Friday, December 10, 2021

Remote Workplace Setup and Supervision

Remote work is here to stay

As much as we have addressed operations in remote work locations through technology, the simple process of setting someone up remotely means aggregating and amalgamating pieces from a number of different areas of operation - mostly IT security - into something comprehensive. We have amalgamated policies and procedures from across a mortgage operation into a unifying element, and have provided a checklist for setting up that remote worker as a tool.

Key Point - Documentation Transfer

Paper documentation and images, the mortgage industry's lifeblood, represents the single largest risk to customers and the company. Remote workplaces, being dispersed and interconnected with private residences, can be extremely insecure places to store documents. Knowing this, we structure the remote workplace as 100% paperless. Logically, arranging for the delivery of loan file exhibits in a secure manner without paper means a secure, 2-factor authentication upload. Remember - personal email is not secure. 

Key Point - Internet of Things

In an office environment, wired network connections prevail and a smaller number of items get connected to a wireless network. In small-office, home, or remote environments, wireless devices abound. Inventory of these items and their connection to a shared internet connection where you or your employees securely connect can prevent a hacker's back door access by allowing IT departments to identify items that have been exploited. (Watch Mr. Robot to see how they get in.)

Key Point - Expectations for Work Schedule, Supervision and Duties

In a remote environment, employees can often experience "mission creep" where, because of a non-office setting, priorities, and distractions detract from the customer experience. For this reason, clear rules on work hours - logging in and out, accountability for email and phone responses, as well as consequences for time spent on personal items during work hours - get set forth at the outset.

For our customers, we have provided a sample "2-94 Remote Work Policy and Procedure" which you can use as a stand-alone to prove compliance with regulatory requirements, and insert into your 2-90 IT Security Module. This supports pandemic-related remote work, as part of a disaster recovery (see 2-97 Disaster Recovery/Business Continuity) and continuity program, and general network security plan (2-92 IT Security Plan).

Wednesday, October 27, 2021

Audit Season: Loan Officer Comp Plans vs Loan Officer Employment Agreements

Questions Persist on the Meaning of "Employment Agreement" or "Compensation Plan"

With the onset of annual audit season, we have noticed a large increase in the number of requests we get for compensation plans and loan officer agreements. We need to set the record straight on some definitions so that you have clarity on what is required and what the regulator is requesting.

First, there are two different things at play. 
  • The need to establish the arrangement between the loan originator and the company as to employment. This item is referred to as an employment agreement. 
  • The need to establish the pay rate for the originator is referred to as a compensation plan
  • These two items are exclusive of each other, although an agreement may refer to a compensation plan. 

Employment Agreements are NOT Compensation Plans

Employment agreements define job duties, the terms of employment, and how employment will terminate. In other words - this is your job; do these things and don't do other things. If you do things we say not to do, we can terminate you. This is how we'll wrap matters up if you separate from the company voluntarily or involuntarily. 

One of the difficulties we face in providing compliance services is that we often get asked for advice. Largely, advice on compliance relates to understanding what regulatory rulemaking means. This is not interpretation or advice, it simply is a translation of the rules into a more easily understood or practical application. Employment agreements, on the other hand, are contracts. In order to draft a contract for a third party you need to be authorized to practice law: an attorney or lawyer. A compliance company should not provide this service. Instead, you should seek the advice of a competent advisor familiar with the employment laws of a state. 

When we provide this free sample loan originator employment agreement, we are actually calling it a comp plan, because it forms part of the comp plan. You may copy the text and use it as a model for drafting an agreement yourself. 

That said, we have some general, common-sense guidance for the creation of employment agreements:

1.) Separate compensation plans from the employment agreement by attaching the compensation plan as an exhibit which is SUBJECT TO CHANGE AT ANY TIME.
2.) An Employment Agreement states the general minimum job requirements of the position. You can augment that by having a very detailed job description such as that in our Loan OriginatorLoan ProcessorLoan Closer or Underwriting policies and procedures. 

Compensation Plans are NOT Legal Agreements

A compensation plan simply states the rate of pay for various services. In the case of the current regulatory scheme, we have to be aware of anti-steering rules. A compliant compensation plan defines how compensation to loan originators happens in a way that does not violate the anti-steering rules. 

