Intro to Mortgage Origination Examinations Training - July 2025
Introduction to Mortgage Origination Examinations Training
July 7-17 , 2025 Live Virtual
@ www.csbs.org ♦ @csbsnews
CONFERENCE OF STATE BANK SUPERVISORS 1300 I Street NW / Suite 700 / Washington, DC 20005 / (202) 296-2840
Introduction to Mortgage Origination Examinations Training - Live Virtual July 7-17, 2025
Week 1 Monday, July 7, 2025 12:30 pm – 1:30 pm
Introductions & Welcome
Mortgage Reg Overview
1:30 pm – 2:00 pm
2:00 pm – 2:15 pm
Break
Corporate Governance
2:15 pm – 3:15 pm
3:15 pm – 3:30 pm
Break
Corporate Governance (Cont.)
3:30 pm – 4:30 pm
Tuesday, July 8, 2025 12:30 pm – 12:40 pm
Prior Day Review
Scoping an Examination
12:40 pm – 2:00 pm
2:00 pm – 2:15 pm
Break
Policy Review
2:15 pm – 3:15 pm
Policy Review Exercise
3:15 pm – 4:00 pm
Exam Scoping Exercise - Independent Work
4:00 pm – 4:30 pm
Wednesday, July 9, 2025 12:30 pm – 1:00 pm
Prior Day Review
Mortgage Advertising
1:00 pm – 2:00 pm
2:00 pm – 2:15 pm
Break
Mortgage Advertising (Cont.)
2:15 pm – 3:15 pm
Mortgage Advertising – Independent Work
3:15 pm – 4:30 pm
Thursday, July 10, 2025 12:30 pm – 1:00 pm
Prior Day Review
Basics of Financial Analysis
1:00 pm – 2:00 pm
2:00 pm – 2:15 pm
Break
Basics of Financial Analysis (Cont.)
2:15 pm – 3:15 pm
Financial Analysis Exercise - Independent Work
3:15 pm – 4:30 pm
Week 2 Tuesday, July 15, 2025 12:30 pm – 1:00 pm
Prior Day Review
Compliance 101: Loan File Review
1:00 pm – 2:15 pm
2:15 pm – 2:30 pm
Break
Compliance 101: Loan File Review (Cont.)
2:30 pm – 4:00 pm
Loan File Review Exercise - Independent Work
4:00 pm – 4:30 pm
Wednesday, July 16, 2025 12:30 pm – 1:45 pm
Prior Day Review
Writing the Report of Examination
1:45 pm – 2:15 pm
2:15 pm – 2:30 pm
Break
Writing the Report of Examination (Cont.)
2:30 pm – 3:00 pm
Sample Writing Review
3:00 pm – 3:30 pm
Writing Exercise - Independent Work
3:30 pm – 4:30 pm
St
Thursday, July 17, 2025 12:30 pm – 1:00 pm
Prior Day Review
How to Run an Effective Meeting
1:00 pm – 2:00 pm
2:00 pm – 2:15 pm
Break
How to Run an Effective Meeting (Cont.)
2:15 pm –2:40 pm
Pop-Up Presentations
2:40 pm –3:00 pm
Exit Meeting Role Play Exercise
3:00 pm – 3:55 pm
Conclusion
St 3:55 pm – 4:00 pm
Internal Use Only
Introduction to Mortgage Origination Examinations Training
Internal Use Only
Zoom
Internal Use Only
Schedule Week 1
July 7: 12:30 PM – 4:30 PM ET July 8: 12:30 PM – 4:30 PM ET July 9: 12:30 PM – 4:30 PM ET July 10: 12:30 PM – 4:30 PM ET Week 2 July 15: 12:30 PM – 4:30 PM ET July 16: 12:30 PM – 4:30 PM ET July 17: 12:30 PM – 4:30 PM ET
Internal Use Only
Attendance Policy In order to receive a certificate of completion for a CSBS virtual training, an attendee may not miss more than 1 hour throughout the duration of the training. Attendees must also participate in all training activities to receive the credit hours (CEHs) and certificate including:
1. Student Exercises 2. Final Assessment
Internal Use Only
Senior Financial Examiner Non-Depository Entities North Carolina Commissioner of Banks egarcia@nccob.gov Eric Garcia
Internal Use Only
Principal Financial Examiner Consumer Credit Division Connecticut Department of Banking daniel.landini@ct.gov Daniel Landini
Internal Use Only
Consumer Financial Services Supervising Examiner Nebraska Department of Banking and Finance jeff.l.peterson@nebraska.gov Jeff Peterson
Internal Use Only
Chief Learning Officer Washington State Department of Financial Institutions lindsay.stenger@dfi.wa.gov Lindsay Stenger
Internal Use Only
Mortgage Originations Training Team Supervisor Non-Depository Entities North Carolina Commissioner of Banks ktucker@nccob.gov Kareeme Tucker
Internal Use Only
Introductions
NAME
AGENCY AND STATE
FUN FACT ABOUT YOURSELF
Internal Use Only
Go to www.kahoot.it and enter Game PIN provided
Internal Use Only
Session Learning Objectives:
1. Review Day One:
Mortgage Examiner Training
Internal Use Only
Session Learning Objectives:
2. Understand state supervision of the mortgage industry
Internal Use Only
Session Learning Objectives:
3. Discuss federal
agencies and their roles related to the mortgage industry
Internal Use Only
Session Learning Objectives:
4. Apply concepts to exam scenario exercises
Internal Use Only
Mortgage Regulation Overview
Internal Use Only
Introduction to Mortgage Origination Exams
State Supervision
SAFE Act & NMLS
Information Sharing
Federal Agencies
Internal Use Only
State Supervision
• Jurisdiction over non bank mortgage entities • Each state is a sovereign entity
Internal Use Only
State Supervision
• Prior to 2008, no federal statutes for non-bank mortgage entities or individuals taking mortgage applications
Internal Use Only
Life Before the SAFE Act & NMLS • Inconsistent • Bad actors • Monthly all-states conference calls
Internal Use Only
Introduction to Mortgage Origination Exams
State Supervision
SAFE Act & NMLS
Information Sharing
Federal Agencies
Internal Use Only
SAFE Act
• Enacted in 2008 • Minimum standards • Model legislation
Internal Use Only
SAFE Act Question:
Prior to the passage of the SAFE Act and creation of the NMLS do you know how your state agency regulated residential mortgage companies and their mortgage loan originators?
