Suite of Services

Suite of Services
*Full Service Compliance Support!

TOPICS

Thursday, September 1, 2016

Compliance Management Systems for Mortgage Brokers

QUESTION 
I am a mid-sized broker and was recently examined by our state regulator. We had a very good outcome, but was surprised that the only written policy that was asked for was Anti-Money Laundering. In light of this, do I need to continue maintaining written policies and procedures?

ANSWER 
The CFPB has passed federal consumer law requiring brokers to develop and implement a Compliance Management System (“CMS”). This includes written policies and procedures that reflect the way that you do business, evidence that training is being conducted throughout the year on various policy topics, and that you are adhering to the policies set forth in your various policies. At the time of passage, the CFPB advised that mortgage brokers need to show that they were making a good faith effort to comply with these requirements. Now that these requirements have been law for a few years, it is uncertain how forgiving the CFPB and many state regulators are going to be if, in fact, a broker has not complied with these requirements.

As a practical matter, it makes good sense to have written policies and procedures. Recently, I had a conversation with a senior executive of a large non-depository lender. I was reviewing our Brokers Compliance Group’s risk management program. I explained that we had some twenty-five policy topics available to brokers and mini-correspondents and also provided some additional services with these policies. The executive told me that they were of the opinion that most brokers were going online and getting their policies for free. Really not a good idea, as most of what is scraped off of the Internet is not compliant!

Many mortgage brokers have chosen to do nothing and so they take the risk of being the target of regulatory examinations or inquiries.

The CFPB expectation is that state regulators would examine licensees and ask for evidence that a CMS is in place. While some states are a mirror image of the CFPB examination protocols, others are still working on developing this capability. Some states are doing operational type exams, focusing on compliance with state regulations and statutes. Anti-money laundering is one of the more popular policies being requested. You should also know that brokers are required to conduct an AML Audit every twelve to eighteen months. This audit is a check on whether you are following the policies and procedures contained in your actual AML Policy. The audit (or test) reviews any Suspicious Activity Reports (SARs) that you have filed. In the event that you did not file any SARs, some closed loan files may be requested and reviewed.

While you may not be asked for policies and procedures by a regulator, you can pretty much count on your lender to do so. We have seen a noticeable increase in the number of lenders asking for policies and procedures as part of a broker’s application or recertification. I was particularly drawn to a lender compliance certification document from a large non-depository lender. The document that is used for broker recertification was about twenty pages long! A large portion of the document was dedicated to questions relating to whether the broker had certain policies and procedures in place. Specific policies referenced were RESPA, TILA, MLO Compensation, SAFE Act, Anti-Money Laundering, Privacy, Fair Lending, Fair Credit Reporting Act and Customer Identification Program.

Additional questions were about training. How frequent is the training, is it conducted internally or externally, what topics have been trained on, how frequent is the training and who is conducting the training?

Also, many lenders are asking about the existence of a Quality Control Plan. Is it internal or external and, if internal, is the individual doing it independent from production functions?

Increased emphasis is being placed on Information Technology, Information Security, and Cybersecurity. Do you have written procedures for securing records? Disaster Recovery Plans (“DRP”) are frequently requested. Do you have a written DRP and is it managed internally or externally?

It is important to understand that you need to answer truthfully when asked to complete a lender questionnaire such as this one. We are receiving numerous requests from brokers asking us to provide policies on an expedited basis to put them in a position of being able to respond affirmatively to their lenders.

There are roughly twenty-five policies and procedures that cover the various subject matters but there are ten or twelve policies and procedures that are deemed to be essential. One way of easing the financial burden and at the same time create a culture of compliance is to focus on the core policies. Some of them have already been mentioned.

One of the other keys to success is to associate with a group of independent subject matter experts, such as we provide in Brokers Compliance Group, so that you have a resource for customized policies and all of the questions that come up in the normal course of doing business.

You can begin to build your program now or you can wait and catch up later. Remember that compliance or lack of compliance leaves a trail. The choice is yours! 

Alan Cicchetti 
Director/Agency Relations 
Executive Director/Brokers Compliance Group