When a mortgage lender identifies trends through the quality control (QC) review process, what does the lender need to do in regard to establishing an action plan for corrective action as required by Fannie Mae?


Fannie Mae requires monthly QC reporting to senior management to include an action plan for top defect trends. The action plan must indicate intended corrective actions, including expected resolutions and time frames for implementation.  Corrective action and action plans are not optional and failure to maintain action plans serve as the root of MORA exam findings or denial of an application to be approved as an agency seller/servicer. 

Fannie Mae explains in a recent Beyond the Guide publication from August 2023 (Guide) that corrective action is the process of identifying and fixing the root cause of a problem to prevent it from happening again.  Action plans are tangible documents intended to identify the steps that need to be completed, track due dates and priorities, and record potential roadblocks and resources required.   

Fannie Mae’s Guide provided the following step-by-step process guidance to assist lenders in creating action plans:

  • Stage 1: Define the Problem. Gather and assess data; facts only rather than opinions or assumptions. State the problem specifically so that stakeholders in the organization understand the scope, the current impact, and future consequences of failing to solve the problem. Identify and activate responsible parties: stakeholders and subject matter experts. 
  • Stage 2: Root Cause Analysis. The process of discovering the root cause of a problem to identify appropriate solutions.  This involves data collection, recognizing that there are technical (i.e. loan level data in the loan origination system), human and process components.  Focus on gathering and assessing data from multiple sources, as well as by direct observation of processes.  Work with the data obtained to glean useful information: why is this issue happening?  Keep asking “why” until to get to the root cause of the issue.  Fannie Mae indicates stopping too soon could prevent a lender from finding the true root cause.
  • Stage 3: Design Solutions. Develop potential solutions. Assess how each solution relates to the root cause(s).  Determine the feasibility of the solutions for prioritization and implementation.  All business stakeholders and subject matter experts should bring an open and creative mindset to the task.
  • Stage 4: Establish and Execute Solutions. Prioritize solutions for implementation and establish an implementation plan. Track solutions in your action plan.
  • Stage 5: Test and Evaluate Solutions. Effective problem-solvers create testing plans before implementing solutions. Testing plans establish the testing parameters, define success measures, and align resources where needed. Leveraging a testing plan will help lenders align their project goals with their strategic objectives and provide a clear way to track and communicate progress and achievements.


Under what circumstances is an Anti-Steering Loan Disclosure required to be provided to an applicant?


An Anti-Steering Disclosure is required when a licensed mortgage broker originates a loan and will be compensated by the lender.  The Anti-Steering Disclosure is not required on retail loan transactions or where the consumer pays the mortgage broker’s compensation.

1026.36(e)(3)(i) sets forth what must be contained in the Anti-Steering Disclosure:

  • The loan originator must obtain loan options from a significant number of the creditors (generally 3 or more) with which the originator regularly does business and, for each type of transaction in which the consumer expressed an interest, must present the consumer with loan options that include:
  1. The loan with the lowest interest rate;
  2. The loan with the lowest interest rate without negative amortization, a prepayment penalty, interest-only payments, a balloon payment in the first 7 years of the life of the loan, a demand feature, shared equity, or shared appreciation; or, in the case of a reverse mortgage, a loan without a prepayment penalty, or shared equity or shared appreciation; and
  3. The loan with the lowest total dollar amount of discount points, origination points or origination fees (or, if two or more loans have the same total dollar amount of discount points, origination points or origination fees, the loan with the lowest interest rate that has the lowest total dollar amount of discount points, origination points or origination fees).


What is Information Sharing under Section 314(b) of the USA PATRIOT Act and why is it important?


Section 314(b) of the USA PATRIOT Act permits, but does not require, financial institutions (including residential mortgage loan originators subject to the Bank Secrecy Act) to share information with one another in order to better identify and report potential money laundering or terrorist financing. FinCEN previously advised that information sharing is critical to identifying, reporting, and preventing financial crime.  As such, FinCEN strongly encourages financial institutions to participate in its voluntary Section 314(b) information sharing program. 