Internal Use Only
SAFE Act
Mortgage Loan Originators (MLOs) • Testing • Education • Background check • Credit report
Internal Use Only
NMLS
Nationwide Multistate Licensing System (NMLS) • State licensing system • Uniform applications • Consumer access portal • CSBS, AARMR, SRR
Internal Use Only
NMLS
Nationwide Multistate Licensing System (NMLS) • Expanded licensing • Name change
Internal Use Only
SES
State Examination System • Platform for scheduling, exams, investigations, enforcement actions & complaints • Communication portal • Resource for exams & complaints
Internal Use Only
Mortgage Regulator Trade Associations CSBS & AARMR • State regulator Board of Directors • Resources for states & examiners • Promote coordinated supervision
Internal Use Only
Introduction to Mortgage Origination Exams
State Supervision
SAFE Act & NMLS
Information Sharing
Federal Agencies
Internal Use Only
Information Sharing Question: Do you know which of your state statutes or rules allows your agency to share information with other state and federal financial services regulatory agencies?
Internal Use Only
Information Sharing
• Nationwide Cooperative Protocol & Agreement May 1, 2009 • MOU between CFPB & CSBS January 4, 2011 • CFPB-State Supervisory Coordination Framework May 7, 2013
Internal Use Only
Key State Regulator Committees • Non-Depository Supervisory Committee (NDSC) • State Coordinating Committee (SCC) • Multistate Mortgage Committee (MMC)
Internal Use Only
Introduction to Mortgage Origination Exams
State Supervision
SAFE Act & NMLS
Information Sharing
Federal Agencies
Internal Use Only
Information Sharing Question: What are the names of some of the federal agencies that play a role in mortgage supervision and/or shaping the mortgage marketplace?
Internal Use Only
CFPB
Consumer Financial Protection Bureau • Established 2010 • Accountability & consumer protection • Supervisory authority
Internal Use Only
HUD United States Department of Housing & Urban Development • Founded 1965 • Support community development & homeownership • Enforces Fair Housing Act
Internal Use Only
FHA
Federal Housing Administration • Created by National Housing Act of 1934 • Part of HUD in 1965 • Provides mortgage
insurance on loans by FHA approved lenders
Internal Use Only
FTC
Federal Trade Commission • Independent federal agency created in 1914 • Dual mission • Fair Credit Reporting Act • Fair Debt Collection Practices Act • Mortgage Assistance Relief Services Rule
Internal Use Only
VA
U.S. Department of Veterans Affairs • Federal agency providing services to veterans • VA Home Loans • Eligible borrowers get more favorable terms
Internal Use Only
FHFA
Federal Housing Finance Agency • Established by the Housing and Economic Recovery Act of 2008 • Oversees housing government sponsored enterprises
Internal Use Only
GSE
Government Sponsored Enterprise • Quasi-governmental entity • Not direct lenders • Guarantee third-party
loans & purchase loans in the secondary market
Internal Use Only
GinnieMae
Government National Mortgage Association • Wholly owned government corporation • Housing & Urban Development Act of 1968 • Primary financing mechanism for government-insured or guaranteed mortgage loans
Internal Use Only
Internal Use Only
Resources
• SAFE Act Resources: https://mortgage.nationwidelicensingsystem.org/SAFE/Pages/default.aspx
Internal Use Only
Internal Use Only
Corporate Governance
Internal Use Only
Session Learning Objectives: 1. Discuss the meaning
of corporate governance
Internal Use Only
Session Learning Objectives: 2. Understand the role and responsibilities of a board and senior management
in corporate governance
Internal Use Only
Session Learning Objectives: 3. Review the 13
principles of governance
Internal Use Only
Corporate Governance
Internal Use Only
Internal Use Only
Corporate Governance for Mortgage Companies Guidelines – Corporate Governance Principles for Banks • July 2015 • Applicable to any company • Principles are scalable
Internal Use Only
Corporate Governance for Mortgage Companies
Why is corporate governance so critical?
