B) guidelines with respect to providing an applicant with a disposition within 30 days.  To avoid monitoring challenges and potential violations on small pipelines use your Incomplete Application Notice on all loans.  If the customer fails to provide all of the information, you can withdraw the loan from your pipeline without any further action.  You MAY optionally send a letter noting the withdrawal.   

    Avoid Being the Creditor


    Under the current regulatory scheme, lenders bear the burden for credit and disclosure risks.  A correctly structured broker pre-qualification process allows for the unique opportunity to avoid many of the lender's pitfalls with respect to creditor actions.








    Tuesday, March 28, 2017

    New York State "Cybersecurity" Requirements

    If you own your network infrastructure, big changes coming to New York

    For MortgageManuals.com customers, your Information Security Plan covers the requirements


    New York State licensed financial entities have received notice of new specific requirements for cyber-security. Rules went into effective March 1, 2017, and compliance deadlines start August 28, 2017. Cyber-security is a synonym for information security when data is stored or accessed via an electronic information storage and retrieval network. In other words, cyber-security deals with network security in addition to basic information security.

    Complete text of Cyber-security Rule

    At the heart of the requirements, aside from standard information security remediation, companies must have some form of dual factor authorization. If you use a token or mobile password in addition to your password, you probably already comply.

    Are you Exempt?


    The law contains a number of key exemptions:

    Exemption - Asset Size: < 10 employees OR < $5 MM in revenue OR < $10 MM assets

    Exempt from 500.04, 500.05, 500.06, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16

    You must still have policies and procedures, you must control access, conduct a risk assessment, identify if 3rd parties have an CISP,

    Exemption - "Agent" classification: If you use someone else's system (such as wholesaler's or investor's)

    Exemption - No server: If you don't own and operate the infrastructure

    Exempt from 500.02, 500.03, 500.04, 500.05, 500.06, 500.07, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16

    You must still control access, conduct a risk assessment and identify if 3rd parties have a CISP.

    IF YOU ARE EXEMPT, YOU MUST FILE AN EXEMPTION BY AUGUST 28, 2017. A copy of the exemption certification is on the last page of the announcement - click here.

    This is the page where New York State mortgage lender and broker licensees can file their exemption reports
    To file your exemption certificate go to http://www.dfs.ny.gov/about/cybersecurity.htm and click on the large orange filing button graphic.

    If you are NOT Exempt


    For entities which are NOT exempt, we identify where your policies and procedures meet the requirements. While there are a number of preparations entities must make to comply, unless you maintain your own servers the actual, physical changes normally will be undertaken by your third party infrastructure provider.

    If you obtained your information security policy from us, you may share it with your infrastructure vendors, as it addresses the requirements:

    Section 500.02 Cybersecurity Program


    By virtue of having a written policy in place, you comply with this section. In addition, our policy states the protocol for testing the program, another requirement of this section.

    Section 500.03 Policy 


    This section defines what must be in your policy and procedure. We identify those things that are the responsibility of the network provider, and those which are the responsibility of the mortgage company.

    (a) information security; the actual plan for protecting NPI - #1 - mortgage company
    (b) data governance and classification; the system by which you identify data that is NPI - #2 -  mortgage company
    (c) asset inventory and device management; infrastructure provider
    (d) access controls and identity management; infrastructure provider & #3 password policy mortgage company
    (e) business continuity and disaster recovery planning and resources; #4 mortgage company
    (f) systems operations and availability concerns; infrastructure provider
    (g) systems and network security; infrastructure provider
    (h) systems and network monitoring; infrastructure provider
    (i) systems and application development and quality assurance; infrastructure provider
    (j) physical security and environmental controls; #5 mortgage company
    (k) customer data privacy; #6 mortgage company
    (l) vendor and Third Party Service Provider management; #7 mortgage company
    (m) risk assessment; #8 mortgage company
    (n) incident response. #9 mortgage company

