MQMR, a CMC Preferred Partner, guides mortgage lenders
through the complex regulatory environment.
CMC Patrons receive a 10% discount on MQMR's compliance, internal audit & advisory services as well as a 20% discount on Vendor Management software fees.
MQMR’s goal in every review is to elevate performance and promote accountability.
Frequently Asked Questions
Internal Audit is required if you are approved or seeking approval from any of the GSEs, and it is also becoming a requirement for some states. A common deficiency in a Fannie Mae or Freddie Mac review is an inadequate or non-existent internal audit program.
Entities approved or seeking to become approved with the GSEs must have, at a minimum, the following three items:
i. Risk Assessment - an assessment that evaluates the various risks of an organization, which may include, but is not limited to, reputational risk, compliance risk, fraud, etc.; and takes into consideration various factors such as past audit results, regulatory requirements, potential for fraud, experience of personnel, growth trends, and date of the last internal audit.
ii. Policies and Procedures - an Internal Audit Policy and Procedure charter should be approved by the Board of Directors and put into place.
iii. Audit Plan - a minimum 12-month audit plan should be developed which outlines ongoing audits to be performed. The audit plan should identify low, moderate, and high-risk areas, and the timeline for auditing those areas.
Testing must be performed by both an independent and qualified party. While this does not mean the audit cannot be performed by an employee, the individual or individuals completing the audit must be fully familiar with AML requirements and cannot be involved in any of the AML functions of the Company. As such, the Company designated AML Officer would be unable to perform the audit. For this reason, many entities engage outside service providers to perform independent audits of their AML program.
Whoever performs the review should report directly to the entity’s Board of Directors or Executive Management. Testing should cover all of the entity’s activities and the results should be sufficiently detailed to assist the Board of Directors and/or Executive Management in identifying areas of weakness so that improvements may be made and additional controls may be established. Among other items, the Company’s written policies and procedures should be reviewed as well as the qualifications of the AML Officer and the Company’s training materials and attendance logs.
In recent years, state regulators have commenced examining the AML programs of their supervised entities more closely. In particular, many states now require entities to produce AML policies and procedures, as well as AML risk assessments and independent AML audit results as part of examinations. Failure to maintain these documents can oftentimes result in an adverse finding. Some states also maintain their own money laundering regulations, such as California, Florida, New Jersey, and Texas.
Most recently, on June 30, 2016, New York State’s Department of Financial Services (“NYADFS”) issued a final Anti-Terrorism Transaction Monitoring and Filtering Program regulation. The new regulation, which goes into effect January 1, 2017, requires regulated institutions (banks, check cashers and money transmitters) to maintain a Transaction Monitoring Program that monitors transactions for potential BSA/AML violations and Suspicious Activity Reporting. The regulated entities will have to annually submit a board resolution or senior officer compliance finding to the NYSDFS confirming the steps taken to ascertain compliance with this regulation. Nonbank mortgage lenders and originators are not currently covered by this regulation.
i. Deficiencies are identified and appropriately mitigated;
ii. Management and staff possess adequate knowledge to perform in a custodial capacity;
iii. The Document Custodian has established controls, policies and procedures;
iv. The Document Custodian meets the minimum requirements as determined by GNMA;
v. The Document Custodian is issuing Final Pool Certifications in a timely manner as required by GNMA;
vi. Recorded modified documents and reinstated loans have had documents inserted into the pool or removed from the pool; and
vii. A loan-level review from a selection of pools is conducted. Files must be reviewed to ensure that the collateral file is intact and contains all the necessary original documents and endorsements.
For most lenders, these areas are not a key area of expertise; therefore, outsourcing to third parties that have the expertise is a common practice. External auditors can be an effective way to ensure the Document Custodian is compliant with Ginnie Mae guidelines.
Featured Compliance Hot Topics
- Procedures demonstrating how the master servicer verifies that the subservicer is actually following its own procedures;
- An explanation of how the master servicer implements quality control audits and when and how often such audits will be performed;
- A method to track subservicer servicing errors and deficiencies, as well as any remediation plans; and
- As a best practice, an annual onsite visit that permits the master servicer to sit with key subservicing staff to understand the staff’s day-to-day process and reconcile it against the subservicer’s written policies and procedures.