Internal Use Only
Corporate Governance for Mortgage Companies
• Essential element of safe & sound operations • Minimizes supervisory intervention • Increased focus on risk & supporting framework
Internal Use Only
Corporate Governance for Mortgage Companies 3 Lines of Defense: 1. Business Line 2. Risk Management 3. Internal Audit
Internal Use Only
Corporate Governance for Mortgage Companies
• “Tone at the Top” • Written Code of Ethics • Tailored to the company
Internal Use Only
13 Principles of Governance
Internal Use Only
13 Principles of Governance 1. Board’s Overall Responsibility 2. Board Qualification & Composition 3. Board Structure & Practices 4. Senior Management 5. Governance of Group Structure 6. Risk Management Function
Internal Use Only
13 Principles of Governance 7. Risk Identification, Monitoring & Controlling 8. Risk Communication
9. Compliance 10. Internal Audit 11. Compensation 12.Disclosure & Transparency 13.Role of Regulators
Internal Use Only
1. Board’s Overall Responsibility
Internal Use Only
1. Board’s Overall Responsibility Responsibilities of the Board • Approving and overseeing management’s
implementation of: • Strategic objectives • Governance framework • Corporate culture
Internal Use Only
1. Board’s Overall Responsibility Responsibilities of the Board - Continued • Actively engaged • Corporate culture & values
• Risk appetite • Oversee risk • Implement key policies • Finance function
Internal Use Only
1. Board’s Overall Responsibility Responsibilities of the Board - Continued • Financial statements • Hire & oversee CEO/Senior Management • Compensation & risk alignment • Whistleblower policies & procedures • Related party transactions • Regulator relationships
Internal Use Only
1. Board’s Overall Responsibility Corporate Culture and Values • Set at the top • Risk • Code of Ethics • Escalation of problems
Internal Use Only
1. Board’s Overall Responsibility Risk Appetite, Management and Control • Governance framework • Limit breaches • Culture • Risk Appetite Statement (RAS)
Internal Use Only
1. Board’s Overall Responsibility Risk Appetite, Management and Control – Continued • Risk Appetite Statement (RAS): • Qualitative & quantitative • Risk assumption • Boundaries • Communication • Decision-making • Issue escalation process • Board leadership & management involvement
Internal Use Only
1. Board’s Overall Responsibility Risk Appetite, Management and Control – Continued 1. Business Units • Take risks
• Manage risks • Report risks
Internal Use Only
1. Board’s Overall Responsibility Risk Appetite, Management and Control – Continued 2. Independent Risk Management Function • Oversee & assess risks • Promote importance • Financial accuracy & reporting • Compliance function
Internal Use Only
1. Board’s Overall Responsibility Risk Appetite, Management and Control – Continued 3. Internal Audit • Independent & effective • Internal controls • Internal Auditors must be:
• Competent • Independent
Internal Use Only
1. Board’s Overall Responsibility Oversight of Senior Management • Hold accountable • Enumerate consequences • Includes adherence to: • Values
• Risk appetite • Risk culture
Internal Use Only
2. Board Qualification and Composition
Internal Use Only
2. Board Qualification and Composition • Understand role • Sound judgement
• Independent directors • Qualified and diverse
Internal Use Only
2. Board Qualification and Composition Selection & Qualifications: • Clear process • Assess candidates
Internal Use Only
3. Board Structure and Practices
Internal Use Only
3. Board Structure and Practices • Organization and Assessment of the Board
• Role of the Chair • Board Committees • Audit Committee • Risk Committee
• Compensation Committee • Other Board Committees • Conflicts of Interest
Internal Use Only
3. Board Structure and Practices Organization and Assessment of the Board • Effectively carry out responsibilities • By-law updates • Self-assessments • Maintain appropriate records
Internal Use Only
3. Board Structure and Practices Role of the Chair
• Crucial role • Leadership • Experience, competence & personable • Decision making • Facilitate discussions • Time
Internal Use Only
3. Board Structure and Practices Board Committees • Specific issues • Appropriate number • Charters
• Committee chairs • Committee minutes
Internal Use Only
3. Board Structure and Practices Audit Committee
• Mid- to large-size companies • Separate from committees • Independent directors - Chair & membership • Experience • Direct reporting
Internal Use Only
3. Board Structure and Practices Audit Committee - Responsibilities • Policy
• Financial reporting • Auditor oversight • Audit scope & schedule • Audit reports & corrective action • Accounting policies • Risk governance framework
Internal Use Only
3. Board Structure and Practices Risk Committee • Mid- to large-size companies
• Distinct from committees • Independent director Chair • Majority of members independent • Experience • Review policies & adherence
Internal Use Only
3. Board Structure and Practices Risk Committee – Responsibilities • Advise Board • Oversee RAS implementation • Report on risk culture • CRO oversight • Capital & liquidity management • Oversee risks • Work with Audit Committee • Evaluate risk governance framework
Internal Use Only
3. Board Structure and Practices Compensation Committee • Larger companies • Oversee remuneration system • Independent directors • Ensure payments are appropriate
Internal Use Only
3. Board Structure and Practices Other Board Committees • Established as necessary • Could include: • Nomination • Human resources • Governance • Ethics • Compliance
Internal Use Only
3. Board Structure and Practices Conflicts of Interest • Establish policies & procedures • Duty to avoid • Examples • Review & approval process
• Duty to disclose • Voting abstention • Rules • Maintain records
Internal Use Only
Chat Question: If you were choosing independent board members for a large mortgage lender, what mix of skills and experience would you want on the board to help manage the risks and challenges of today’s mortgage industry?