    Citation
    Requirement
    Addressed in Info Security Plan
    500.04
    Chief Information Security Officer (CISO) – you must install one, if you don’t have one
    2-90 #5
    500.05
    Penetration Testing – CISO must conduct yearly, vulnerability assessment every 6 mos
    2-90-4 #7
    500.06
    Audit Trail – keep records of all activity
    2-90-3
    500.07
    Access Control – must control access to NPI on network
    2-90-2 #3
    500.08
    App Security – certify developed programs free of defects
    N/A
    500.09
    Risk Assessment – Identify what NPI is at risk when
    2-90-2 #8
    500.10
    Personnel – must have training and certifications
    2-90-7 #9
    500.11
    3rd Party Assessments – evaluate whether 3rd parties comply
    2-90-4 #7
    500.12
    Multi-Factor Authentication – must have at least 2
    2-90-2 #3
    500.13
    Records Retention – limits on NPI data retained
    2-90-2 #10
    500.14
    Training – must train annually
    2-90-6 #9
    500.15
    Encryption – NPI protected by encryption during transit
    2-90-2 #11
    500.16
    Incident Response Plan
    2-90-2 #2

    Page 1 - Information Security Plan - Showing References to Requirements

    Page 2 - Information Security Plan 

    Page 1 - Disaster Recovery Plan/Business Continuity Plan

    Page 1 - Customer Privacy Policy

    Friday, March 17, 2017

    Updated Regulatory Compliance One-Pager

    Mortgage Compliance One-Pager - Desk Reference/Study Guide for laminating

    Updated 3/17/17

    I recently re-took the NMLS' National Test with Uniform State Component. I neglected to take the Uniform State Test add-on when it first came out, but thought that if I needed to add additional licenses later, it wouldn't be so bad to re-take the National Test. I worried that I might have a problem because the last time I took it, I really struggled with the intricate test questions, puzzling over three or possibly four correct answers to decide which one was the "best right answer." This time, I found the test questions much more straight-forward. The bad news: I didn't score 100. What did I get wrong?

    I should have studied my own mortgage compliance guide!


    I have found that people don't really like to read pages and pages of material. "Can't you cook it down for me?" they ask. So we did. We authored a series of "QuickNotes" (QuickStart: QuickNotes... get it?) which have helped thousands cram and pass the national test. These one page "cheat sheets" boil the material down to its most fundamental level.

    Regulatory Compliance Matrix - Click to Download

     Click to Download Regulatory Compliance Matrix


    Document Not Clicking? Try this link.

    Loan officers love our cheat sheets. Compliance trainers and regulators hate them. "There's not enough content!" they complain. But the infographic tells it all. Sure you can study MORE, but loan officers aren't attorneys. We get lost reading 3000 pages of code. Just like an attorney or compliance officer would get lost reading 3000 rate sheets and program guidelines a day.

    We use this methodology in our new loan originator training, too. Instead of 2000 words describing how to to something, we give an illustrated form, a checklist, or a reference tool like this one which highlights Ability to Repay Guidelines.

    Ability to Repay and Mortgage Knowledge Tools - Click to Download

     Download Ability to Repay Matrix


    Click here to download these tools at no cost or obligation. Also, feel free to provide feedback.

    What I THINK I got wrong...


    • PMI Cancellation @78% 
    • Do Not Call from 8am to 9pm
    • Balloon Payment Qualifying
    • Section 32 (High Costs) max Debt Ratio is 50%
    • Confusing question on Finance Charges with options I would consider ALL to be finance charges. (I think they wanted the recording fee, still not sure)

    These items are ALL on the study guides, so my advice is to study these all. I knew I was going to pass, but I was surprised about how many questions I had to review at the end.


    Monday, March 6, 2017

    CFPB's Complaint Line a "Targeting Tool"


    The targeting of audit subjects through the use of the CFPB Complaint Portal means you need a proactive complaint resolution process


    Since the Consumer Financial Protection Bureau began accepting complaints related to mortgage transactions in 2011, the industry's fears that this would simply act as a targeting mechanism have been realized. Multiple complaints, more than a single complaint, act as a red flag attracting the worst kind of scrutiny. Recent presentations by CFPB Senior Analyst Ann Thompson confirmed this. As a preventative tool, our first recommendation involves adding a daily or weekly check of state and national complaint portals by the company's compliance manager.

