Federal laws now require every “covered business” to have a compliant system in place at all times. Covered business includes mortgage brokers and lenders. Mortgage originators are also required by law to have compliant systems for the origination of mortgage loans. When I started my business 15 years ago, I began a mission of defining and using a “Compliant System.” This has resulted in the establishment of my company’s “Business Operating Principals.” One of the main principals is the “Principals of Compliance.”
Principals of Compliance
According to the many consumer protection laws, a compliant operation has a system in place to document and apply the following:
1. Safe handling of all documents;
2. Well-documented communications between all parties;
3. Safe handling of all electronic documents, e-mails, faxing and texts received and sent;
4. Well-documented policies and procedures;
5. Generally Accepted Accounting Principles (GAAP)-compliant financial controls;
6. Training and oversight of operations; and
7. A Red Flags procedure.
Every mortgage broker or lender business in the country must do something about implementing such a system. I would like to establish a starting point by which a small company would embark on such a mission.
According to federal laws, every mortgage originator has a legal responsibility to deter, detect and defend the information of every person they serve. This requires companies to closely follow all relevant laws covering the operation of their business. At this time, excluding individual state laws, there are about 75 major federal laws and regulations that govern some aspect of the mortgage origination business.
The following laws required increased compliance for businesses that have access to non-public personal information:
USA Patriot Act (USAPA) 2001
The Patriot Act requires every company to identify, through appropriate documentation, the actual identity of a person.
SAFE Mortgage Licensing Act 2008
The SAFE Act mandates that all states enact laws governing the qualifications and licensing of all state-licensed and registered mortgage loan originators. The individual states are in the process of implementing the specific requirements over the course of the coming year. In addition, the U.S. Department of Housing & Urban Development (HUD) has published the proposed rule for minimum standards as mandated by the SAFE Act in order to facilitate the responsibilities placed on HUD under the Act. State laws passed during 2009 and 2010 place requirements on all mortgage loan originators to comply with both federal and state laws. The education and testing requirements of the new laws make it clear that an understanding of the laws, are the minimum requirement for entry into the profession. It is the implementation of the SAFE Act that provides states with the authority to enforce compliance with the laws.
Real Estate Settlement Procedures Act (RESPA)
RESPA now requires a new Good Faith Estimate (GFE) and HUD-1 form that requires lenders to make certain that the actual costs disclosed on the GFE at time of application, harmonize with the Settlement Statement the borrower sees at closing. In the past, the forms routinely differed, causing consumer complaints that led to the new regulations. If the amounts are expected to differ during the loan process due to verifiable "changes in circumstances," the lender is required to re-disclose and issue a revised GFE. At the same time, all the calculations must be consistent on the system to make certain the HUD-1 accurately reflects the changes. Failure for compliance will require mortgage brokers and lenders to detect such violations and reimburse customers within 30 days of closing or face penalties and increased rescission periods. Failure to comply will increase costs to brokers.
Truth-in-Lending Act (TILA)
The final rule regarding TILA changes should be published at some point in 2010. The final rule will redefine fees and charges considered finance charges for annual percentage rate (APR) purposes, change the TIL Statement content and format, including amortization types, prohibit payments to mortgage brokers or creditor loan officers based on the interest rate or other loan terms, prohibit steering consumers to less favorable loans in order to increase compensation, require 60-day notification of ARM loan changes, require monthly statements on loans where negative amortization is possible, replace home equity line of credit (HELOC) disclosure, enhance periodic statements for open-end credit, require 45-day notice for changes to HELOC terms and change protections regarding credit line suspensions or reductions.
Fair and Accurate Credit Transactions Act of 2003 (FACTA)/Red Flags
FACTA directed financial regulatory agencies, including the Federal Trade Commission (FTC), to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit—or arranges for others to do so—and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers that provide or arrange financing, mortgage brokers, utility companies, telecommunications companies, non-profit and government entities that defer payment for goods or services, and businesses that provide services and bill later, including many lawyers, doctors and other professionals.
The Gramm-Leach-Bliley Act imposed strict guidelines for the security and disclosure of Non-Public Private Information (NPPI). Privacy laws changed dramatically under this new law passed in 1999. The Gramm-Leach-Bliley Act imposed strict guidelines for the security and disclosure of NPPI. The complete law can be found by clicking here.
Responsible information management
Every person in your organization must be held accountable and every organization must create a system of "Responsible Information Management". This system must be in use every day and by every employee. In order to meet the requirements, every company must:
1. Raise awareness
2. Create policies and protections
3. Train its staff
4. Hold all employees and vendors accountable
5. Monitor and re-train employees on policy breaches
6. Actively protect customers
7. Detect risks
8. Respond to violations and breaches
In developing a compliant system, just as in any other process, it starts at the top. In this case, the top begins with the “Responsible Individual.”
The federal SAFE Act, as implemented by many states, created a new classification of individuals for employment purposes in mortgage lending operations. The Responsible Individual (RI) or a branch manager is required to have two to three years of experience in the mortgage business, within the five years immediately preceding the application.