Internal Use Only
4. Senior Management
Internal Use Only
4. Senior Management • Manage the company’s activities: • Board direction & oversight • Business strategy • Risk appetite • Policies • Daily management • Role, authority & responsibility • Aka - Executive Management
Internal Use Only
4. Senior Management Should have: • Experience • Training • Supervision • Ability to delegate • Ability to ‘set the tone’
Internal Use Only
4. Senior Management Should implement: • Business strategies • Risk management systems • Risk culture
• Processes & controls • Compliance & Audit • Internal Controls
Internal Use Only
4. Senior Management • Reports to the Board & provides: • Changes
• Financial condition • Performance reports • Breach notifications • Internal control failures • Legal & regulatory concerns • Whistleblower issues raised
Internal Use Only
5. Governance of Group Structure
Internal Use Only
5. Governance of Group Structure Holding company structure • Parent company board overall responsibility • Appropriate & clear governance framework • Board & senior management need understanding • Parent company aware of material risks & issues • Independent legal & governance responsibilities
Internal Use Only
5. Governance of Group Structure Parent Company should: • Establish governance framework
• Define subsidiary structure • Assess policies & procedures • Address conflicts of interests • Communications • Compliance • Effective internal audit
Internal Use Only
5. Governance of Group Structure Subsidiary Boards: • Develop risk management processes
• Support risk management • Policies & procedures input • Compliance
Internal Use Only
5. Governance of Group Structure Complex/Opaque Structures: • Increases complexity • Board & senior management must: • Risk management process • Policies & procedures • Regular audits
Internal Use Only
6. Risk Management Function
Internal Use Only
6. Risk Management Function Chief Risk Officer (CRO): • Sufficient stature, independence, resources & access to Board
Internal Use Only
6. Risk Management Function Enterprise-wide risk governance
• Risk identification • Risk measurement • Risk monitoring • Risk control • New initiative evaluation
Internal Use Only
6. Risk Management Function • Independent from operations • Sufficient & qualified staff • Access to training • Overall responsibility for company’s risk management
Internal Use Only
6. Risk Management Function CRO Responsibilities
• Oversee risk management • Support Board with RAS • Key decision-making
Internal Use Only
6. Risk Management Function CRO should: • Stature, authority & skills
• Independence • Board reporting • Access to Board • Board or risk committee:
• Appointment, dismissal or changes • Performance, compensation & budget
Internal Use Only
Knowledge Check #1 According to corporate governance principles, the board of directors should primarily be responsible for: A. Day-to-day operations B. Hiring middle managers C. Approving marketing budgets D. Overseeing management and ensuring accountability to shareholders
Internal Use Only
Knowledge Check #2 Which of the following best reflects sound corporate governance regarding board composition? A. All board members should be company employees with deep operational knowledge B. The board should include a mix of executive, non-executive, and independent directors with relevant experience C. Board seats should be assigned based solely on shareholder ownership percentage D. Board members should serve for life to maintain continuity
Internal Use Only
Knowledge Check #3 What is an appropriate responsibility of the board of directors in relation to the company’s risk management function? A. Delegating all risk-related decisions to the internal audit team B. Ensuring that risk management is only considered during a financial crisis C. Overseeing the development and monitoring of a comprehensive risk management framework D. Avoiding involvement in risk oversight to maintain independence
Internal Use Only
7. Risk Identification, Monitoring & Controlling
Internal Use Only
7. Risk Identification, Monitoring & Controlling • Company-wide & entity basis • Keep pace with changes • Risk governance framework: • Policies & procedures • Control
Internal Use Only
7. Risk Identification, Monitoring & Controlling
• Risk identification: • All material risks • Risk assessment process • Qualitative & Quantitative
Internal Use Only
7. Risk Identification, Monitoring & Controlling Internal controls: • Key risks • Reliable, timely & complete information • Assure compliance • Managerial & employee check
Internal Use Only
7. Risk Identification, Monitoring & Controlling • Sophistication match complexity & risk profile • Accurate data • Risk model assumptions
Internal Use Only
7. Risk Identification, Monitoring & Controlling • Stress tests & scenario analyses: • Reasonable assumptions & scenarios • Documented & presented • Recommend actions • Test results • Communication
Internal Use Only
7. Risk Identification, Monitoring & Controlling • Risk management function should: • Mitigate risk exposure • Risk reduction or hedging • Risk acceptance • Outsourcing risks
Internal Use Only
8. Risk Communication
Internal Use Only
8. Risk Communication • Robust communication • Strong risk culture • Informed Board & management
• Developing risks • Regular reporting
Internal Use Only
9. Compliance
Internal Use Only
9. Compliance • Establish independent compliance function • Approve compliance risk policies & processes
Internal Use Only
9. Compliance • Evaluate compliance with laws, regulations & policies • Report to Board • Sufficient authority, independence, resources & Board access
Internal Use Only
Chat Question: What risks could a company face if the head of compliance does not report directly to the board of directors?