FinCEN previously published a 314(b) Fact Sheet.  The Fact Sheet outlines some of the benefits of information sharing, which include, but are not limited to, helping a financial institution enhance its compliance with anti-money laundering (AML) requirements by alerting other participating financial institutions to customers of whose suspicious activities they may not have been previously aware and facilitating efficient SAR reporting decisions by obtaining a more  complete picture of potential suspicious activity.

The Fact Sheet also provides important clarifications, including explaining that a financial institution may share information relating to activities that it suspects may involve possible terrorist financing or money laundering.  A financial institution does not need to have concluded that the activity is suspicious, not does the financial institution need to have specific information that the activity directly relates to proceeds of a specified unlawful activity.  Further, a financial institution may share information even if the activities do not constitute a “transaction.”  This can include an attempted transaction, or an attempt to induce others to engage in a transaction.  This allows financial institutions to avail themselves of Section 314(b) information sharing to address incidents of fraud or cybercrime. 

There is no limitation under Section 314(b) on the sharing of personally identifiable information or the type or medium of information shared provided it is only shared for the purpose of:

  • Identifying and, where appropriate, reporting on activities that may involve terrorist financing or money laundering; 
  • Determining whether to establish or maintain an account, or to engage in a transaction; or 
  • Assisting in compliance with AML requirements.

It is important to note that section 314(b) does not authorize a financial institution to share a SAR or to disclose the existence or nonexistence of a SAR. If a financial institution shares information under section 314(b) about the subject of a prepared or filed SAR, the information shared should be limited to underlying transaction and customer information.

To participate in information sharing under Section 314(b), a financial institution must follow certain procedures as outlined in the Fact Sheet.  


Are there best practices to consider when using a language other than English to advertise to Limited English Proficiency (LEP) consumers?


Advertising in a language other than English can be somewhat complicated as it raises UDAAP concerns if a mortgage company is only able to provide communications, disclosures and loan documents in English.  However, failing to service and/or accommodate the needs of LEP consumers raises substantial fair lending concerns.

If a mortgage lender or broker is going to market/solicit business in a language other than English, the following best practices should be implemented, as applicable:

  • The marketing material should include a clear disclosure explaining those portions of the transaction which will only be conducted in English – i.e. disclosures, loan documents, closing, servicing, default servicing, etc. 
    • The disclosure should be displayed conspicuously with the marketing material to ensure the consumer understands and can make an informed decision on whether or not to work with the mortgage company.
  • Provide the marketing material in both English and the applicable other language.
  • Adopt and implement applicable foreign language disclosures issued by federal agencies and state regulators, such as FHFA’s Language Translation Disclosure
  • Adopt and implement software which enables the mortgage company to provide loan closing documents in the applicable language to the applicant for their review several days prior to closing.
  • Utilize a qualified and vetted translator where ever applicable and/or document the applicant’s use of a trusted individual (i.e. spouse, sibling, etc.) to assist in the transaction.
  • Maintain objective written policies and procedures addressing LEP consumers and train all employees regarding such policies and procedures.

Note, the above list is not all-inclusive. 


What are some key controls a mortgage lender/broker should put in place to monitor the activity of its mortgage loan originators (MLOs) on social media?


Social media has become a popular way for MLOs to market themselves and their services.  These types of commercial communications through platforms, such as LinkedIn, Twitter, Facebook, Instagram, Tik Tok, and other websites and platforms are considered advertising by regulators and violations of advertising requirements can be costly.  It is, therefore, important that residential mortgage lenders and brokers employing MLOs monitor the activities of their MLOs throughout the internet to ensure compliance with federal and state advertising requirements. 

Some best practices for implementing an effective social media oversight program include:

  • Requiring all content to be approved by the mortgage lender’s/broker’s compliance department prior to posting.
  • Actively and frequently monitoring social media activity, which may include ongoing audits, automated trigger notifications, or implementing software that identifies possible violations for the Compliance Department to review.
  • Identifying, at the time of hire, where a MLO may have a social media presence and performing a targeted audit for compliance purposes.
  • Providing ongoing training to MLOs on the “do’s and don’ts” of social media and advertising. 
  • Maintaining social media business pages on behalf of MLOs and restricting them from using personal social media pages for business purposes.
  • Documenting findings and corrective action, such as assigning additional training to MLOs that are in violation of the company policy.
  • Performing a social media search at the time of deboarding a departing MLO to ensure the MLO updates all social media pages removing any affiliation with the company.  If an LO does not update his/her social media presence in a timely manner, a mortgage company should document its attempts to have the LO make the requested changes.


