Thursday, March 5, 2020

Where's my Privacy Policy?

Most Important - The first form you should give to a customer

In this era of wholesalers taking applications in your name at the point of sale, it's important to note the timing of the Privacy Policy. It should be delivered BEFORE you share the information with a vendor (credit bureau, appraiser, WHOLESALER/INVESTOR, etc.)

Where's my Privacy Policy?




Gramm-Leach-Bliley (GLB) Privacy rules received an inordinate amount of attention in the pre-crisis compliance era. This is due to corporate structures that share consumer information, often without the customer's knowledge. To protect consumers against unauthorized sharing so that affiliates and other firms can market to your consumer, the Opt-Out Provisions of the Gramm-Leach-Bliley privacy rules require that companies tell consumers how they treat consumers' private information. In addition, the company must give the consumer the option to elect NOT to share that information. This results in the form the consumer receives and the instructions they use to opt out. 

We still see MANY questions regarding this form and its proper completion, so we have provided this simple guide to correctly populating the form fields. 

When a Regulator Asks for your Privacy Policy

We get the question, "where is my Privacy Policy?" in the policies and procedures we provide. It's natural to ask us because of how the question is phrased. But this one does not come in a formulaic narrative manual. It's embodied in your disclosures and (hopefully) on your website. The "Model Privacy Notice" is your "Privacy Policy" as far as GLB is concerned. 



How to Correctly Complete the Form

  1. Add income/employment, asset, credit history, and property information as necessary.
  2. YES - you send to investors, underwriters, secondary market partners, title companies, etc. 
  3. NO - they can't limit it because they wouldn't get a loan if you didn't share it.
  4. Depends on your marketing - do you market to your customers - past or present? (e.g., email blasts) If yes, then yes, and your customer must be able to opt out, and you have to have a toll-free number.

Many States Require Specific Disclosures on the Form, Such as Vermont







Not Every Privacy Policy is a GLB Privacy Policy


Often, a regulator will ask for a Privacy Policy, referring to a policy or procedure describing how you will keep your customer's information private. In other words, "Information Security" and not "Privacy."

Tuesday, March 3, 2020

North Carolina Mortgage Licensing and Examinations - What have we learned?

It should surprise no one that NCCOB - the nation's FIRST state regulator to initiate anti-predatory lending laws, and one of the first to initiate robust pre-licensing training, AND was a leader in pre-Dodd-Frank regulation - has now taken the flag as one of the most detail-oriented examiners. 

Expect an initial examination within the first 12 months of licensing. Existing licensees who have never been examined should expect one, and this normally coincides with a complaint or other inconsistency.

For those licensed in the state, NCCOB (North Carolina Commissioner of Banks) has clearly and transparently posted its expectations. Yet over and over we see brokers and lenders alike responding with surprise to examination findings and questionnaires. When we review the findings to help licensees comply we aren't surprised, just a little disappointed at what some might call willful blindness.

We have a great deal of respect for the rational approach that the regulator has taken. Nothing in the findings represent anything that brokers or lenders shouldn't be responsible for. If anything, our concern is that these problems exist elsewhere and propagate because of a lack of oversight.

Broker Fee Agreements


It's illegal to collect a fee without the customer's explicit agreement. These files show missing or incorrect broker fee agreements, or incorrectly completed lender financing agreements. The common response or argument is that the LE or CD provides the customer's tacit agreement. However, it's usually too late at that point; the information on the LE/CD should come from the financing or broker agreement.

For our customers, we devote a section of our quality control plan for correct completion and retention of financing or fee agreements.

BSA/Anti-Money Laundering Plans


We sell both stand-alone anti-money laundering plans, or better yet, QC (Quality Control) plans that identify the full set of FinCEN (FINancial Crimes Enforcement Network) identified Red Flags. Our BSA/AML (Bank Secrecy Act/Anti-Money Laundering) plans use these to identify potential SARs (Suspicious Activity Reports) for reporting.

Most people don't read them.

Otherwise, they would know that they include:


  • A SAR Reporting Workflow
  • A Compliance Officer (You have to put the person's name where it says "Insert Compliance Officer here")
  • Initial and Periodic Training (We give this away here, or provide a checklist to ensure you have taken AML specific training as part of your Continuing Education)
  • Both FinCEN and Industry Specific Red Flags

When we see a finding related to "deficient AML plans" these all fall under that category.

Missing Documents in Audit Files


Inexcusably, many files reflect missing exhibits or data reflected in reporting doesn't match loan files. THIS IS JOB ONE of a quality control plan! Time spent retrieving documents from investors, closing agents or even borrowers represents lost loan production time; wouldn't you rather spend time originating than chasing old loan file exhibits? 

This is the reason our QC Plan has a closed loan checklist. Click to download NCCOB's version here. We find it interesting that the checklist they provide bears some resemblance to the one in your plan:





1099's - Beware EVERYONE


We recently wrote an article on 1099 compensation of originators. NCCOB takes the position that originators are employees. Unless you follow the recommendations in our article, expect an issue with 1099 payments. Further, BRANCH MANAGERS ARE EMPLOYEES by definition; you can't be a contract manager. No Branch Manager 1099s. Also, you can't have branches in homes.


Contract Processors and other unlicensed entities


As above, compensating 3rd parties for work normally done by employees, such as processing, should automatically prompt you to require licensing of that individual or service.