Internal Use Only
10. Internal Audit
Internal Use Only
10. Internal Audit • Provide independent assurance • Promote effective governance • Third line of defense • Stature, authority, independence, resources & Board access
Internal Use Only
10. Internal Audit • Effectiveness dependent upon: • Full access • Independently assess • National standards • Mandate issues addressed • Periodic framework assessment • Respect & promote independence
Internal Use Only
11. Compensation
Internal Use Only
11. Compensation • Promote good performance • Reinforce risk culture • Review at least annually • Approve executive compensation
Internal Use Only
12. Disclosure and Transparency
Internal Use Only
12. Disclosure and Transparency • Transparent to stakeholders • Enable assessment • May be limited • Must be provided to regulators
Internal Use Only
13. Role of Regulators
Internal Use Only
13. Role of Regulators Supervisors should: • Provide guidance & supervise • Require improvement & remedial action • Share information • Evaluate fully
Internal Use Only
Knowledge Check #4 What practice best supports the principle of disclosure and transparency in corporate governance? A. Releasing financial information only when requested by shareholders B. Providing timely and accurate information on financial performance, ownership and governance to stakeholders C. Keeping governance practices confidential to protect competitive advantage D. Allowing only board members to access internal audit reports
Internal Use Only
Knowledge Check #5 It is the responsibility of middle management and not the board of directors to establish and oversee the company’s compliance and internal control systems. A. True B. False
Internal Use Only
Knowledge Check #6 What is the primary role of the internal audit function under sound corporate governance principles? A. To prepare the company’s marketing and investor relations materials B. To ensure the board avoids responsibility for compliance issues C. To provide independent and objective assurance on the effectiveness of internal controls, risk management, and governance processes D. To conduct external financial audits for regulatory filings
Internal Use Only
Internal Use Only
Corporate Governance Resources • Guidelines - Corporate Governance Principles for Banks: https://www.bis.org/bcbs/publ/d328.htm
Internal Use Only
Internal Use Only
Exercise
Internal Use Only
Scoping an Exam
Internal Use Only
Session Learning Objectives: 1. Identify resources that are helpful in scoping examinations
Internal Use Only
Session Learning Objectives: 2. Understand how
to leverage the NMLS for exam scoping
Internal Use Only
Session Learning Objectives: 3. Apply concepts to exam scenario exercises
Internal Use Only
Group Question
You have been assigned your first exam as EIC. What are some sources of information you think would be useful in helping you develop the scope of your exam and examination plan?
Internal Use Only
What is NMLS?
Internal Use Only
NMLS
Is a system for: • Processing applications for licensure • Collecting & storing company data • Data analysis
This information is key to helping you scope and create your examination plan
Internal Use Only
MCRs The Mortgage Call Report (MCR) is a report submitted by all licensed mortgage industry companies on a quarterly basis
Internal Use Only
MCRs Mortgage call reports contain information regarding a company’s loan activity and financial condition
Internal Use Only
MCRs Two versions: 1. Expanded 2. Standard
Internal Use Only
MCRs A record of all MCRs filed by a company can be accessed through Composite View in NMLS
Internal Use Only
NMLS Analytics
Internal Use Only
NMLS Analytics
MCR data can be extremely useful to help understand the company you will examine: • Size
• Business model • Product offerings
Internal Use Only
NMLS Analytics
Two powerful analytic tools to assist you in scoping exams: • Mortgage Examiners’ Report • MCR Analytics
Internal Use Only
Accessing NMLS Analytics
Internal Use Only
Ordering an Examiners’ Report
Internal Use Only
The Examiners’ Report
Internal Use Only
The Examiners’ Report
• Trends • Changes • Impact on scope?
Internal Use Only
MCR Analytics
Internal Use Only
MCR Analytics - Dashboard
Internal Use Only
MCR Analytics - Dashboard
1
Internal Use Only
MCR Analytics - Dashboard
Internal Use Only
MCR Analytics - Analysis
1
3
2
Internal Use Only
MCR Analytics - Analysis
1
2
3
5
4
Internal Use Only
NMLS – Composite View
Internal Use Only
NMLS – Composite View
Provides you access to a wide range of useful information regarding: • Company • Branch • Individual
Internal Use Only
NMLS – Composite View
• This picture shows some areas of company information an examiner would typically utilize
Internal Use Only
NMLS – Company Information Screen Provides very basic information regarding the company, including: • Address • E-mail address • Telephone number • Primary regulatory contact • Consumer complaints contact
Internal Use Only
NMLS – License Items
Reviewing the company’s license items for the licenses from your agency can alert you to any issues/concerns that are active or that occurred during the review period
Internal Use Only
NMLS – License Items
Internal Use Only
NMLS – License Items
License items can be about a range of state-specific topics, including: • Financial Statements • License renewals • Surety Bonds • State-specific requirements
Internal Use Only
NMLS – Financials
• Companies provide through NMLS at least annually • “Financial Statement Summary” tab of NMLS • Review while scoping the exam
Internal Use Only
NMLS – Regulatory Actions
• Records of all regulatory actions against the licensee by state regulatory agencies • Each record includes copies of the document & detail privacy level of each action
Internal Use Only
NMLS – Document Uploads
• Certain documents uploaded to the licensee’s NMLS record • Only uploaded by the licensee • Different document categories
Internal Use Only
NMLS – Document Uploads
Types of documents include: • Advance Change Notices • Business Plans • Internal Policies & Procedures • Management Rosters • Org Charts • Surety Bonds
Internal Use Only
Business Plans
An excellent source of information for scoping!
