QUESTION
I am a mid-sized broker and was
recently examined by our state regulator. We had a very good outcome, but was
surprised that the only written policy that was asked for was Anti-Money
Laundering. In light of this, do I need to continue maintaining written
policies and procedures?
ANSWER
The CFPB has passed federal consumer
law requiring brokers to develop and implement a Compliance Management System (“CMS”).
This includes written policies and procedures that reflect the way that you do
business, evidence that training is being conducted throughout the year on
various policy topics, and that you are adhering to the policies set forth in
your various policies. At the time of passage, the CFPB advised that mortgage brokers
need to show that they were making a good faith effort to comply with these
requirements. Now that these requirements have been law for a few years, it is
uncertain how forgiving the CFPB and many state regulators are going to be if,
in fact, a broker has not complied with these requirements.
As a practical matter, it makes good
sense to have written policies and procedures. Recently, I had a conversation
with a senior executive of a large non-depository lender. I was reviewing our Brokers
Compliance Group’s risk management program. I explained that we had some
twenty-five policy topics available to brokers and mini-correspondents and also
provided some additional services with these policies. The executive told me
that they were of the opinion that most brokers were going online and getting
their policies for free. Really not a good idea, as most of what is scraped off
of the Internet is not compliant!
Many mortgage brokers have chosen to do
nothing and so they take the risk of being the target of regulatory
examinations or inquiries.
The CFPB expectation is that state
regulators would examine licensees and ask for evidence that a CMS is in place.
While some states are a mirror image of the CFPB examination protocols, others
are still working on developing this capability. Some states are doing
operational type exams, focusing on compliance with state regulations and
statutes. Anti-money laundering is one of the more popular policies being
requested. You should also know that brokers are required to conduct an AML
Audit every twelve to eighteen months. This audit is a check on whether you are
following the policies and procedures contained in your actual AML Policy. The
audit (or test) reviews any Suspicious Activity Reports (SARs) that you have
filed. In the event that you did not file any SARs, some closed loan files may
be requested and reviewed.
While you may not be asked for policies
and procedures by a regulator, you can pretty much count on your lender to do
so. We have seen a noticeable increase in the number of lenders asking for
policies and procedures as part of a broker’s application or recertification. I
was particularly drawn to a lender compliance certification document from a
large non-depository lender. The document that is used for broker
recertification was about twenty pages long! A large portion of the document
was dedicated to questions relating to whether the broker had certain policies
and procedures in place. Specific policies referenced were RESPA, TILA, MLO
Compensation, SAFE Act, Anti-Money Laundering, Privacy, Fair Lending, Fair
Credit Reporting Act and Customer Identification Program.
Additional questions were about
training. How frequent is the training, is it conducted internally or
externally, what topics have been trained on, how frequent is the training and
who is conducting the training?
Also, many lenders are asking about the
existence of a Quality Control Plan. Is it internal or external and, if
internal, is the individual doing it independent from production functions?
Increased emphasis is being placed on
Information Technology, Information Security, and Cybersecurity. Do you have
written procedures for securing records? Disaster Recovery Plans (“DRP”) are
frequently requested. Do you have a written DRP and is it managed internally or
externally?
It is important to understand that you
need to answer truthfully when asked to complete a lender questionnaire such as
this one. We are receiving numerous requests from brokers asking us to provide
policies on an expedited basis to put them in a position of being able to
respond affirmatively to their lenders.
There are roughly twenty-five policies
and procedures that cover the various subject matters but there are ten or
twelve policies and procedures that are deemed to be essential. One way of
easing the financial burden and at the same time create a culture of compliance
is to focus on the core policies. Some of them have already been mentioned.
One of the other keys to success is to
associate with a group of independent subject matter experts, such as we
provide in Brokers Compliance Group, so that you have a
resource for customized policies and all of the questions that come up in the
normal course of doing business.
You can begin to build your program now
or you can wait and catch up later. Remember that compliance or lack of compliance
leaves a trail. The choice is yours!
Alan Cicchetti
Director/Agency Relations
Executive Director/Brokers Compliance Group
