A number of inquiries from regulators has prompted some clarifications.
This policy addresses your policy for information sharing, but also refers to the Safeguarding of Customer Information, the second important provision of Reg P/GLB. The procedures and specific policies for this are addressed in your 2.90 Information Security and FACTA Red Flags Plan.
We re-organized the Privacy Section of the Compliance Module to reflect a request one client had from Fannie Mae to address the scope and disposition of consumer information. You can download the policy here and replace it in your module.
2-47 Privacy Act Policy
OFAC and PATRIOT Act Policy
An investor requested clarification/expansion on the OFAC policies. Remember that we check for OFAC Clearance in a number of ways, and the high-level compliance policy, by itself, may not answer the investor's concerns. Specfically:
In the 2-0 Compliance Module
2-47-21 Customer Identification Procedures
2.72 Employment, Screening and Compensation Practices
In the 1-0 and 1-A Quality Control Plan
1-40 Anti-Money Laundering (AML) and Suspicious Activity Reports (SAR)
To help with simplifying the response to investors by simply using the policy listed in the 2-0 Compliance Module, we updated the OFAC/PATRIOT Act Policy. You can download it here:
2-47-2 PATRIOT Act and OFAC Policies and Procedures
Business Plans and "Business Plans"
You may recognize that many states require a "business plan" as part of the licensing approval process. It is important to know that there are two different meanings for this, and we were reminded of this by Virginia's Licensing Process.
- Marketing Business Plan - which describes your strategies for attracting customers, growing or expanding your business, and any innovative advertising, compensation or branching strategies.
- Operating Business Plan - which details how you will manage and compensate loan officers, supervise processors and operate your branch, For companies which are larger than single office sole operators - anyone with a remote office, basically - to satisfactorily respond to these requests you really need the complete mortgage correspondent or mortgage banker packages, which address supervising and management specifically. Your marketing business plan will not (and should not) address these, but should reference them, and be available for inspection.
Here is a sample response to the request:
- Update your business plan to include your marketing plans for Virginia, but send them your origination and processing policies and procedures, ensuring that they contain your correct compensation plan for Virginia.
- Then, in the Marketing Plan, simply state "originators will be paid according to the company's loan officer compensation plan, and processors are paid salary based upon the agreed upon salary rate."
- If you will be using contract processing services, please include that information, and then also include your vendor management plan for third party service providers, as well as your SAFE Act policies.
Michigan Requesting Policy Clarification with Respect to In-Home Loan Applications
Michigan has a requirement that customers receive notification of the products you offer, the process for getting a loan, and that the customer can always apply. This brochure is assumed to be made available to customers when they come to your office. When a loan officer visits a customer in his home, there is no assumption of compliance; you must provide affirmative proof the customer receives that.
As always, if you have a specific need that you don't see, if you need help with anything or if you just have an idea that will make the system better for everyone, please let me know.