Internal Use Only
Business Plans Can help you determine:
• How do they generate business? • What are the business channels? • Do they have specialty areas? • Other relevant details
Internal Use Only
NMLS - Forms
Internal Use Only
NMLS – Forms
Four basic “forms”: • MU1 – Company • MU2 – Control persons & other individuals • MU3 – Branch office • MU4 – Individual licensee (mortgage loan originator)
Internal Use Only
NMLS – Forms
Contain basic data, including: • Name • Address • Contact information • Data specific to the type of person or entity
Internal Use Only
NMLS – Forms
• The data in the forms is accessed through NMLS Composite View
Internal Use Only
NMLS – Form MU1 • State Historical Filings – view current & previous versions of MU1 form filings • Contains a large amount of information on the company
Internal Use Only
NMLS – Form MU1 Business activities & states company engages in the activity • Definitions found in the NMLS Resource Center Affiliates/subsidiaries listed • Entities with common ownership • Entities owned by the company
Internal Use Only
NMLS – Form MU1 Disclosure questions & explanations • Required to provide answers • Questions about criminal convictions, regulatory & civil actions, and financial issues • Any “yes” answers require explanation with supporting documentation
Internal Use Only
Non-NMLS Resources
Agency Specific Information
CFPB Complaint Portal
Company’s Website
Google Search
Internal Use Only
Agency-Specific Information • Previous exams • Correspondence folder • Regulatory actions • Consumer complaints
Internal Use Only
State Examination System (SES) • Access to exams • Join, Accept, or Leverage Another SA
Internal Use Only
CFPB Complaint Portal • Searchable database • Nationwide consumer complaints • Searchable • Factor into exam scope
Internal Use Only
CFPB Complaint Portal
Internal Use Only
SES Complaints
Internal Use Only
Company Website • Areas to review • Products highlighted • Advertising claims • Compliance with regulatory requirements • Triggering terms
Internal Use Only
Google Search
• Press releases • News articles • Online advertisements
Internal Use Only
Were any of these a surprise or new to you?
Internal Use Only
Are there any other resources you use?
Internal Use Only
Determining Scope Timeframe?
Internal Use Only
Determining Scope Timeframe? • No universal approach • Some considerations:
• Date of last exam • Last exam findings • Record retention • Statutory timeframes • Multi-state vs. single state
Internal Use Only
Loan Review Sample
Internal Use Only
Internal Use Only
Resources CFPB Examination Procedures, Mortgage Origination (General Considerations, pages 12-14): • https://www.consumerfinance.gov/compliance/supervision examinations/mortgage-origination-examination-procedures/
Internal Use Only
Resources
NMLS Regulator Training: • https://extranet.csbs.org/NMLS/Regulators/Knowledge/Pages/Traini ngResources.aspx
Internal Use Only
Internal Use Only
Policy Review
Internal Use Only
Session Learning Objectives: 1. Understand the role a mortgage company's policies & procedures play in their compliance program
Internal Use Only
Session Learning Objectives: 2. Learn how to review & analyze a mortgage company's policies
Internal Use Only
Session Learning Objectives: 3. Discuss an examiner's approach to assessing a mortgage company's policies & procedures
Internal Use Only
Session Learning Objectives: 4. Identify the relevant policies & procedures that should be implemented by a mortgage company
Internal Use Only
Session Learning Objectives: 5. Review sample mortgage company policies that contain identifiable weaknesses
Internal Use Only
Policy Review
Internal Use Only
Policy Review
Management should own their own policies.
Internal Use Only
Policy Review
Board should: • Ensure policies are
implemented & procedures established for periodic review • Review is an opportunity to assess management & revise policies if needed • Ensure policies are reviewed & approved annually
Internal Use Only
Policy Review Compliance policies and procedures should document and be sufficiently detailed to implement the board-approved policy documents.
Internal Use Only
Policy Review Examiners should determine whether compliance policies & procedures: 1. Are designed to effectively manage compliance risk in the products, services and activities of the mortgage company. 2. Are consistent with approved compliance policies. 3. Address compliance with applicable Federal consumer financial laws in a manner designed to minimize violations and to detect and minimize associated risks of harm to consumers.
Internal Use Only
Policy Review Examiners should determine whether compliance policies & procedures: 4. Cover the full lifecycle of all products and/or services offered. 5. Are maintained and modified to remain current and complete, and to serve as a reference for employees in their day-to-day activities.
Internal Use Only
Policy Review Policies and procedures are not intended to be maintained in a dusty three-ring binder that hasn’t been opened since it was buried on a shelf.
Internal Use Only
Policy Review
Effective policy and procedure management goes well beyond simply crafting an initial set of documents.
Effective policies and procedures are living documents that must grow and adapt with a company.
Internal Use Only
Policy Review
Best Practice - an institution reviews all its policies & procedures annually.
Review can be scheduled into the corporate calendar.
Internal Use Only
Poll Question: What is the primary purpose of reviewing a mortgage lender’s policies during an examination?
A. To ensure that policies match that of other lenders B. To assess whether policies align with regulatory requirements and the lender’s practices C. To evaluate how many pages the policy manual includes D. To determine whether the policies are publicly available
Internal Use Only
Policy Review
• Current & relevant? • Being implemented as intended? • Having the desired effect? Questions to consider for policies & procedures:
Internal Use Only
Policy Review
• Organizational changes • New/amended laws or regulations • New loan programs/products • Incidents or policy violations Other events that warrant a review of policies & procedures:
Internal Use Only
Policy Review
• How does an institution New policies need to be communicated immediately & effectively. Examiners should consider: communicate policy changes? • How do employees access policies & procedures?
Internal Use Only
Policy Review A company’s policies and procedures should be commensurate with its size and complexity.
Internal Use Only
Policy Review
• Written & readily available • Prevent/reduce violations • Protect consumers • Align business strategies & outcomes Compliance Program should include policies & procedures that are:
Internal Use Only
Policy Review
• Implemented by management • Administered by CCO • Tailored to the company • Control risk • Independently audited Policies & procedures should be:
Internal Use Only
Poll Question: Which of the following events should prompt a mortgage lender to update or revise its written polices? A. A change in federal or state regulations
B. A merger or acquisition involving the the lender C. A shift in the company’s loan product offerings D. Implementation of a new loan origination platform E. All of the Above
Internal Use Only
Exam Procedures
Internal Use Only
Exam Procedures
Request & review policies & procedures related to consumer compliance, including (as applicable): •Sales practices •Incentive structures ( compensation & non-compensation based )
•Federal consumer financial laws •State-specific laws & regulations
Internal Use Only
Exam Procedures Do policies & procedures address new or amended Federal and state consumer financial laws implemented since the previous examination?
Internal Use Only
Exam Procedures Do policies & procedures cover consumer financial products or services introduced since the previous examination? • Who is responsible for implementing new products?
Internal Use Only
Exam Procedures Review policies & procedures relating to compliance with specific regulatory requirements & their implementing procedures.
Internal Use Only
Exam Procedures Review policies & procedures for: • Outdated content • Names of unaffiliated entities • Indicators that policies are not tailored to the institution
Internal Use Only
Poll Question: Best practices dictates that policies should be reviewed and updated: A. Only when regulations change B. Every three years C. At regular intervals or when regulatory or operational changes occur D. When senior management requests it
Internal Use Only
Exam Procedures Review policies & procedures for products with features that may inhibit consumer understanding or otherwise pose heightened risks of unfair, deceptive, or abusive practices.
Internal Use Only
Exam Procedures Determine whether policies & procedures related to a company’s incentive program include sales quotas, performance goals, and incentive structures. Independent process for investigating improper behavior?
Internal Use Only
Exam Procedures Determine whether policies & procedures provide clear guidance for managing risk of incentives abuse throughout the product life cycle.
Internal Use Only
Exam Procedures Review policies & procedures for products with features that may pose heightened risk of discrimination, such as:
• Incentives • Discretion • Distinctions
Internal Use Only
Exam Procedures Review policies & procedures maintained by different units or legal entities for
consistency and reasonableness.
Instances of inconsistency should be justified by business necessity or market condition.
Internal Use Only
Exam Procedures Review policies & procedures for record retention & destruction timeframes to ensure compliance with legal requirements.
Internal Use Only
Poll Question: A policy that does not reflect the lender’s actual practices poses both compliance and reputational risk? A. True B. False
Internal Use Only
Exam Procedures If compliance procedures are embedded in automated tools, are periodic reviews performed? Were tools approved by the Board or committee thereof?
Internal Use Only
Exam Procedures Coordinate compliance examination activities with members of the examination team & the EIC. • Identify violations • Exam findings/issues related to P&Ps? • Absence of P&Ps? • P&Ps periodically reviewed?
Internal Use Only
Exam Procedures Utilize discussions with the Institution’s mangers to gather information and discuss procedures & practices to ensure compliance with laws & regulations.
Internal Use Only
Exam Procedures Draw conclusions about policies & procedures: • Are they strong, satisfactory, deficient, seriously deficient, or critically deficient? • Do P&Ps match actual company/employee processes?