- Conditions that require the identification of a suitable property;
- Conditions that require that no material change occur regarding the applicant’s financial condition or creditworthiness prior to closing; and
- Limited conditions that (a) are not related to the applicant’s financial condition or creditworthiness and (b) you ordinarily attach to a traditional home mortgage application (such as requiring an acceptable title insurance binder or a certificate indicating clear termite inspection and, if the applicant plans to use the proceeds from the sale of the applicant’s present home to purchase a new home, a settlement statement showing adequate proceeds from the sale of the present home).
- Determine whether the AUS used to evaluate the application matches the loan type reported (i.e. Total Scorecard for an FHA loan). If so, determine whether you obtained only one result from that AUS. If so, report that information.
- If you used an AUS that does not match the loan type reported or if you obtained more than one result from the AUS that matches the loan type reported, determine whether an AUS that was used to evaluate the application matches the purchaser, insurer, or guarantor (if any) for the loan (i.e. Desktop Underwriter for a loan that Fannie Mae purchased). If so, and you obtained only one result from that AUS report that information.
- If you did not use an AUS that matches the purchaser, insurer, or guarantor or if you obtained multiple results from an AUS that matches the purchaser, insurer, or guarantor or loan type, you report the result that is closest in time to the credit decision and the AUS that generated that result.
To the extent the name of your company appears on any social media utilized by a mortgage loan originator (“MLO”), the company’s NMLS Unique Identifier should be set forth in a clear and conspicuous manner. We are even aware that, most recently, some state banking departments, such as New Mexico and Oklahoma, have fined lenders where their unlicensed employees failed to list the company’s NMLS Unique Identifier on personal social media pages that listed the company’s name.
With respect to the NMLS Unique Identifier of a MLO, it is a best practice to list it on the MLO’s personal social media pages if the MLO mentions that he or she is a loan originator working on behalf of the company. It should be noted, however, that the requirement to list the NMLS Unique Identifier may depend on what is stated on the MLO’s personal social media page as well as the states in which the company and/or MLO operate. Any commercial message promoting a credit transaction must adhere to all state and federal advertising rules which exceed merely listing the company’s and MLO’s NMLS Unique Identifier.
So how do you manage this? It is a best practice to determine what social media pages a MLO utilizes at the time of onboarding, in addition to ensuring the MLO knows and understands the company’s social media and advertising rules. It is also essential that you train your MLOs and entire staff on both federal and state advertising requirements. This should be done at initial hire, follow with consistent reminders (no less than semi-annually), as well as annual recurring training. You should also perform random social media audits and monitoring to identify any possible violations and prove to regulators that you are proactive in monitoring social medial compliance. Additionally, it is a best practice to ensure any MLO departing the company (voluntarily or involuntarily) removes his or her affiliation with your company in a timely manner, so as to avoid potential UDAAP (Unfair Deceptive Abuse Acts and Practices) issues.
Case Studies & Testimonials
- Jim Svinth, EVP of Enterprise Risk Management at LoanDepot
Case Study #1
Approach: SQC identified the loan through a Customer Service audit. A review of the customer service call prompted an expanded review of the circumstances which lead to the Lender-Placed Insurance.
Results: The review of the Lender-Placed Insurance circumstances allowed SQC to create a “Red Flag” memo explaining the timeline of events and the circumstances that lead to the doubling of the borrower’s PITI to the client. The client was able to intervene with their Sub Servicer, obtain a less expensive hazard insurance policy for the borrower, which resulted in halting a foreclosure.
Criteria and Performance: This loan highlights SQC’s multidisciplinary approach. The loan was originally reviewed under an unrelated Area of Interest (Customer Service) but still identified Lender Placed Insurance defects. The Customer Service call was related to why the borrower’s payment increased. This prompted SQC auditors to review additional aspects of the loan which revealed a large increase in the borrower’s PITI. All SQC auditors are cross-trained on all AOIs. This additional experience allowed the SQC auditors to identify a problem in servicing that did not match any traditional servicing area, as no specific servicing guideline or compliance guideline was violated.
Learn More About Our Partnership
CMC provides exclusive offerings and value-added services to mortgage lenders nationwide. Therefore, we work together with MQMR to bring tangible benefits to CMC’s cooperative membership. Our alliance with MQMR provides Patrons with a myriad of mortgage solutions, and supports CMC’s ongoing commitment to continue partnering with highly respected companies.