Does an approved mortgage lender need to report a loss in the Company’s net worth to Fannie Mae and/or HUD?


Yes, Fannie Mae and HUD require approved licensees to report the failure to maintain minimum financial requirements, such as net worth, minimum capital and minimum liquidity.

Fannie Mae previously issued a Seller/Servicer Eligibility Reminder advising approved Seller/Servicers of these requirements, which are detailed in Selling Guide A4-1-01. If a Seller/Servicer experiences a material decline in lender adjusted net worth, a decline in profitability, or a default under various obligations, Fannie Mae may declare a breach of the Lender Contract.  Typically, a decline is material if Lender Adjusted Net Worth declines by more than 25% over a quarterly reporting period or by more than 40% over two consecutive quarterly reporting periods.  A decline in profitability is four or more consecutive quarterly losses accompanied by a decline in Lender Adjusted Net Worth of 30% or more during the same period.  Fannie Mae advised seller/servicers to be especially mindful of the requirements measured by percentage decline, as they commonly are breached in adverse market environments.  Seller/Servicers should notify Fannie Mae of any anticipated breaches to eligibility requirements as soon as possible by emailing their assigned account team.

Additionally, HUD’s Handbook 4000.1(A)(7)(g) and (h) specify if at any time a Mortgagee’s adjusted net worth or liquidity falls below the required minimum, the Mortgagee must submit a Notice of Material Event to FHA within 30 business days of the deficiency. The Mortgagee must submit a Corrective Action Plan that outlines the steps taken to mitigate the deficiency and includes relevant information, such as contributions and efforts made to obtain additional capital.

HUD also requires reporting of operating losses of 20% or greater of a licensee’s net worth.  To report the loss, a licensee must file a Notice of Material Event within 30 business days of the end of each fiscal quarter in which a Mortgagee experiences the loss. Following the initial notification, the Mortgagee must submit financial statements every quarter until it shows an operating profit for two consecutive quarters, or until it submits its financial reports as part of its recertification, whichever period is longer.


Is the Mortgage Call Report (MCR) changing and, if so, when and how?


Yes.  NMLS issued an update advising that on April 1, 2024, the new MCR Form Version 6 will be required for reporting beginning with the first quarter 2024 data.  Below are some key updates with the new MCR:

  • Elimination of the two current MCR forms (Standard Form and Expanded Form).  There will be one MCR form for all filers.  Regulators will rely on a company’s MU-1 Business Activities to determine which sections of the MCR need to be completed.  Sections irrelevant to the filer can be auto-filled with zeros.  
    • Licensees need to ensure their Business Activities as reported on the MU-1 are accurate and kept current.
  • Update to MCR definitions and instructions including, but not limited to, removing references to commercial activity and correspondent lending (correspondent lenders report as lenders), adding a reference to table-funding activity, and eliminating the requirement to report mortgage loan originators that did not originate in the quarter. 
  • Adds a Supplemental State-Specific form, which can be used by states at their option to capture data not included on the MCR form, such as commercial loan data, consumer lending data, and information on loan processors and underwriters.  

The new MCR form may be viewed Inquiries regarding the new MCR can be emailed to  Information will also be posted to the NMLS MCR page as released (the page currently includes the new form and Definitions).


May a Fannie Mae approved mortgage lender permit a mortgage loan originator (MLO) or mortgage broker to choose the AMC from a list of its approved AMCs from which to order an appraisal?


No, permitting sales and production staff to be involved with appraisal ordering violates Fannie Mae’s Appraiser Independence Requirements (AIR).  AIR indicates “here must be separation of a Seller’s sales or mortgage production functions and appraisal functions.  An employee of the Seller in the sales or mortgage production function shall have no involvement in the operations of the appraisal function” (emphasis added).  Selecting the AMC constitutes having involvement in the appraisal function and provides the MLO/broker with an element of responsibility for selecting or retaining the appraiser.   