Elements of a Compensation Plan

  • Loans Subject to the Rule
  • Definition of a Loan Originator
  • Exclusions from the LO Comp Rule
  • Dual Compensation, Upfront Points and Fees
  • Proxies for Loan Terms
  • Non-Loan-Term Items
  • Profits-Based Compensation
  • Pick-A-Pay Plans
  • Pooled Compensation
  • Compensation for LOs that Work as a Team
  • Pricing Concessions
  • Point Banks
  • Competition for LOs
  • SAFE Act Requirements
  • Anti-Steering Provisions/Safe Harbor
  • Record Retention
  • QMs and Double Counting
  • LO Qualifications
  • Written Policies and Procedures
  • Non-Cash Compensation Incentives
  • Splitting Comp Between LOs
  • Bonuses and Retirement Plans
  • Bonuses Based on Volume
  • Non-Producing Managers and Sales Executives
Our Compliance Module provides a policy and procedure that addresses all of these issues. 

Monday, May 3, 2021

Dear Old 1003, I'm sorry. I didn't know how good you were...

We have updated our Quality Control Data Validation checklist to conform to the organization of the redesigned URLA, which was required for use after 4/1/2021. 

Best Practice - Send for Signature, Not in Blank

The new Uniform Residential Loan Application (1003) form is required for SUBMISSION to Fannie Mae. It is NOT useful as a form to be sent to an applicant to collect information. In fact, there are areas in the form which explicitly state "TO BE COMPLETED BY LENDER" which belies the actual intent of the form. 

Send this document to your customer for completion at your own peril.  The reality is you will NOT send a blank application to the borrower to fill out. Instead, you should capture the information in your LOS, and send the completed form to the borrower for signature. If you want to put data collection responsibilities on the borrower, use the pre-application kit process. 

PROBLEM 1 - Too Complex, Too Long

That is the biggest problem with this product - asking a (single) applicant to parse THIRTEEN pages of application forms correctly, in most mortgage industry participants' experience - means it won't be returned. If it is, it will not be correct. 

Recommended Procedure - Only Sign in Final Form

For those of you who grew up with the old HUD-2900, you will remember that the HUD Application was only signed once the underwriter had approved the loan. This is the same approach. 

1.) Collect application data using LOS or Pre-Application Kit
2.) Enter information into LOS
3.) Generate form for signature

We are NOT advocates of having loan originators or consumers completing this form directly as it is extremely inefficient and fraught with problems, particularly since the representations and warrants on the application form are SO STRINGENT that sending out an application, other than the final verified application, is risky. Our recommended approach is to utilize the LOS screens to complete the form, and have the printed form reviewed by a senior processor or underwriter prior to release. 

The URLA is not necessary to begin an "application" as defined under other regulations

ECOA, TRID, and other regulations that are triggered by an "application" are not referring to this specific form. The regulations DO NOT require the use of the new URLA 1003 form to establish an application, so you can use any method you like to assemble the information (including obtaining a credit authorization). In fact, for AUS Data Submission, (DU/LP/Catalyst-TOTAL/GUS) the system is not calling for the form, simply the underlying data. Once the application is complete and ready for underwriting submission, you can send the compiled application. 

Our recommended process

1.) For customer facing data collection, use a pre-application kit or web form, with EDI to the LOS
2.) Download a re-configured data integrity review checklist aligned with the new 1003 here

Pre-Application Kit Sample

URLA Review Checklist Sample

Comment - Why all the fuss for a few small changes? Only several new fields added.

Once you dive down into the changes, you can see how minute they are. The new form doesn't add significantly to the collection of data and could have been added to the old form. 

For instance, the addition of a cell phone capture. Honestly, the cell phone could replace the Home Phone, which no one uses anymore. And since each co-borrower now has his or her own application, this actually represents the unique identifier of the loan. 

A litany of pre-filled choices... and then, still, "other"... drives me nuts. Simplification or obfuscation. 

Here is the updated URLA Policy and Procedure - depending on which module you review it goes in the following sections: