Can you provide clarification on the definition of “Preapproval” under the new HMDA rules and information regarding reporting requirements?

Effective January 1, 2018, the new HMDA rule expands the types of preapproval requests that are reportable. Lenders who are required to file now must report preapproval requests that are approved but not accepted (this used to be optional). However, preapproval requests regarding home purchase loans to be secured by multifamily dwellings, preapproval requests for open-end lines of credit, and preapproval requests for reverse mortgages are not reportable under the new HMDA requirements.

You must report preapproval requests for home purchase loans (not for multifamily, open-end lines of credit or reverses) if reviewed under a preapproval program.

A preapproval program is a program in which you (1) conduct a comprehensive analysis of the applicant’s creditworthiness (including income verification), resources, and other matters typically reviewed as part of your normal credit evaluation program; and then (2) issue a written commitment that: (a) is for a Home Purchase Loan; (b) is valid for a designated period of time and up to a specified amount, and (c) is subject only to specifically permitted conditions.  Specifically permitted conditions include:

  1. Conditions that require the identification of a suitable property;
  2. Conditions that require that no material change occur regarding the applicant’s financial condition or creditworthiness prior to closing; and
  3. Limited conditions that (a) are not related to the applicant’s financial condition or creditworthiness and (b) you ordinarily attach to a traditional home mortgage application (such as requiring an acceptable title insurance binder or a certificate indicating clear termite inspection and, if the applicant plans to use the proceeds from the sale of the applicant’s present home to purchase a new home, a settlement statement showing adequate proceeds from the sale of the present home).

Preapproval requests reviewed under a preapproval program are only reported if denied or approved but not accepted.  The CFPB indicated if you do not regularly use procedures to consider requests but instead consider requests on an ad hoc basis, you are not required to treat the ad hoc requests as having been reviewed under a preapproval program. However, you should be generally consistent in following uniform procedures for considering such ad hoc requests.

Is it permissible for my compliance department, which is independent of the operations and business units, to perform compliance-related internal audits?

The answer depends on the structure of the organization and the scope of the audits. An organization’s compliance department cannot audit areas in which it currently maintains oversight as that would be a conflict of interest. This would remove the independence of the audit. Normally, the compliance department serves as the second line of defense with internal audit serving as the third line of defense.

In many large organizations, the compliance department conducts audits that are directly focused on compliance-related topics, and the internal audit department will review and validate their findings. The internal audit department will also review areas that were identified as issues in the compliance audits.  An internal audit program touches on areas other than compliance, such as operations, HR, accounting, IT, corporate governance, quality control, etc., whereas compliance audits focus solely on regulatory matters.

Should mortgage lenders maintain a documented “Disaster Recovery/Business Continuity Plan”?

Yes, it is not only a best practice recommendation but also a requirement to be maintained and tested by many state regulators and the GSEs (Fannie Mae and Freddie Mac). A formal Business Continuity Plan (“Plan”) should instruct employees who are the key contacts, what steps need to be taken, when to execute each step, where to go, and how to do so in the event of a significant incident or natural disaster that disrupts daily business. The Plan should include detailed steps outlining where employees relocate for business resumption. In many cases they may only need a computer and an internet connection. A phone call tree and how employees can access a list of vendors and contacts critical to keeping the business running should also be a part of the disaster recovery component of the Plan.

The Plan needs to speak to the method utilized by the mortgage lender to ensure that, in the event of a data loss or security compromise to the main systems, the information is capable of being quickly recovered in the exact format as it was prior to the event. If a physical back up facility is used it is recommended to be at least 25 miles from the main office in case a natural or man-made disaster affects an entire region. At a minimum, the Plan should be tested annually.

Often we make exceptions to our established credit standards (i.e. we lower a rate to match a competitor’s offer and thereby retain the consumer). Is it possible that fair lending risks arise as a result of our company engaging in this activity?

Yes. Although reducing a rate to meet your competition’s offer is permissible it is important that these types of decisions are based on a legitimate business justification and that your company maintains adequate documentation and oversight to avoid increasing your fair lending risk.

The CFPB discussed this issue in their Supervisory Highlights in the Spring of 2014. Specifically the CFPB stated:

If the applicant does not qualify for the loan applied for then the lender may counteroffer with a requirement of an additional borrower or guarantor but the lender is not permitted to require this additional borrower or guarantor to be the applicant’s spouse.

“A lender may promote the availability of credit by providing credit to an applicant based on a lawful exception to the lender’s credit standards when exceptions practices are complemented by an appropriate system of fair lending compliance management. A strong compliance management system can also mitigate fair lending risk related to credit exceptions by adequately documenting the basis for the credit exception, monitoring and tracking exceptions activity, and controlling any resulting fair lending risk.”

Thus, any lender who makes exceptions to their credit standards must:

  1. Memorialize written policies and procedures for pricing exceptions (when allowed) and how they must be documented.
  2. Monitor and Audit to make sure these policies are followed.
  3. Train staff on the policies (not just basic fair lending training).

Fair lending risk in this regard is not just limited to credit exceptions but also lender fee reductions, discretionary lender credits and waivers of lock extension fees. All requests for these exceptions/reductions/credits should be tracked and memorialized whether granted or denied. This information will be invaluable if you need to justify pricing discrepancies to a regulator down the road.

Can a lender require a non-borrowing spouse to be a borrower or sign any loan documents?

The Equal Credit Opportunity Act (“ECOA”) strictly forbids a creditor from discriminating against applicants on a number of prohibited bases including marital status.

A lender may not require the signature of a non-borrowing spouse on any loan document (except any loan document that is reasonably believed to be necessary under applicable state law) if the applicant qualifies for the loan applied for without use of the spouse’s assets, income etc.

If the applicant does not qualify for the loan applied for then the lender may counteroffer with a requirement of an additional borrower or guarantor but the lender is not permitted to require this additional borrower or guarantor to be the applicant’s spouse.

With regard to the exception of any loan document that is necessary under applicable state law, a lender may require a non-borrowing spouse’s signature on any loan document necessary to protect the lender in the event of default (i.e. the security instrument in a community property state).

As a lender, am I required to audit my Document Custodian on a regular basis?

Yes, a lender should review a document custodian from a vendor management risk stand point. In addition, Ginnie Mae is explicit in its requirements for each issuer to review their Document Custodians. The Ginnie Mae MBS Guide (Chapter 6, 2000.04 Rev-2 CHG-20) requires an onsite Document Custodian audit by a seller-servicer at least annually if more than one Document Custodian is utilized. All Document Custodians must be audited within a three-year cycle. The review must be comprehensive because the Document Custodian is essentially a vendor of the pool issuer. When conducting an audit, at a minimum, the following areas should be addressed:

  1. Deficiencies are identified and appropriately mitigated;
  2. Management and staff possess adequate knowledge to perform in a custodial capacity;
  3. The Document Custodian has established controls, policies and procedures;
  4. The Document Custodian meets the minimum requirements as determined by GNMA;
  5. The Document Custodian is issuing Final Pool Certifications in a timely manner as required by GNMA;
  6. Recorded modified documents and reinstated loans have had documents inserted into the pool or removed from the pool; and
  7. A loan-level review from a selection of pools is conducted. Files must be reviewed to ensure that the collateral file is intact and contains all the necessary original documents and endorsements.

For most lenders, these areas are not a key area of expertise; therefore, outsourcing to third parties that have the expertise is a common practice. External auditors can be an effective way to ensure the Document Custodian is compliant with Ginnie Mae guidelines.

What is Internal Audit and is it a requirement for mortgage lenders?

Internal Audit is a function within an organization that independently evaluates the risks to the organization and the control environment that the company has in place. Typically, Internal Audit reports to the Board of Directors or Senior Management and is separate from all other departments to ensure that their evaluation remains independent.

Internal Audit is required if you are approved or seeking approval from any GSE’s. One of the most common findings coming out of a Fannie Mae MORA exam is a lack of sufficient internal audit protocols.

Does the Equal Credit Opportunity Act (“ECOA”) permit a creditor to favor elderly applicants when determining whether to extend credit?

Yes, although generally a creditor may not take into account an applicant’s age, 12 CFR Part 1002.6(b)(2) permits a creditor to “consider the age of an elderly applicant when such age is used to favor the elderly applicant in extending credit.”

12 CFR Part 1002.2(o) defines elderly as “age 62 or older.”

For example, if a 65 year old applies for a mortgage loan, the creditor may use their age as a factor in their favor for approving the loan. On the other hand, the creditor may not consider the age as a factor for not approving the loan.

Currently, the Know Before You Owe/TILA-RESPA Integrated Disclosure Rule (“TRID”) does not permit changes to a Closing Disclosure (“CD”) to cure a tolerance violation more than four (4) business days prior to consummation. Is it true that, if enacted, the proposed TRID amendments will eliminate this issue known as the “Black Hole”?

Yes, in most instances the proposed amended language to TRID would permit a lender to reset tolerances using a CD at any time so long as the lender issues a corrected CD within three (3) business days of learning of a valid Change of Circumstances.

This will provide some reprieve for lenders who have been forced to absorb increased costs when closings were delayed.

What events should trigger the production of an off-cycle escrow analysis?

Other than the paying off of the mortgage loan, when a Short Year Escrow Statement is required, off-cycle escrow analyses are not required.

However, in the following situations, it is strongly advisable:

  • When a scheduled escrow disbursement has increased or decreased greater than a predetermined amount.  This could be based upon a fixed dollar amount or percentage, determined by each company,
  • When the Disbursement Date of an escrowed item is changed,
  • The addition or removal of an escrow line, or
  • The change in the maximum allowable escrow cushion.
Under the Know Before You Owe/TILA-RESPA Integrated Disclosure Rule (“TRID” or the “Rule”) the sample Written List of Service Providers (Model Form H-27) includes a column where the estimated charge for each service is set forth. Is a lender required to include an estimated cost for each service on the Written List of Service Providers?

No, TRID does not require a lender to include an estimated cost for each service, nor does it include concrete guidance with regard to contact information for a service provider. Rather, commentary to the Rule indicates that creditors must provide sufficient information, such as the name, address and telephone number, to allow a consumer to contact the provider. §1026.19(e)(1)(vi) only indicates that if a creditor permits a consumer to shop for a settlement service, the creditor must provide the consumer with a written list identifying at least one available provider of that service. It does not require an estimate for each service.

If a lender elects to include a cost estimate it should correspond with the fee set forth on the Loan Estimate. Further, a lender should document its policies and procedures with regard to completion of the Written List of Service Providers to ensure consistency in completion of the document.

Is it true that mortgage lenders may now look at whether a mortgage loan applicant pays off his or her credit card in full or carries a month-to-month balance?

Yes. Credit rating agencies recently began offering “trending data” on potential borrowers. Trending data provides a comprehensive picture of borrowers’ debt management, including whether or not they pay off their credit card statement each month.

The change was based largely on a study by Fannie Mae, which found that borrowers who pay off their credit each month are about 60% less likely to become delinquent on a mortgage than those that only pay the monthly minimum. Although the use of trending data is still in the early stages, it is likely this will become a regular step in the mortgage underwriting process.

Still, it remains unclear whether the change will lead to a greater overall acceptance or denial rate for potential borrowers. On one hand, the change means that individuals with an otherwise borderline approval rating may be pushed over the hump because of favorable trending data. On the other hand, some borrowers who otherwise would have qualified may not qualify because they do not pay off their full credit card balance each month.

Does Freddie Mac require employees of each approved Seller/Servicer to complete annual fraud training?

Yes. Chapter 3201.1 of Freddie Mac’s Single Family Seller/Servicer Guide (the “Guide”) addresses Fraud Prevention and Detection. It indicates, in relevant part, that Sellers/Servicers must train employees, and certain non-employees, who are in a position to notice and report fraud or suspected fraud at least annually to ensure that these employees are aware of emerging fraud scenarios. Such individuals must be trained in all applicable areas of the Seller’s/Servicer’s mortgage business with regard to:

(1) Common and emerging fraud schemes; and

(2) Red flags that may signal fraud and the need for further review.

Non-employees who may require fraud prevention and detection training include, but are not necessarily limited to, contract underwriters and processors, contract quality control firms, borrower outreach companies, loss mitigation providers and collection companies. Trainings may be conducted by the Seller/Servicer or by a qualified third party. Alternatively, the Guide permits Sellers/Servicers to meet the training requirements by obtaining annual written verifications from the individuals requiring training. Verifications must confirm that training has been received from a third party and meets the requirements of the Guide.

Can a mortgage loan originator be held individually liable for a violation of the Loan Originator Compensation Rule?


15 U.S. Code § 1639(d)(2) indicates that the maximum penalty for a loan originator’s violation of the Loan Originator Compensation Rule is the greater of the actual damages sustained or three times the total compensation earned on the subject transactions; plus associated costs, such as reasonable attorney’s fees. Noteworthy, personal liability may attach to the mortgage loan originator even if there are no actual damages sustained by a consumer.