Fannie Mae’s AIR FAQs read as follows:

  1. May a lender order an appraisal by directing a broker to select an AMC from among a group of specifically authorized AMCs, one of which would receive information from the broker about the loan application and begin the appraisal process?

No. Such a process would give the broker an element of responsibility for selecting or retaining the appraiser, and therefore would not be compliant.

A lender may direct a broker to an authorized AMC if the lender has previously arranged for its appraisal process to be managed by the specifically authorized AMC. This process is compliant with AIR because the broker is not responsible for selecting, retaining, or providing for payment of compensation to the appraiser.



What are recent trends in mortgage fraud schemes and do you have any mortgage fraud prevention tips?



Fannie Mae’s July 2023 Quality Insider issue, “Reviewing Your Fraud Controls in QC,” warned lenders to remain diligent and continually look out for ways to improve fraud detection and prevention controls given the unique financial pressures of the current market.  Fannie Mae advised lenders they may strengthen their fraud detection and actively combat mortgage fraud by leveraging their quality control (QC) program to reinforce fraud controls and prevent fraud before it starts.

Fannie Mae also listed the following current fraud schemes:

  • Creation of false child support orders alongside false divorce decrees designed to show borrower income;
  • Falsified lease agreements to show rental income;
  • Modified bank statements with an ending balance that does not align with the beginning balance and the transactions; and
  • Misrepresentation of outstanding financial obligations.

Fannie Mae advised that lenders have a responsibility to respond to the increase in fraud and misrepresentation and provided the following mortgage fraud detection strategies:

  • Use a critical eye and heightened sense of awareness during this time period;
  • Create a rules engine that pulls loans with certain characteristics/red flags;
  • Establish a tip-line within the organization;
  • Confirm QC, operations, and sales team members receive regular fraud training;
  • Obtain a fully executed IRS Form 4506-C on all borrowers whose applications require 1040s and order transcripts to verify Schedule C and Schedule E business activities;
  • Perform re-verifications in prefunding QC;
  • Confirm appraisal management companies’ controls;
  • Run all borrowers employed by family through LexisNexis;
  • Utilize webinars from the Association of Certified Fraud Examiners to see the latest types of fraud; and
  • Collaborate with servicing teams to determine if any similar patterns of fraud exist (for example, if origination is finding numerous instances of fraud in a certain county, is servicing seeing anything similar?).

Fannie Mae maintains a dedicated Mortgage Fraud Prevention webpage, which provides valuable resources including publicly available data on fraud trends and recent fraud alerts.

As a reminder, lenders must implement Fannie Mae’s enhanced pre-funding and post-closing quality control requirements by September 1, 2023.  See Fannie Mae’s March 1, 2023 Selling Guide Announcement, SEL-2023-02 for details on the updated pre-funding quality control review requirements and for changes to the post-closing QC cycle timeline. 
Also, review our prior Question of the Week: Question:
How can a mortgage lender ensure it maintains an effective, independent oversight process for mortgage origination Quality Control (QC) in compliance with Fannie Mae requirements


In the wake of several natural disasters which recently swept across the country and in anticipation of the approaching Atlantic hurricane season, are there resources available for mortgage lenders to assist consumers affected by such events?


Yes.  Fannie Mae recently published Disaster Relief – Single Family Selling/Servicing Frequently Asked Questions (FAQs).  The FAQs provide helpful information for mortgage lenders originating or servicing loans for borrowers with properties located in a disaster area.

Fannie Mae also maintains a dedicated Disaster Response webpage which provides valuable resources including where to locate additional guidance and direction in the Selling Guide for loans currently in the process of being originated or loans currently being serviced.

Mortgage lenders and servicers play a key role in helping borrowers and homeowners deal with the financial effects of hurricanes, fires, floods, earthquakes, and other disasters. With the frequency and severity of such events affecting communities nationwide, Fannie Mae provides the tools and flexibility lenders and servicers need to provide effective assistance, including payment relief, loan modifications, and even the additional recovery support provided by HUD-approved housing counselors at Fannie Mae’s Disaster Response Network.