    But it goes beyond dealing with complaints. You must take a proactive attitude. Make it easy for your customers to file a complaint with you and company management directly, before the customer elevates it to the regulator to resolve it. This means:

    • Adding prominent "complaint" button on web pages
    • Proactively sourcing "compliments and complaints" via promotional materials
    • Asking customers "have I addressed all of your concerns today?" question in the footer of all electronic communications
    In addition, have an effective process for resolving complaints once they arise. This is called a "Complaint Resolution Process"

    More importantly, though, all employees need to understand they must participate in communicating to troubleshoot, document and resolve complaints.

    Complaint Resolution 101

    This is a problem solving business, and there is rarely a loan where absolutely everything goes as planned.

    If you have our Quality Control and Compliance Modules we provide you with a Complaint Resolution Policy template. It's time to pull it out and make sure you are ready to adhere to it.

    Rule # 1

    LISTEN! Listen to the customers complaint. Identify what the customer's real problem is and acknowledge that it is a problem. You do not have to admit fault to show empathy.

    Rule # 2

    DOCUMENT! Make sure the file has been documented with correspondence and that the conversation log has been populated. Complete a complaint report and deliver it to the manager for review.

    Rule # 3

    RESOLVE and close the complaint. Based on the manager's determination, diary your Outlook Calendar to follow up with the customer and ascertain that the problem was handled. Not every customer will be happy, but if you are responsive, the customer will not automatically elevate the complaint.

    Sample Complaint Resolution Policy - Request a Free One
    Complaint Policy Sample

    Wednesday, February 22, 2017

    State Examinations - AML/BSA Compliance - Self-Audit Checklist to Ensure Compliance

    The Anti-Money Laundering rule (AML) implemented by the Bank Secrecy Act (BSA) creates many questions for lenders and brokers. We know that state examiners focus on a number of specific issues. A recent spate of calls reveals that New York, Indiana, Texas and Pennsylvania have questionnaires and examiners that ask pointed questions about the AML/BSA compliance program for mortgage originators.  To ensure that you are hitting all of the requirements we have compiled a self-audit checklist for you to use to evaluate and collect data.  You should run through this checklist annually.

    Use the BSA/AML Self-Audit Checklist for mortgage originators, to ensure you keep all of the information needed for an examination.  Members may download the original form for customization from http://www.mortgagepolicymanual.com/updates-and-downloads.html or mortgagemanuals.com/updatesanddownloads.htm

    Compliance Officer Training


    New York's examination findings sometimes cite a recommendation for the compliance officer to have training.  The FinCEN rule requires training, but does not say that it must come from a certified 3rd party.  FinCEN offers training on its website, and many compliance providers provide training for a fee. Familiarity with the rule - actually reading your policy - also counts as training.

    Here is a video that instructs the Compliance Officer how to register for the FinCEN portal to report SARs



    Quality Control and AML


    We do not recommend that firms maintain a separate Anti-Money Laundering Plan, but rather that they integrate the AML process with their Quality Control function.  After all, FinCEN wrote the AML rule as a fraud detection/reporting requirement, and that is exactly what the quality control plan should do.  As a consequence, make sure your quality control plan has a robust red flag feature.

    Register for the Portal


    Your plan loses credibility if your compliance officer isn't even registered with the FinCEN portal.  It implies that you have no intention of participating in the program.  This simple fix will eliminate many citations.


    Tuesday, February 21, 2017

    Brokers Don't Approve Loans, so do not deny them - Either action is a credit decision

    Is it an App? Don't Assume Excess Regulatory Responsibilities - treat all inquiries as pre-qualifications. Every pre-qualification should show what is possible, not whether you can get a loan. 