There are many references to Responsible Individuals or branch managers, but there is no information on what a Responsible Individual’s actual responsibilities are. The RI is pretty much responsible for everybody involved in all loan transactions that happen in the branch. The parties can include originators, processors, customers, appraisers, lenders, attorneys, title companies, vendors, landlords and the list continues. They must be responsible for the application of the laws, and for the prevention and detection of fraud. They must be responsible for reports required by state banking departments, and most importantly, notifying the banking department about key changes and actions by originators, including felonies and other events, such as bankruptcies or other conditions.
Background: A historical perspective
In 1781, the British surrendered to George Washington at Yorktown. This was not a major battle. The defeat of the British was the direct result of implementing a strategy, which was nothing more than a carefully designed system using all of the knowledge available at the time. The victory at Yorktown was the result a five-year plan to accomplish overwhelming odds and defeat the most powerful fighting force that ever existed. This strategy and implementation define the components of a successful plan and has enormous value to business operators today. The key components of Washington’s strategy were leadership, training, weapons and intelligence.
Leadership was very much a standard in the military at the time. A single authority uses a tightly organized regimen of officers and soldiers to execute the mission. Business is also organized in the same way. A branch manager has the authority of the officer who is in charge of a branch or a battalion. A senior person usually takes on the role of the officers.
Leadership is vital in changing an organization as it heads into unknown territory, imposing a prospect of failure and what that means to the organization. Every new employee, customer, referral source and vendor must be dealt with delegated leadership. Executing planned activities in a practiced manner signifies the leadership. Leadership says we are performing our business to protect and enhance the value of the organization to our customers and to the communities we serve. That is quite a proposition. Don’t we all feel that way?
Leadership requires us to reorganize our staff and empower them with a new imperative to play a part in something new and improved. A complete business plan must be selected and promoted first to each employee then to each affiliate, referral source and customer.
Training is a standard in the military. First, they train the body in boot camp, then they train your mind in the classroom, and then they put you to work doing your job repetitively until you have it right. In the case of mortgage operations, training involves doing things in a new way that is well documented and creates accountability. Instead of scanning a document and e-mailing it through Outlook, the document is first cataloged, compressed, stored in a secure environment and then backed up. The e-mail and its contents are then created in a standard companywide format, delivered to the customer documented by a copy sent to the sender. An entry that the e-mail was delivered and to whom, is automatically recorded. Every process performed by every individual goes through this process or data gets lost, and information vital to closing a loan is delayed and business suffers.
Training on a system is the only training that can have a lasting effect. Teaching your staff on accessing documents, data storage and accountability deals with e-mails, faxes and copies.
Weapons are the tools that we use to leverage our abilities and help us accomplish our goals on a day-to-day basis. One of the amazing reasons why America won its independence can be attributed to a single weapon that had been in existence for years. You would have thought it was a cannon, machine gun, poison or some chemical used. It wasn’t. It was something carried by every enemy soldier at the time. It was a mainstay of military fighting and used by the British for hundreds of years. British military forces were so powerful they would usually overrun enemy forces in a standard military line formation. With guns and cannons they would pulverize their enemy long before any close encounter. George Washington had been trained in British battle tactics. The only way he would ever defeat an enemy hundreds of times more powerful than his was to implement strategies to defeat the traditional battle formation. He needed to change the very nature of the battle. He needed to use everything he knew about battle tactics by breaking down each component.
For the past 100 years in America, rifles and handguns were the dominant weapons to overcome an enemy. Stand up enough people with guns all firing in the same direction and soon enough the enemy was defeated. Being resourceful, Washington could not play that game. So he changed the way the soldier’s weapons were used. He turned the large battlefield, where most wars were fought, into small skirmishes of hand-to-hand combat. This strategy slowly eroded the very power that could have easily defeated him. Instead of training his troops on standard battlefield maneuvers, Washington trained his army on guerrilla warfare and hand-to-hand combat. His weapon of choice was the bayonet attached to each rifle, and the rest is history.
When they could not form battle lines and perform as trained, Washington used his weapon to attack from the side. The success of his system of hand-to-hand combat was solely dependent on the last of the key factors … intelligence.
Washington’s use of intelligence was the most important factor in implementation. He had to know where the enemy was and, most importantly, where they would be going. To implement the American strategy, Washington needed a system that gathered key information while providing a secure, fast and reliable way to transmit the information back to a single source, the command center. As each new piece of information was delivered though a strategically designed spy network, strategists were planning continuous small attacks on the main armies. This continued for five years, 24 hours a day. Politicians scolded Washington for failure to produce victories in major battles. Washington was determined to win the war, not just gain the glory of a victorious major battle. He knew he had a system and that he had to stick to it for it to work. He knew he could not listen to the politicians and subordinates and that he had to keep his system confidential. He certainly was not going to divulge strategies to Congress.
Washington’s strategies have many similarities to the mortgage origination business of today.
George Washington’s strategies have many similarities to the mortgage origination business of today. Originators and processors strive to serve customers with the same products the competition (big banks) have. The competition uses tactics and attack in line formation with large numbers of people, advertisements, and capital. They form marketing alliances with Realtor partners and use expensive direct mail, television and the Internet to entice customers, sometimes into paying higher fees and interest rates than the smaller company would charge. They have unlimited resources, but they also must maintain the line formation tactics and cannot deviate.