When will HUD require the use of the Fannie Mae/Freddie Mac Form 1103, Supplemental Consumer Information Form (SCIF)?


For mortgage applications dated on or after August 28, 2023, the SCIF must be completed for FHA loans. The SCIF is an industry-recognized form used during the mortgage application process that allows borrowers to voluntarily identify language preferences and provide information on housing counseling and homeownership education they may have received. Loan applicants may choose to provide all, some, or none of the information requested on the form. Lenders must transmit any information an applicant chooses to provide to HUD as part of the lender’s required loan application data submissions.  It is important for lenders to make sure their loan program packages are updated in this regard.

Mortgagee Letter 2023-13 applies to all FHA Title II Single Family forward mortgage programs.


We recently heard there may be upcoming changes to FHA’s branch registration requirements.  Is this true?


Yes. On March 1, 2023, HUD published FHA-INFO 2023-14, a proposed rule change entitled, “Changes in Branch Office Registration Requirements”, which would eliminate the requirement that FHA-approved mortgagees and lenders register all branch offices conducting FHA business with HUD.  Currently, all FHA-approved mortgagees and lenders are required to register any branch office where they originate Title I or II loans or submit applications for mortgage insurance. HUD explained that due to technological advances and remote service delivery, the current requirement is inconsistent with industry practices. The proposed rule, revising 24 CFR 202.5 (k), would grant mortgagees and lenders the option to  register and maintain branch offices with HUD thereby allowing such branch offices to be placed on HUD’s Lender List Search page.

The proposed rule would make registration fees applicable only to those branch offices registered with HUD. Unregistered branch offices would not be subject to unnecessary registration fees and will not be placed on the HUD Lender List Search page. Comments on the proposed rule were due May 1, 2023.

HUD states that these proposed changes will simplify FHA lender and mortgagee approval processes to align with industry practices and eliminate unnecessary fees for FHA-approved entities.

There is no timeline for an implementation date.


Has there been any recent guidance on reducing Loan Originator Compensation due to unforeseen increases in settlement costs or clerical errors?



The Loan Originator Rule permits a loan originator to reduce its compensation in narrowly defined circumstances to lower costs to consumers if there are unforeseen increases in settlement costs.  In November 2022, the Consumer Financial Protection Bureau (CFPB) published its Fall 2022 Supervisory Highlights.  In the Supervisory Highlights, the CFPB explained that examiners found that lenders issued Loan Estimates to consumers based on fee information provided by their mortgage loan originators (MLOs).  The lenders later discovered that the fee information entered was incorrect due to clerical errors by the MLOs.  In each case, the lenders provided a lender credit to the customer to correct the tolerance issue.  However, the lender then also deducted the lender credit amount from the MLO’s commission based on the exception set forth above which permits decreasing a loan originator’s compensation due to unforeseen increases in settlement costs.

Examiners found that the MLOs knew the correct fee amounts at the time of the initial disclosures as the settlement services had already been performed.  The CFPB made clear that clerical errors are not “unforeseen”.  Rather, these errors violate TRID as the lenders provided the disclosures without using the “best information reasonably available”.  The cures which result from these errors may not be allocated to the loan originator.

Lenders should also be mindful of state labor and employment laws, which may prohibit such a claw back as well.


What is appraisal text scanning and why should a mortgage lender be aware of and concerned with it?


Appraisal text scanning is a process of scanning or reviewing appraisal reports for words or phrases specifically related to race, ethnicity, and/or religion that demonstrate appraisal bias or, at the very least, undermine the credibility of an appraisal by implying that demographics influenced the outcome of the appraisal (whether or not the appraiser intentionally factored race, gender, or other protected class information into the valuation).

In 2021, Fannie Mae initiated an appraisal text scanning process.  Among other terminology, the process specifically searches for terms and phrases like:

  • “pride of ownership,” “no pride of ownership,” and “lack of pride of ownership”;
  • “poor neighborhood”;
  • “good neighborhood”;
  • “crime-ridden area”;
  • “desirable neighborhood or location”; or
  • “undesirable neighborhood or location”.