    The use of the 1003 form confuses the question, particularly for brokers


    The 2/14/17 Mortgage Call Report (MCR) prompted a waterfall of questions. Many of these questions center on which loans get reported. The confusion surrounds the phraseology of the MCR instructions, which seem contradictory. At the heart of the matter: Is it an application or something else? Another point became clear; people aren't using their LOS the way they should in preparing their submissions. Take the time now to learn how to generate custom reports that you can use to complete the reports. 

    One point we repeatedly try to make to industry participants - don't add to your regulatory burden by including prospects to your reporting pipeline. In the case of the Quarterly Call Report, you have to report your application activity. Here's the ambiguity; what does application mean?



    According to call report documentation, an application is 1.) an oral or written request for extension of credit on a residential property. Clearly, then, an application is a request for credit. If your company policy allows verbal applications, or defines any other application methodology, including the 1003 Uniform Residential Loan Application, then that becomes a report-able application. Most companies defer to the 1003 date as the application date, whether the date completed by the originator or the date signed by the customer.

    So is a rate inquiry or pre-qualification request an application? According to the NMLS' instructions, (#2) inquiries or pre-qualification requests which result in denial are treated as simultaneous application and denial. But that doesn't make any sense, because a pre-qualification simply is a discussion of available products - it CAN'T be denied, because it's not a request for anything. EVEN IF THE BORROWER AUTHORIZES A CREDIT REPORT, there is no request for a credit decision. The instructions force the lender to make the jump from pre-qualification to application. But this is a big jump for the lender to make. A pre-qualification request would never result in a loan approval, so why would it result in a denial. It's not a request for credit, it's a request for an eligibility determination.

    Limit your use of 1003 as the tool to collect information - use a Pre-Application process

    Lenders should pay close attention to how they define application within their own policies. This impacts HMDA, ECOA, and disclosures in addition to the MCR reporting information. By developing defined application paths which segregate inquiries from applications, you close many loopholes and tripwires which could result in under reporting. This also means that deciding to complete a 1003 for an applicant takes on new significance; someone who has signed a 1003 is no longer a prospect.

    Brokers should carefully consider how their prospects convert to applications. As a pre-qualification inquirer, a prospect doesn't receive disclosures - there's no property address and no credit decision. This perfectly reflects the organizational capabilities of a mortgage broker. Taking applications using a 1003 form should be reserved for the customer who has found a property and is proceeding with a loan the broker has registered with a wholesale investor. This process eliminates all of the confusion about who is responsible for disclosures, as the wholesaler will send the LE and ancillary disclosures at registration, eliminating the possibility of incorrect disclosures resulting in a rejection.


    A "Pre-Application" allows you to collect information necessary for a pre-qualification without creating a credit request.



    Both lender and broker can benefit from a defined "pre-application" process. The gray area of inquiry no longer exists when the status is Application Not Taken Yet. This also allows the company to completely validate a customer's eligibility, prior to assuming a regulatory or reporting burden.


    More on MCR and HMDA Reporting - Brokers don't deny loans

    If you are not a creditor, you cannot approve a loan. By the same token, if you cannot approve a loan then you cannot deny it, either. Brokers who complete a 1003 form should dispose of that application within 30 days through the incomplete application process or customer withdrawal. A broker will never report a denial, merely withdrawals and cancellations.

    To ensure you do this correctly, look at your complete application checklist, also known as the items needed worksheet. Does it have a date by which the customer must respond? If not, you need to change the form to add a date field; code that field to reflect 30 days from the date of application. You can automatically withdraw the loan if the customer doesn't respond. If the customer does provide documentation, but that documentation doesn't meet the guidelines of a program, or what was requested, you can respond with a cancellation or termination due to incomplete information. If the information does meet the requirements and an application was completed, forward the case on to the underwriter. If the rate that the borrower wanted no longer exists, advise the customer and withdraw the request.

    The paradigm; don't take on regulatory duties that exceed the scope of your duties.