Internal Use Only
Poll Question: What is a red flag which is an indicator that a mortgage lender’s policy or procedure may be outdated? A. The document references agencies or regulations that no longer exist B. The policy includes a recent revision date and cites current regulatory guidance C. The procedures reflect the lender’s current systems and workflow D. The policy is signed and approved by current senior management
Internal Use Only
Evaluation of Policies
Internal Use Only
Evaluation of Policies
Strong Satisfactory Deficient
Seriously Deficient
Critically Deficient
Internal Use Only
Evaluation of Policies
P&Ps are comprehensive and provide standards to effectively manage compliance risk in the products, services, and activities of the institution.
Strong
Internal Use Only
Evaluation of Policies
P&Ps are adequate to manage the compliance risk in the products, services, and activities of the institution.
Satisfactory
Internal Use Only
Evaluation of Policies
P&Ps are inadequate at managing the compliance risk in the products, services, and activities of the institution.
Deficient
Internal Use Only
Evaluation of Policies
P&Ps are seriously deficient at managing the compliance risk in the products, services, and activities of the institution.
Seriously Deficient
Internal Use Only
Evaluation of Policies
P&Ps are critically absent in programs to manage compliance risk in the products, services, and activities of the institution.
Critically Deficient
Internal Use Only
Policies & Procedures
Request P&Ps related to mortgage compliance for origination, specifically: • Consumer Compliance
• State/Federal Consumer Financial Laws • Consumer Financial Products & Service
Internal Use Only
Policies & Procedures
Examiners should review P&Ps and consider:
• Understandable • Effective dates • Last reviewed • Review frequency • Who reviews • Is content updated
Internal Use Only
Policies & Procedures - Resource
Internal Use Only
Internal Use Only
Resources • MMC Manual - Compliance Management System Exam Procedures: https://www.csbs.org/mortgage-examination-supplements • CFPB Compliance Management Exam Procedures : https://files.consumerfinance.gov/f/documents/201708_cfpb_complian ce-management-review_supervision-and-examination-manual.pdf
Internal Use Only
Internal Use Only
Internal Use Only
Exercise
Policy Review – Sample Comments
CFPB Exam Comments
The Company’s policies and procedures are satisfactory. Compliance policies and procedures are adequate to manage risk of consumer harm in the products, services, and practices of the Company. Company policies and procedures are current, cover all products offered, and address Federal consumer financial laws. The Leadership Committee approves policies and procedures, and the Company documents the revision history. The policies and procedures are reviewed at least annually by senior management, the CCO, the Legal Department, and the Compliance Committee.
The Company’s policies and procedures are satisfactory. The Company developed and implemented a comprehensive set of risk-focused policies and procedures designed to promote compliance with ECOA and Regulation B. The Company implemented its current pricing and fair lending policies in April 2017 and October 2017, respectively. The Compliance Department’s Policy and Procedure Manager of fair lending reviews policies and procedures on an annual basis, or more frequently if required by operational or regulatory changes. While the procedures are satisfactory, transaction testing uncovered four instances in which employees did not follow the Company’s policies and procedures regarding document retention in practice. Specifically, the Company could not provide the documentation required by its Retail Pricing Policy FY 2018 to document pricing concessions for these four files. The policy approved in August 2019 raised the limit for price concessions to 300 basis points. Adherence to the documentation requirement of the policy is important to effectively manage fair lending risk associated with this increase in the concession limit.
The Company’s mortgage origination policies and procedures are satisfactory. Policies and procedures address compliance with applicable Federal consumer financial laws. They generally cover product or service lifecycles and are maintained and modified to remain current and serve as a reference for employees in their day-to-day activities. The Company’s policies support the efforts of its Compliance Program to prevent regulatory violations and associated risk of harm to consumers. The Company creates new or modifies existing policies and procedures as deemed necessary based upon internal audit results, self-assessments (monitoring), and/or regulatory changes.
Part 1 The Company’s policies and procedures related to reverse mortgage origination are deficient. Examiners identified policies and procedures that were not in place during the review period, lacked sufficient detail, or did not align with actual practices. Examiners also identified policies and procedures that did not adequately address compliance with applicable Federal consumer financial laws in a manner designed to prevent violations and to detect and prevent associated risks of harm to consumers. In several instances, policies were only put in place during the last half of 2019 or beginning of 2020. For example, the Compliance Policy was not developed until December 24, 2019. Similarly, examiners identified multiple policies and procedures related to compliance with loan officer compensation and licensing requirements, among others, that were also developed in the last quarter of 2019.
Part 2 In other instances, examiners found that existing policies and procedures failed to provide the detail needed for the Company’s staff to use as a day-to-day reference. For example, while the Company had an existing Equal Credit Opportunity Act Policy, which appears to be a reiteration of the definitions and requirements set forth in Regulation B, along with additional procedures and checklists, it failed to provide staff with detailed procedures to ensure consumers were provided copies of all appraisals and other written valuations within the timeframes set forth in Regulation B.
Part 3 The Company’s Corporate Documentation Policy details its process for how its policies and procedures are drafted, approved, and published. The Compliance Policy further outlines the Chief Compliance Officer’s (CCO) responsibilities in developing and reviewing compliance policies and procedures. Examiners found policies and procedures are generally reviewed on an annual basis.
Made with FlippingBook - Online catalogs