Since initiating the appraisal text scanning process, Fannie Mae sent over 1,500 letters to appraisers advising them of potential discriminatory bias findings and reminding them that the use of the subjective phrases or terms may evidence non-objective valuations.In April 2023, Fannie Mae published a blog post, How We Manage Appraisal Quality”, highlighting its text scanning efforts and indicating performance improvements in 2022 as compared to 2021.  However, the blog also indicated Fannie Mae sent 20 referral letters to state regulatory agencies based on identified egregious appraisal issues.  Further, Fannie Mae advised it will continue to enhance its appraisal text scanning review process, including establishing a regular cadence of scanning, to help further minimize appraisal bias.

Mortgage lenders should be aware of the types of terms and terminology that may undermine the credibility of an appraisal and train their underwriters or other appraisal review staff accordingly. 


What are Fannie Mae’s new loan selection recommendations for a mortgage lender’s risk based monthly Pre-Funding Quality Control (QC) selections?


Fannie Mae recently enhanced its pre-funding quality control requirements.  Fannie Mae’s March 1, 2023 updates (D1-2-01, Lender Pre-funding Quality Control Review Process) introduced new recommendations for a lender’s monthly pre-funding QC loan selection criteria.

Fannie Mae requires that Pre-Funding QC reviews target areas that the lender identifies as having a higher potential for errors, misrepresentation, or fraud.  Fannie Mae sets forth the following targeted areas for a lender’s consideration in this regard.

  • Loans with characteristics or circumstances related to errors or defects identified in prior pre-funding and post-closing review results;
  • Loans with complex income calculations (for example, rental income, self-employed, and short history of receipt of income);
  • Loans requiring the use of non-standard processing or underwriting guidelines (for example, delayed financing, multiple financed properties, assets used as income, or manual reserve calculations);
  • Loans secured by properties located in areas with high delinquency rates or areas experiencing rapid increases or decreases in property values;
  • Loans with flags and messages that indicate potential overvaluation or appraisal quality issues on appraisals scored through Collateral Underwriter;
  • Loans with multiple layers of credit risk, such as high LTV ratios, low credit scores, or high DTI ratios;
  • Loans originated or processed through various business sources, a particular branch office, staff person, contractor, third-party originator, or appraiser;
  • Loans that test the effectiveness of action plan controls;
  • Loans originated or processed by newly hired loan officers, processors, appraisers, or other personnel or third parties involved in the loan origination process; and
  • Loans for which the feedback or results from third-party tools indicate potential areas of concern.

Please note that these are suggestions from Fannie Mae and not an exclusive list.


What are a mortgage lender’s responsibilities with regard to detecting and preventing appraisal discrimination?


Appraiser discrimination is a significant concern for mortgage lenders today.  In recent months, various agencies, including the CFPB and HUD, issued guidance and/or encouraged consumers to come forward to report incidents of suspected appraisal discrimination.  Further, alongside appraisers, mortgage lenders have been named as defendants in lawsuits alleging appraisal discrimination.


Although appraisers – and the appraisals they produce – must be independent, there are steps mortgage lenders can take to help detect and prevent appraisal discrimination and the risks associated therewith.  Below are some best practices mortgage lenders should consider implementing in this regard:


  • Train employees, particularly mortgage loan originators, to identify concerns and/or complaints surrounding appraisal discrimination and to promptly escalate them to management. Such training should be in addition to the general fair lending training periodically required of all employees.
  • Log all appraisal complaints and requests for reconsideration of value (including resolutions and results) and review periodically for concerning trends or patterns.
  • Ensure underwriters thoroughly review appraisal reports for discriminatory pictures and/or comments. This may include photographs of the applicant or inappropriate comments about the neighborhood.
  • Follow all agency guidelines with regard to appraisals and appraisal assessments.
  • Utilize web-based tools, such as Collateral Underwriter or Loan Collateral Advisor, as appropriate, to analyze appraisal reports.
  • Perform quality control or internal audits of appraisals that include comparing the assigned value against similar properties in the area. In the event of discrepancies in value, review the demographic information of the applicant for potential concerns.
  • Develop and implement written policies and procedures surrounding appraisals, including detailed reconsideration procedures. Applicants should be made aware that they may request reconsiderations of value (ROV).  ROV requests should be considered in all instances and a consistent process should be established and followed.  Lenders should maintain a log documenting the reason(s) for granting or rejecting the request.
  • Include appraisal issues, including discrimination, as a topic of discussion at Board, Risk Management, and/or Compliance committee meetings.