The Successful Mortgage Broker takes a hand-to-hand approach with people to the community, providing a service and access to knowledgeable professionals. Leadership, training, weapons and intelligence are the most viable solutions for small businesses today. The training, weapons and intelligence are all components of a system that can be worked on and modified as quickly as the intelligence feeds us new information on rates, programs, laws and regulations. The weapons used in mortgage origination are transparency, education, accountability and a complete system to document the results.
This leads us to the Principals of Compliance, which formulates a working system around the company policies and procedures model. The principals govern appropriate business processes, activities and outcomes to meet legal requirements.
The Principals of Compliance include raising awareness; creating policies, procedures and protections; frequent training; holding all employees and vendors accountable; monitoring and re-training employees on policy breaches; actively protecting customers; detecting risks; and responding to violations and breaches. Let’s look at each component.
To raise awareness, there must be notice and validation of proper methods to officially document an activity making the First Principal of Compliance that all communication must be recorded, time-stamped and serially logged to be considered a valid transaction. All replies and comments that relate to the original communication must contain a copy of the original, thus validating it.
For example, an originator requests their processor to run a loan through a lender’s automated underwriting system (AUS) and then notify them of the results. The processor would then submit the loan, get the findings, record the findings in the record and notify the originator of the results by replying to the request. If the processor were delayed in performing the request, the reply would indicate an acknowledgement of the request and document when it would be completed. This process is called notification and verification. It works with all interactions between employees and prevents misunderstanding and potential compliance violations.
In order for this process to occur, the creation of Policies, Procedures and Protections would be necessary. The definition of a valid transaction is the fact that they are documented and made readily available to all parties. This makes the Second Principal of Compliance that all valid business policies and procedures are documented in a single Company Model. The Company Model is a combination of the employment contracts, employee manuals, company charter and company operating manuals. All activities, goals, resources, guidelines and policies are derived directly from the Company Model.
Execution of an ongoing training system is necessary for compliance. As a result of the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), all states now require continuing education (CE) to inform originators now to operate lawfully. Changes in laws, new regulations or even new programs must be included in a system of processes designed to educate staff and arm them with the most effective weapons. The Third Principal is that all activities must be included in the Company Model and all training must apply to the components of the Company Model to be valid.
For instance, the company policy may require a written opinion letter to be sent to every applicant even if the company is unable to provide a loan. The policy is designed to improve the chances that a person will come back to the company at a later date when they have met the requirements of the opinion letter. Maybe you could not submit a loan for them because their credit score is below 580. The opinion letter would inform them what steps they need to take in order to qualify for a loan at the best rates available by recommending how to increase their scores. It’s a good reason to mail them something they will hang onto by taking information and providing a comprehensive narrative about their current credit status.
The Fourth Principal is any violation of principals is automatically considered a personal transaction. A personal transaction, along with all its associated communications, is not considered valid and is solely executed by the individual on his or her own responsibility. Such transactions, when identified, are analyzed, grouped together and isolated from company documentation, allowing the company to prove the employee acted without authority and in violation of company policy.
Violations of Compliance Principals must be addressed in a process that monitors and retrain employees on policy breaches using minor violations as an education, while repeated or major violations are eliminated quickly. The Fifth Principal of Compliance is staff can only be judged by the results of valid transactions. Inappropriate use of company time or resources for invalid and consequently inappropriate transactions will always be a reason for termination … no exceptions.
Committing violations of the company model is automatically considered as an act against protecting customers and every effort must be taken to consider if there can be an adverse effect on the customers and vendors we serve. Principal Six is any valid or invalid use of staff time or resources must be reviewed and its effects on customer considered.
The Company Model and all valid transactions are reviewed and summarized to identify potential risks. Principal Seven is inspect what is expected. A system to review and control communications is critical to supporting a claim of full compliance. As e-mail becomes the primary method of communication, all e-mails are maintained in separate accounts. Company managers cannot review the e-mails of every employee in real-time. However, when a company uses an internal messaging system for all communications, the file can be easily monitored. Methods that search for keywords can produce significant information about the content of messages and potentially divert a difficult situation.
In order to respond to violations or breaches, the violation must be promptly identified, evaluated and corrected in accordance with the Company Model for violations. Principal Eight is to Protect Your Mission by complying with it every day. Leadership requires proactive measures to move the business forward and to remove unnecessary obstacles.
Creating a compliant system requires daily policies, procedures and protections to become routine. Compliance in itself can be overwhelming unless you have a system that is designed to handle it.
Don DeRespinis is a certified public accountant (CPA) and a Certified Residential Mortgage Specialist (CRMS). He and his wife Deb Killian have operated Charter Oak Lending Group LLC, a mortgage broker and correspondent lender with licenses in Connecticut, New York and Florida for the past 15 years. They have also developed a comprehensive and integrated business operating system used to operate all aspects of a mortgage origination branch, including integrated document management, communication management, accounting, compliance and controls. For more information, visit www.mortgagecenter.net or e-mail [email protected]