    Wednesday, February 1, 2017

    Warning Shots for Paid Referrals: Legitimate Violations at Heart of Prospect Lead Generation Program

    Behind the headline splash - real violations


    We have gotten used to the CFPB picking on things in the range of "technical violations" and announcing large penalties. This induces paranoia and an acceptance of the idea that, despite our best efforts, fines and penalties in the course of operations have become a "cost of doing business." In the Prospect Mortgage case, however, these incidents would be clear violations for even the uninitiated.

    We recommend a review and audit of referral relationships and lead generation arrangements, but this finding doesn't mean abandoning balanced and compliant lead generation techniques. As a simple measure, if you find any "quid pro quo" activity, you probably have a violation.

    Click here to read the entire consent order, which includes detailed findings.


    1. An active referral, by itself, is not a violation. The fact that, in addition to marketing agreements, the agents referred business in great concentration raised suspicion that there were other elements at play.
    2. Exclusively referring business is a referral red flag. A best practice for all referrals revolves around recommending at least 2 or 3 providers. This raised further suspicion.
    3. Leads or referrals, by themselves, are not an indication of a kickback. Payment for a lead to an individual who has a financial interest in that lead - without an arm's length transaction - can point to a kickback.
    4. Sliding scales, or evaluating the quality of a lead before making payment is a RED FLAG. So a lead that is unqualified being evaluated as less valuable than a lead that results in a closed loan is a "pay for performance" strategy and is prohibited.


    5. Ultimately, it was easy for the CFPB to draw a straight line from the referral to the payment, particularly with the concentration of this activity.



    Beyond this, though, some of the activities that called the arrangement into question would not be violations if they did not have the issue of payments associated with them. For instance, requiring the approval of a particular lender or lenders (such as those appearing on an approved list) does not constitute a kickback scenario. If the companies had not received per loan payments, then the idea of a reputable local lender re-qualifying prospects makes sense and is in both buyers' and sellers' interests.

    Joint Venture and Co-Marketing Violations are Less Clear

    Planet Mortgage Loan Servicing referrals to Prospect look like a legitimate fulfillment referral arrangement. However, because the payments were not based on standard services provided, but rather on a split of the fees that Prospect received, the ownership and activity tests should have been applied to make sure that these were not sham arrangements, simply for the purposes of generating a referral fee. There is nothing wrong with paying for services provided or fulfillment, nor is there a problem with joint ownership and risked capital splitting fees.

    Perhaps the most troubling finding surrounds the penalties for joint marketing. So long as the parties share the actual cost (that the originator isn't paying for the ads on behalf of the agent), there is no prohibition on co-marketing. In this case, the decision of the CFPB seems to hinge on several e-mails which alluded to steering the customer as a consequence of the arrangement. 

    MSA's are NOT Illegal - You Have to Look at the Circumstances

    Here is the CFPB's cautionary memorandum on this topic. MSA's , they say, can be disguised as payments for referrals. Each situation has to be examined. If you look at our suggested policy on this matter, as reported in our January 2014 issue, you will see that management must review these arrangements to ensure that fees paid are commensurate with the value received - whether it is joint marketing, desk rental, or even affiliated business arrangements. 

    "Quid Pro Quo" Arrangements at Heart of All Findings 

    Many of these actions, in a vacuum, are not violations. In any review, focus not only on the written agreement, but exercise extra diligence beyond the paper documentation to see if the action causes any pressure or steering on the part of the consumer or other parties.

    The payment of referral fees corrupts the customer's ability to evaluate whether they are receiving a fair offer by encouraging the use of providers whose costs are inflated by the need to pay referrals. Ultimately, the best prevention of these kinds of violations rests in a sales culture of referrals sourced through value-added relationships where lenders who provide the best service and pricing lead financing decisions. Value is also added by lenders who provide community services, such as home financing seminars, financial counseling and education, and who work in partnership with real estate sales professionals to promote transparency in their relationships. Refer three lenders or title companies, not just one. Let the borrower choose.