What information needs to be included when transferring default servicing information from one servicer to another?


Transferring information on defaulted loans, especially loans impacted by COVID, should include all documents received on performing loans as well as the following:

  • loss mitigation status, 
  • any documentation submitted and/or requests for a forbearance or modification, 
  • and a record of the loan servicing notes related to the request.

The CFPB has issued a directive stating that all relevant documents must be transferred to the new subservicer. However, the CFPB has also stated that the transferee’s responsibility is as much as the transferor’s responsibility. Therefore, the servicers should work together to develop additional controls in the transfer process, defining timeframes and including a robust escalation process for missing critical documents.

As a best practice, this process should support and reflect accountability and ownership on the servicer’s behalf with regard to efforts on obtaining critical documents and/or critical data points that may be missing. It should reflect a set number of attempts, define how those attempts are made, such as escalation via email and then phone, and define escalation roles (from the representative to the supervisor to the manager/VP, etc.). Servicers should consider including the process for this issue in the transfer agreement and any recourse that may be taken for missing critical information, such as denying the loan transfer and/or repurchasing of impacted loans. 


As a lender, am I required to audit my Document Custodian on a regular basis?


Yes, a lender should review a document custodian from a vendor management risk stand point. In addition, Ginnie Mae is explicit in its requirements for each issuer to review their Document Custodians. The Ginnie Mae MBS Guide (Chapter 6, 2000.04 Rev-2 CHG-20) requires an onsite Document Custodian audit by a seller-servicer at least annually if more than one Document Custodian is utilized. All Document Custodians must be audited within a three-year cycle. The review must be comprehensive because the Document Custodian is essentially a vendor of the pool issuer. When conducting an audit, at a minimum, the following areas should be addressed:

    1. Deficiencies are identified and appropriately mitigated;
    2. Management and staff possess adequate knowledge to perform in a custodial capacity;
    3. The Document Custodian has established controls, policies and procedures;
    4. The Document Custodian meets the minimum requirements as determined by GNMA;
    5. The Document Custodian is issuing Final Pool Certifications in a timely manner as required by GNMA;
    6. A loan-level review from a selection of pools is conducted. Files must be reviewed to ensure that the collateral file is intact and contains all the necessary original documents and endorsements; and
    7. Recorded modified documents and reinstated loans have had documents inserted into the pool or removed from the


For most lenders, these areas are not a key area of expertise; therefore, outsourcing to third parties that have the expertise is a common practice. External auditors can be an effective way to ensure the Document Custodian is compliant with Ginnie Mae’s guidelines. Additionally, Ginnie Mae recently issued APM 21-08 due to the continuing impact of Covid 19, which will extend the use of the alternative audit procedures announced in APM 20-14.


Did Fannie Mae recently update its application to include additional information technology (IT) requests?


Yes, Fannie Mae’s current “Lender Instructions for Submitting Documentation: Seller/Servicer” require submission of a number of policies and procedures related to information security, as well as the completion of an Information Security questionnaire.  Specifically, applicants must provide copies of internal policies, procedures, and/or standards governing:

  • 1. Nonpublic Personal Information and Confidential Information;
  • 2. Information Security; and
  • 3. Patch Management.

The Information Security questionnaire also inquires as to whether an applicant maintains the following safeguards:

  • A formal information security program that defines how systems and data are protected;
  • Multi-factor authentication for access to systems hosting customer sensitive information;
  • Network monitoring, firewalls, and intrusion detection;
  • A formal written security incident response plan;
  • Data security practices for vendors that support selling/servicing activities;
  • Controls to detect and prevent leakage of sensitive data; and
  • Encryption requirements for data at rest and in motion.

The Fannie Mae application material may be found at:


What compliance concerns are associated with posting reviews and using endorsements on websites and social media platforms?


UDAAP can be a significant risk when publicizing a review or endorsement on a website, social media, or otherwise.  A mortgage company must ensure that the reviews and endorsements it publicizes are real, accurate, and do not mislead or deceive a consumer.  To prevent fake or inaccurate reviews from being posted, a mortgage company should require written consent from the consumer prior to posting a review and to ensure it is accurate.  Written consent may also be required by law depending on the jurisdiction.  A mortgage company should also examine the content of the review or endorsement prior to posting to ensure such content does not contain specific terms or superlative terms that could mislead a consumer.  For example, a review/endorsement should not indicate the interest rate a consumer received or that it was the “best” or “lowest” rate since similar results cannot be guaranteed and may be based on specific qualifications.  Mortgage companies must also ensure that they clearly disclose whether a reviewer/endorser received any type of payment or benefit for the review/endorsement and whether the reviewer/endorser was an actual customer.  While a mortgage company may provide consideration for a review, that consideration must be provided for all reviews and not just “positive” reviews. 

The rise of social media and internet advertising has increased the prevalence of deceptive endorsements and fake online reviews.  The Federal Trade Commission (FTC) recently issued Notices of Penalty Offenses to several hundred companies.  These notices serve as a warning to businesses in general and should prompt mortgage companies to review their practices with regard to posting reviews and/or endorsements online.


How can I compliantly advertise on social media when space is limited?


This is a difficult question to answer as social media advertising is subject to the same advertising rules and requirements as other mediums used for marketing purposes, such as websites, mailers, flyers, and handouts.  Thus, whether or not social media platforms limit space, a mortgage lender/broker is still obligated to disclose certain information to consumers when advertising, including, but not limited to, NMLS Unique Identifiers, the Equal Housing logo/language, and state-specific disclosures.  For this reason, it is generally best practice to only permit generic advertisements that do not include loan terms or other information, such as TILA trigger terms, on social media platforms that have space constraints.

The Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) previously guided internet advertising, particularly as it relates to space constraints and disclosures. Specifically, the FTC’s 2013 .com Disclosures publication provides examples of effectively disclosing in digital advertising. While acknowledging the issue of space constraints in digital advertising, the FTC advised that it may be acceptable to issue disclosures clearly and conspicuously on a separate page to which the advertisement links. In such circumstances, however, the link leading to the disclosures must be obvious and noticeable, labeled appropriately, and take the consumer directly to the disclosures without the need to “scroll” or search for the disclosures.  Further, the FTC advised that companies using a hyperlink for disclosures should assess the effectiveness of the link by monitoring click-through rates and other information about consumer use and adjust accordingly to ensure consumers are reviewing the disclosures. Again, this is purely guidance.

The CFPB’s guidance has been less flexible. In its 2019 settlement with Freedom Debt Relief, LLC, the CFPB indicated that “in communications made through interactive media such as the internet … the disclosure must be unavoidable (which is not the case if the consumer must take any action—such as clicking on a hyperlink or hovering over an icon— to see it).”

Although many state regulators have not issued express guidance with regard to social media, social media advertising compliance is generally addressed as part of examinations and when brought to a regulator’s attention through complaints.  As such, mortgage lenders and brokers must be diligent in ensuring compliance with advertising requirements on social media – including displaying disclosures clearly and conspicuously beside advertised terms.


Should servicers image Release of Liens?


As a best practice, the pre-recorded Release of Lien (ROL) should be imaged to prove compliance with state guidelines. 




During loan payoffs, the current servicer is responsible for preparing and recording the ROL/reconveyance. However, timing requirements for filing the ROL vary by state, and without imaging, the servicer has no proof that the ROL was completed promptly. 


Additionally, the servicer has no record if the county clerk sends the ROL directly to the borrower instead of the servicer. 


Sometimes, it can take 90 days or more for the servicer to receive the recorded ROL to send to the borrower. In the meantime, if the servicer did not image the pre-recorded ROL, there is no proof. 


Has HUD recently updated the self-reporting requirements for a Material Event pertaining to operating losses?


Yes.  HUD updated its Handbook with regard to an approved HUD Mortgagee’s reporting requirements for operating losses.  The update is effective September 20, 2021, A Notice of Material Event must be submitted to FHA within 30 business days of the end of each fiscal quarter in which a Mortgagee experiences an operating loss of 20 percent or more of its net worth. Following the initial notification, the Mortgagee must submit financial statements every quarter until it demonstrates an operating profit for two consecutive quarters, or until it submits its financial reports as part of its recertification, whichever period is longer. (emphasis added to updated language)

Additionally, if at any time a Mortgagee’s adjusted net worth or liquidity falls below the required minimum, the Mortgagee must submit a Notice of Material Event to FHA within 30 business days of the deficiency. The Mortgagee must also submit a Corrective Action Plan that outlines the steps taken to mitigate the deficiency and includes relevant information, such as contributions and efforts made to obtain additional capital.


Does a Forbearance Agreement need to be sent to the borrower?


While not all investors require forbearance agreements to be sent to a borrower, certain investors, such as Fannie Mae and Freddie Mac, have issued statements requiring the forbearance agreement to be sent to the borrower. See Freddie Mac Bulletin 2020-10 (04/08/20) and Freddie Mac Guide Section 9203.13(c) and Guide Exhibit 93; Fannie Mae LL-2020-02 (04/08/20).

The announcement distributed by the CFPB on April 5, 2021 specifically states borrowers should be informed of their options and receive key information about those options. It’s also worth mentioning the announcement from the CFPB on April 1, 2021 warns Mortgage Servicers “Unprepared is Unacceptable.” This bulletin includes points such as ensuring borrowers have all necessary information for assistance and they will be looking at how servicers managed communications with borrowers.

AGMB recommends a best practice of always sending the forbearance agreement to the borrower, even in instances when it may not be required. Due to many complaints from borrowers, servicers can take a proactive approach by sending information to notify and educate the borrower of their options, provide what steps must be taken next by the borrower, and any details regarding forbearance and/or modifications agreed upon.


What contract provisions should a lender ensure are present in its vendor contracts?


It depends.

Because vendors offer different types of services, the corresponding risk associated with a vendor also varies. A successful vendor management program starts with a correct categorization of vendor risk. Tier 1 or high-risk vendors are those that provide critical services to a lender, usually involving access to Non-Public Information. In such a case, the lender should be on the lookout for privacy obligations in relation to the vendor’s handling of NPI. Is the vendor obliged to notify the lender in case of a breach of NPI? What are the mechanisms in place to address a breach of NPI? Can the vendor outsource some or all of its services to a third party, and if so, who remains liable in case a breach occurs at the third-party level? If there is a breach of obligations regarding NPI, does the lender have recourse via an Indemnification provision? Does the vendor have appropriate insurance during the course of the engagement to cover the appropriate risk they pose to the lender? Does the vendor warrant compliance with the lender’s regulatory oversight requirements?

These questions are especially relevant in today’s work environment which has begun to accommodate for remote work arrangements, where some or all of the usual security measures against data breaches are not present. This, coupled with the perennial threat of fraud, phishing, and security attacks continue to challenge lenders in being vigilant about the content of their vendor contracts.

While they may pose a lesser risk than Tier 1 vendors, Tier 2 and Tier 3 vendors should not be exempt from having enforceable confidentiality obligations. Proprietary information, trade secrets, and other relevant data provided by a lender (or consumer) should be safeguarded, and a lender should still aim to include an indemnification provision, or at least, an option to terminate the contract, in the event of a breach by the vendor.

In essence, a lender should want Privacy and/or Confidentiality, Indemnification, and Termination provisions in all of its vendor contracts. Negotiations may not always lead to these provisions being included in the final contract between parties, but when a lender is aware of the risk associated with a specific vendor, the lender is in a better position to bargain for the most crucial provisions to protect itself and its consumers. A good rule to remember is: high-risk vendors warrant more protections for the lender and/or consumers. These protections may then come in the form of additional contractual provisions, tighter and more enforceable language, or in an ideal scenario, both.


Since the CFPB emphasized its commitment to ensuring fair, equitable, and nondiscriminatory access to credit, has it issued any specific guidance on the types of issues it is concerned with as it relates to fair lending?


Yes, in addition to the more common pricing considerations, the CFPB recently published its latest Supervisory Highlights, Summer 2021 edition, which included a Fair Lending section that stressed the following additional key concerns raised by examiners in a recent supervisory review of a mortgage lender:

  • Conducting marketing campaigns that featured models, all of whom appeared to be non-Hispanic white;
  • Including mortgage professionals’ headshots in marketing materials that all or mostly appeared to be non-Hispanic white;
  • Maintaining office locations that were nearly all concentrated in majority non-Hispanic white areas;  
  • Focusing marketing campaigns and Multiple Listing Service (MLS) advertising on majority-white areas in a MSA;
  • Employing mostly non-Hispanic white mortgage loan officers;
  • Permitting communications directed at prospective applicants that would discourage reasonable persons on a prohibited basis from applying to the lender for a mortgage loan: and
  • Permitting racist and/or derogatory email communications among mortgage loan officers.

This is not intended to be an exhaustive list of fair lending concerns for lenders, but rather should be considered when evaluating fair lending risk.


Is it permissible for a mortgage lender to obtain verbal authorization from a mortgage loan applicant to pull credit?


Yes, it is permissible for lenders to obtain verbal authorization from the applicant to pull credit. However, if a lender chooses this route, it is recommended that the lender require its mortgage loan originators to document the date and time they received such verbal authorization either into the loan origination system or some other written record.

It is not uncommon for applicants who do not complete the loan application process and do not remember authorizing the credit pull to file a complaint.  In this such instances, referencing a written record of when authorization was provided and to whom it was provided can be beneficial for a mortgage lender.


How often should a company review its key policies and procedures? Who should be involved in that review process?


A company must review and update its key policies and procedures as often as necessary to ensure they remain up-to-date and accurate. The Consumer Financial Protection Bureau indicates in its Examination Procedures that examiners should seek to determine, among other things, whether a supervised entity maintains and modifies its compliance policies and procedures so that they remain current and complete and serve as a reference for employees in their day-to-day activities. To comply with this, it is best practice for a company to review its key policies and procedures at least annually. Generally, the review should involve compliance employees and/or subject matter experts at the company. Further, a Company’s Board of Directors (if there is one) and/or Executive Management should review and approve written policies each year and any time there are material changes to such policies. Companies may memorialize this review and approval within the minutes of a meeting, through a corporate resolution, or within the policy itself, provided it is signed by a member of the Board and/or Executive Management.

Timely policy and procedure reviews can be overlooked for a variety of reasons. This can lead to issues on federal and state examinations, as well as with investors and agencies as it signals weakness in a company’s Compliance Management System. For this reason, it is recommended that companies maintain a policy and procedure inventory that documents all of the policies and procedures maintained by the company, the date of last review, the next review date (provided no changes in applicable law or company operation requiring an earlier review/update), and party responsible for the review. A company may also choose to fold annual policy and procedure reviews into the company’s internal audit program as it may make sense to review key policies and procedures as part of the risk assessment process.


What are some takeaways from recent CFPB actions involving mortgage lenders and deceptive advertising?


In recent months, the CFPB has taken several actions against mortgage lenders for deceptive advertising particularly related to VA loans and reverse mortgages. The consent orders highlight marketing practices that mortgage lenders must avoid. Below are ten (10) key takeaways:

  1. All marketing material must be reviewed to ensure it does not contain any false, misleading, or inaccurate information.
  2. Advertisements should clearly disclose who the advertising lender is and not give a false impression that the material is from the consumer’s current lender or a government agency.
  3. When quoting rates and APR, a mortgage lender must ensure that the rates and APR are actually available to consumers and are accurate. If a rate quoted includes discount points and/or is based on a consumer meeting certain conditions, those discount points and/or conditions must be clearly disclosed in terms a consumer will understand.
  4. Advertisements should never include terminology about eliminating debt; the loan advertised is a debt.
  5. Advertisements should not include misleading comparisons involving actual or hypothetical loan terms, particularly when a lender cannot guarantee similar results.
  6. A mortgage lender should never use the term, “fixed,” when advertising an adjustable rate mortgage.
  7. Advertisements should not include language indicating an appraisal or income documentation is not required if it is in fact required or may be required in some circumstances.
  8. Advertisements should not include language indicating a consumer can skip two payments by refinancing.
  9. Reverse mortgage advertisements should not include language giving consumers the impression that they will always be able to remain in their home or that there is no risk of losing the home.
  10. Reverse mortgage advertisements must disclose the requirement to continue to pay property taxes and insurance, particularly when highlighting that a monthly mortgage payment is not required.



Are both banks and nonbanks required to perform an independent audit of their anti-money laundering (“AML”) program? What are the requirements for such audit?

Yes, the Bank Secrecy Act (“BSA”) requires all residential mortgage lenders and originators to perform an independent review or audit of their AML program. Although the BSA does not specifically set forth the time frame for performing such testing, the Federal Financial Institutions Examination Council (“FFIEC”) indicated that sound practice is for an entity to perform an independent audit of its AML program at least every 12-18 months, commensurate with the entity’s risk profile.

Testing must be performed by both an independent and qualified party. While this does not mean the audit cannot be performed by an employee, the individual or individuals completing the audit must be fully familiar with AML requirements and cannot be involved in any of the AML functions of the Company. As such, the Company designated AML Officer would be unable to perform the audit. For this reason, many entities engage outside service providers to perform independent audits of their AML program.

Whoever performs the review should report directly to the entity’s Board of Directors or Executive Management. Testing should cover all of the entity’s activities and the results should be sufficiently detailed to assist the Board of Directors and/or Executive Management in identifying areas of weakness so that improvements may be made and additional controls may be established. Among other items, the Company’s written policies and procedures should be reviewed as well as the qualifications of the AML Officer and the Company’s training materials and attendance logs.

In recent years, state regulators have commenced examining the AML programs of their supervised entities more closely. In particular, many states now require entities to produce AML policies and procedures, as well as AML risk assessments and independent AML audit results as part of examinations. Failure to maintain these documents can oftentimes result in an adverse finding. Some states also maintain their own money laundering regulations, such as California, Florida, Hawaii, New Jersey, and Texas.



What is the Consumer Financial Protection Bureau’s (CFPB) Advisory Opinions Program and how does a regulated entity submit a request for opinion?


The CFPB established an Advisory Opinions Program to publicly address regulatory uncertainty in existing regulations by providing written guidance in the form of advisory opinions to regulated entities upon request. The CFPB initially published a proposed procedural rule in regard to this program in June 2020, while also launching a Pilot Program. On November 30, 2020, the CFPB published its final Advisory Opinions Policy, which supersedes the Pilot Program.

Under the Advisory Opinions Program, entities subject to the CFPB’s supervisory or enforcement authority can submit a request for an advisory opinion to or through other means designated by the CFPB. Requests are accepted and reviewed on a rolling basis. All requests should identify the person or entity seeking the opinion, as well as the identity of any person or entity submitting the request on behalf of a third party. Third parties, such as law firms, trade associations, or consumer advocacy groups, may submit requests on behalf of clients or members without identifying those entities.

The following information must be provided with the request for advisory opinion:

  • A statement of whether the issue is the subject of any known or reasonably knowable active litigation or federal or state agency investigations;
  • The actual facts or course of action the requestor (or third party) is engaged in or considering engaging in;
  • All material facts and circumstances, including detailed specification of the legal question and supporting facts with respect to which the requestor seeks the advisory opinion; and
  • A proposed interpretation of law or regulation, identification of the potential uncertainty or ambiguity that the interpretation would address, and an explanation of why the requested interpretation is an appropriate resolution of that uncertainty or ambiguity.

The CFPB advised it intends to consider the following factors when determining whether to issue an advisory opinion:

  • The interpretive issue has been noted during prior CFPB exams as one that might benefit from additional regulatory clarity;
  • The issue is one of substantive importance or impact or one whose clarification would provide significant benefit; and/or
  • The issue concerns an ambiguity that the CFPB has not previously addressed through an interpretive rule or other authoritative source.

The CFPB indicated there will be a strong presumption against appropriateness of an advisory opinion for issues that are the subject of an ongoing investigation or enforcement action or the subject of an ongoing or planned rulemaking. The CFPB also indicated that, in some cases, it may decide to issue an advisory opinion based on questions it receives from the public, through other channels, that are not requests for advisory opinions.

All advisory opinions issued by the CFPB will be posted on the CFPB’s website and published in the Federal Register.



If we utilize outsourced service providers, such as contract underwriters and processors, are we required to check them against exclusionary lists?


Checking a contract underwriter or processor against exclusionary lists is certainly a best practice.  However, it may not always be feasible to do – particularly if the lender is not made aware of the individual contract underwriter’s/processor’s name by the third party service provider that employs them.  Below is a summary of Agency guidelines on this issue. 

  • Fannie Mae indicates in its Selling Guide Chapter A3-3 that effective management procedures for third-party originations include review of the third-party originator’s hiring procedure for checking all employees involved in the origination of loans (including application through closing) against: (i) the U.S. General Services Administration Excluded Parties List, (ii) the HUD Limited Denial of Participation (“LDP”) List, and (iii) the Federal Housing Finance Agency Suspended Counterparty Program List.


  • HUD indicates in its Handbook 4000.1, Chapter II, A, 1, iii that a mortgagee may not contract with entities or persons that are suspended, debarred, or otherwise excluded from participation in HUD programs, or under a LDP that excludes their participation in FHA programs. HUD requires a mortgagee to ensure that it does not engage any contractors to perform any function relating to the origination of an FHA-insured Mortgage. Further, HUD indicates a mortgagee must check the System for Award Management (SAM) ( and must follow appropriate procedures defined by that system to confirm eligibility for participation.


  • Freddie Mac indicates in its Seller/Servicer Guide Chapter 3101 that sellers/servicers must use the Freddie Mac Exclusionary List (“Exclusionary List”) to screen parties involved in the origination of the mortgage prior to the sale of each mortgage to Freddie Mac. Freddie Mac also requires sellers/servicers to establish and maintain procedures to ensure they do not employ or contract with individuals or entities listed on FHFA’s Suspended Counterparty Program (“SCP”) list.  If a party whose name is on the Exclusionary List or SCP list is the borrower or played a role in the origination of a mortgage or the underlying real estate transaction, the mortgage is not eligible for sale to Freddie Mac.


  1. Fannie Mae defines third-party origination as any loan that is completely or partially originated, processed, underwritten, packaged, funded, or closed by an entity other than the seller (or its parent, affiliate or subsidiary) that sells the loan to Fannie Mae.  Note, Fannie Mae advised that if a seller enters into a contract with a third party known for the quality of its underwriting (such as a mortgage insurer) to help the seller in underwriting its mortgage originations, the loans will not be considered third-party originations. 
  2. HUD permits a mortgagee to utilize contractors to perform administrative and clerical functions, such as typing of mortgage documents, mailing out and collecting verification forms, ordering credit reports, and/or preparing for endorsement and shipping Mortgages to investors.  HUD prohibits the use of contract underwriters.



How do I ensure my subservicer is following its policies and procedures?


The GSEs require all subservicers to follow GSE guidelines when servicing loans. When utilizing a subservicer, the master servicer should have an oversight policy in place to ensure compliance. The policy should establish the master servicer’s servicing Quality Control (“QC”) Program and include, at a minimum:

  • Procedures demonstrating how the master servicer verifies that the subservicer is actually following its own procedures;
  • An explanation of how the master servicer implements quality control audits and when and how often such audits will be performed;
  • A method to track subservicer servicing errors and deficiencies, as well as any remediation plans; and
  • As a best practice, an annual onsite visit that permits the master servicer to sit with key subservicing staff to understand the staff’s day-to-day process and reconcile it against the subservicer’s written policies and procedures.

Subservicer deficiencies may range from warnings to heavy fines up to and including loss of the ability to service loans, therefore, it is important to ensure proper subservicer oversight and monitoring.



What are the industry best practices related to physical maintenance of IT servers?


It’s not difficult to develop and understand best practices for maintaining IT server security, but physical maintenance is equally important for several reasons:

1. Proper on-going maintenance of equipment helps ensure continued operations, which is imperative in today’s digitally-driven work environment.

2. In the event of an outage or equipment failure, the repair process is not hampered by a disorganized server room.

3. Commitment to organization and order in even the smallest of details reflects well on an organization, especially in the event of an audit.

One recommendation is to develop a color-coding system to organize server wires and use racks with cable management “teeth” or ties to bundle wires and prevent damage. Other best practices include building a checklist during server configuration to ensure that people-based controls are executed when needed. By color-coding wires, technicians will easily be able to distinguish between production server, vital network equipment and workstation wires and quickly identify and correct any issues.



Has Fannie Mae recently enhanced its requirements for use of a Power of Attorney (“POA”)?


Yes.  Fannie Mae’s guidelines for POAs in a purchase transaction now require a written record or a recorded Internet session demonstrating a meeting with the borrower to explain the Closing Disclosure after the borrower receives it.

Fannie Mae’s Lender Letter, LL-2021-03, issued February 10, 2021 indicates:

  • Unless a recorded Internet session is required, a Power of Attorney may only be used in a purchase transaction with a note date on or after Apr. 7, 2020, if, after the Closing Disclosure or other closing statement, as applicable, has been delivered to the borrower before closing, an employee of the lender or settlement agent explains the terms of the loan to the borrower(s) to confirm that each borrower understands them. This discussion must take place in person, telephonically, or using a video conference system, and must be “memorialized” by an acknowledgment by the borrowers of his or her understanding of the terms of the loan. The acknowledgment may be in writing or in a recording of the telephonic or video discussion.

Fannie Mae also indicates the following:

  • The purpose of the Borrower Acknowledgement provision is to confirm verbally after receiving the Closing Disclosure that the borrower understands both the key features of the loan and that the attorney-in-fact has the ability to contractually bind the borrower to the transaction, including the purchase of a home, on the same basis as if they had signed themselves;
  • Key features of the loan would include such things as principal amount, interest rate and adjustment provisions (if applicable), first payment date, loan term, and initial loan payment (P&I and PITIA); and
  • The conversation reflecting the Acknowledgment by the borrower(s) must be documented either in a written record created by the lender or settlement agent or in a recording capturing the conversation with the borrower. If documented in writing, there is no expectation that the borrower sign the memorialization. In either case, the lender must retain the acknowledgement in the loan file and make it available to us on request. 

Fannie Mae’s Selling Guide, chapter B8-5-05, outlines all of the requirements for use of a POA.



Did FinCEN recently issue guidance with regard to suspicious activity reports (“SARs”) and anti-money laundering (“AML”) requirements?


Yes, in January 2021, FinCEN, in collaboration with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency, published answers to the following seven (7) frequently asked questions (“FAQs”) regarding SARs and other AML considerations:


    1. Can a financial institution maintain an account or customer relationship for which it has received a written “keep open” request from law enforcement, even though the financial institution has identified suspicious or potentially illicit activity?

    2. Yes, a financial institution may decide to maintain an account based on a written “keep open” request from a law enforcement agency, however, it is not obligated to do so.

    3. Should a financial institution file a SAR solely on the basis of receiving a grand jury subpoena or other law enforcement inquiries?

    4. No, but a financial institution should determine whether SAR filing is necessary based on its assessment of all information available and applicable regulatory requirements.

    5. Is a financial institution required to terminate a customer relationship following the filing of a SAR or multiple SARs?

    6. No, a financial institution has authority to decide whether to maintain or close a customer relationship as a result of suspicious activity based on the information it has available, its assessment of money laundering or other illicit financial activity risks, and its established policies and procedures.

    7. Is a financial institution required to file a SAR based solely on negative news?

    8. No, but a financial institution may review media reports and other news references to assist in its performance of customer due diligence and to evaluate transactions or activity it considers unusual or possibly suspicious.

    9. If there are multiple negative news alerts based on the same event, is a financial institution expected to independently investigate each of those alerts?

    10. No, but a financial institution may consider whether additional alerts contain new or different information that warrant further investigation.

    11. Do financial institutions need to repeat information in the SAR narrative that has already been included in other SAR data fields?

      No, information provided in other sections of a SAR does not need to be repeated in the narrative unless necessary to provide a clear and complete description of the suspicious activity.

    12. Should financial institutions file additional SARs on the same suspicious activity to accommodate narratives that are longer than the SAR narrative character limits?

    13. No, filers must provide a clear, complete, and concise description of the suspicious activity. Filers may include additional, relevant information as an attachment to the SAR if necessary, or note that it is available as supporting documentation.

    Please refer to the FAQ document for more detailed answers.




I’ve heard we must use the new Uniform Residential Loan Application (URLA), or Form 1003, starting March 1, 2021. What changes have been made to the URLA and are we permitted to use it before that date?

Yes, the mandatory effective date for the new URLA is March 1, 2021, but mortgage brokers/lenders have been permitted to use it since January 1, 2021. Fannie Mae and Freddie Mac redesigned the URLA with the goal of assisting both consumers and lenders by making it easier to understand and capture relevant loan application information. Some of the key differences with the new URLA include a larger font, which makes it easier to read and enter information, as well as additional contact information and other requests from applicants. Further, the new URLA incorporates the collection of Demographic Information so that it is in line with current HMDA data collection and reporting requirements. This eliminates the need for a separate Demographic Information Addendum.

It is important to note that as part of the new URLA, if there are multiple borrowers for a loan, each additional borrower must complete an URLA – Additional Borrower Form. Below is guidance on to use the URLA and URLA – Additional Borrower Form:

• Two Borrowers with joint financial information:

• Complete the URLA plus the URLA – Additional Borrower Form, but report assets, liabilities & real estate for additional Borrower on the URLA;


• Complete a separate URLA for each Borrower and report joint assets, liabilities, and real estate on only one URLA (you do not need to duplicate them on more than one URLA);


• In cases where borrowers are not collaborating when completing the loan application, joint assets, liabilities, and real estate may be duplicated.

• Two Borrowers with separate financial information:

• Complete the URLA plus the URLA – Additional Borrower Form and report the assets, liabilities, and real estate for the additional Borrower on the URLA;


• Complete a separate URLA for each Borrower.

• Three or more Borrowers:

• Use any combination of the URLA and URLA – Additional Borrower Form in accordance with the above examples.



Can you explain the recent amendments to the ATR/QM Rule?

There are two separate and distinct amendments to the Regulation Z ability to repay (“ATR”) / qualified mortgage (“QM”) requirements. Both rules become effective for applications taken on or after March 1, 2021, but the new General QM requirements need not be used by creditors until applications received on or after July 1, 2021. The current “Temporary Patch QM” will expire on the mandatory effective date of the new General QM requirements (applications received on or after July 1, 2021). Thus, between March 1, 2021 and July 1, 2021, creditors may use either the current Temporary Patch QM or the new General QM requirements as further detailed below.

1. Revised General Qualified Mortgage Requirements

      • Eliminates the requirement that a borrower’s debt-to-income (“DTI”) ratio cannot exceed 43% and eliminates Appendix Q.
      • Replaces the eliminated DTI requirement with new pricing requirements:
        • For first lien loans, a loan would still be a Safe Harbor QM (despite the borrower’s DTI ratio) if the APR is less than 1.5 percentage points above the APOR at the time the interest rate is set.
        • For second lien loans, a loan would still be a Safe Harbor QM (despite the borrower’s DTI ratio) if the APR is less than 3.5 percentage points above the APOR at the time the interest rate is set.
        • For first lien loans, a loan will still be a Rebuttable Presumption QM (despite the borrower’s DTI ratio) if the APR is less than 2.25 percentage points above the APOR at the time the interest rate is set.
        • A first lien loan with a APR exceeding the APOR by 2.25 percentage points or more cannot meet the definition of a General QM (with the exception of a loan with a small loan amount which has higher caps as set forth below).
        • Provides higher pricing thresholds for loans with smaller loan amounts, for certain manufactured housing loans and for subordinate-lien transactions.
        • For adjustable rate mortgages, creditors are required to calculate the APR based on the highest rate of interest that can apply during the five (5) years after the first payment date. This differs from the APR calculation currently used for disclosure purposes.
        • Effectively loans which exceed a certain APR will not fit within the QM requirements.
      • All other current requirements remain unchanged (no risky loan features, terms do not exceed 30 years, 3% max points and fees, verify ATR with income, assets, debts, DTI and liabilities, etc.).
      • The rule details the manner in which lenders should consider and verify the income, assets, debts, DTI ratio, residual income and liabilities of applicants. The new General QM rule provides flexibility to creditors to take into account additional factors that are relevant in determining a consumer’s ability to repay.
      • The rule includes a list of specific verification standards that creditors may use to meet the revised General QM definition’s verify requirement. If a creditor satisfies the verification standards in the then current Freddie, Fannie, FHA, VA and the USDA manuals, the creditor has a safe harbor for compliance with the verification requirement in the revised General QM definition. A creditor need only comply with requirements in the manuals for creditors to verify income, assets, debt obligations, alimony and child support using specified reasonably reliable third party documents or to include or exclude particular inflows, property, and obligations as income, assets, debt obligations, alimony, and child support.

2. New Seasoned Qualified Mortgage (only for loan applications taken on or after March 1, 2021)

    • Permits a loan to acquire QM status and receive Safe Harbor status following its origination if it meets with the precise requirements (among the following):
      • Loan must be held in portfolio or transferred only once in the 36-month period following the first payment date (“Seasoning Period”).
      • Loan may NOT be securitized during the Seasoning Period.
      • Loan can be a higher priced mortgage loan (“HPML”).
      • Loan may not be a HOEPA high-cost loan.
      • Loan may not be down 30 more than twice and may not be down 60 at all during the Seasoning Period.
      • Loan must be a fixed rate first lien loan.
      • In connection with the loan, lenders must consider the income, assets, debts, DTI, residual income and liabilities of applicants, including using the underwriting guidelines of Freddie, Fannie, FHA, VA and the USDA for verification standards (see above).
      • All other current requirements remain unchanged (no risky loan features, terms do not exceed 30 years, 3% max points and fees).
    • The Seasoned QM Rule contains a provision whereby the Seasoning Period is effectively suspended due to a financial hardship caused by a disaster or pandemic, such as COVID-19. There needs to be a presidentially declared emergency, major disaster or pandemic. Many other requirements apply to this exception.

Please note on January 20, 2021, President Biden’s Chief of Staff issued a memorandum to the heads of executive departments and agencies setting forth terms related to a regulatory freeze.  The regulatory freeze requires Acting Director of the CFPB to consider whether to postpone the effective dates of the above rules until March 22, 2021 in order to engage in a review of any questions of fact, law, and policy raised by the rules.



Has Freddie Mac recently changed its requirements for use of a Power of Attorney?

Yes. A lender must comply with Freddie Mac’s updated Power of Attorney (“POA”) requirements when using a POA to close a mortgage with an application date on or after January 4, 2021. Per Freddie Mac’s new guidelines, a POA may only be used when:

  • There is an emergency event (i.e., a medical emergency or natural disaster) preventing the borrower from executing the requisite documents in person, by electronic signature or through other alternative electronic means (i.e., remote online notarization, eClosing); or
  • Applicable law requires the lender to accept use of a POA.

Under no circumstances may a POA be used merely for the convenience of the parties. Further, evidence of the emergency qualifying the use of a POA must be included in the mortgage file whenever a POA is used. If the acceptance of a POA is required by law, the lender must include a written statement that explains the circumstances in the mortgage file and deliver a copy of the statement to the Document Custodian with the POA.

The person acting as Attorney-in-Fact must:

  • Have a familial or fiduciary relationship with the borrower;
  • Be an individual employed by the title insurer underwriting the title insurance product insuring the mortgage; or
  • Be an individual employed or engaged contractually by the title agency issuing the title insurance product for the mortgage and closing the transaction, but only if the title insurer has issued a closing protection letter relating to the transaction (or has similar contractual indemnity to the lender and it’s assignees) for such policy issuing agent.

Neither the seller of the property in a purchase transaction, nor the lender’s employee is eligible to be an attorney-in-fact under a POA. The borrower may execute the POA using an electronic signature. The POA must be executed by the borrower prior to its use by an attorney-in-fact.

After the lender delivers the finalized Closing Disclosure to the borrower but prior to closing, an employee of the lender or settlement agent must explain and discuss the terms of the mortgage and use of the POA with the borrower to confirm that the borrower understands them. This discussion must take place in person, telephonically, or using a video conference system and must be memorialized in an acknowledgment by the borrower of his or her understanding of the terms of the mortgage. The acknowledgment (i) may be in writing or in a recording of the telephonic or video discussion, (ii) must be retained in the mortgage file, and (iii) must be made available to Freddie Mac upon request. If the discussion occurs using a telephonic or video system, a transcript of the recording or the borrower’s written acknowledgment of the content of the discussion may substitute for a copy of the recording itself in the mortgage file.