Fannie Mae recently updated the seller/servicer reporting requirements related to the Office of Foreign Assets Control (OFAC) regulations. What does the update entail and when does it take effect?


Fannie Mae updated OFAC reporting requirement to align with current reporting requirements for anti-money laundering (AML) violations. Updated reporting requirements are mandatory as of May 1, 2023.  Below are the reporting requirements with new requirements in bold:

A seller/servicer:

  • Must establish and maintain an effective OFAC compliance program;
  • Must report all instances of penalties (civil or criminal) or enforcement actions for compliance failures or violations related to OFAC requirements to Fannie Mae’s Ethics division;
  • May not deliver a loan to Fannie Mae if any borrower is on one of the sanctions lists maintained by OFAC; and
  • Must periodically screen the loans that it services for Fannie Mae against OFAC’s sanctions lists. If the servicer identifies a valid match, the servicer must
    • Notify Fannie Mae Ethics via email within 24 hours of blocking or rejecting a mortgage transaction, including in the notice the borrower’s name, Fannie Mae loan number, and a point of contact at the servicer. Upon receipt of the notice, a representative from Fannie Mae will contact the servicer to discuss the match and any potential next steps.
    • Take steps to ensure that any funds from the individual or entity on an OFAC sanctions list are blocked and segregated, including any escrow funds.
    • Take steps to ensure that all servicing activities on the loan cease. This includes, but is not limited to,
      • Remittance of P&I payments to Fannie Mae,
      • Payments to taxing authorities,
      • Payments to property and flood insurers,
      • Payments to mortgage insurers,
      • Collection activities, including performing property inspections,
      • Loss mitigation activities, and
      • Foreclosure


What are some useful resources and/or job aids mortgage lenders should share with their employees to assist in training on how to identify and prevent mortgage fraud?


It is critical for mortgage lenders to continuously train staff on detection and prevention of mortgage fraud. Employees should be familiar with the types of red flags they are likely to encounter when fulfilling their position responsibilities and understand that suspicion of mortgage fraud must always be reported to the Compliance Officer or other designated individual within the company.

There is a wealth of resources mortgage lenders can utilize to assist in training employees in this area. Two key resources include Fannie Mae and Freddie Mac. It would be considered a best practice recommendation for mortgage lenders to require employees to review and familiarize themselves with the following:

  • Fannie Mae Mortgage Fraud Prevention webpage – includes a fraud alerts section sharing potential and active mortgage fraud scenarios, as well as a common red flags list and fraud schemes section. The webpage also provides an explanation of Desktop Underwriter potential red flag messages and anti-fraud tutorials.
  • Freddie Mac Fraud Prevention webpage – includes a fraud prevention spotlight highlighting specific and current fraud scenarios, as well as a fraud prevention and best practices page.


How can a mortgage lender ensure it maintains an effective, independent oversight process for mortgage origination Quality Control (QC) in compliance with Fannie Mae requirements?


Fannie Mae’s December edition of Quality Insider focuses on the importance of maintaining clear QC independence and an effective internal audit process to ensure a robust QC program. Lenders that fail to maintain an effective QC program will be in breach of their contractual obligations with Fannie Mae.

Fannie Mae noted that during audits of approved seller/servicer QC programs, it commonly finds that lenders do not have a compliant process in place to audit their post-closing QC process. In fact, most commonly, Fannie Mae indicated it observes that a lender’s QC program:

  • Does not have an internal audit function;
  • Has an internal audit function but it is not independent of the business functions it reviews;
  • Does not have a comprehensive written plan to direct the internal audit process across all loan manufacturing and servicing business functions;
  • Has an internal audit program but has not initiated the internal audit process; and
  • Has not established an internal audit schedule to specify the areas of review and time frame in which they will be conducted.

Within the Quality Insider, Fannie Mae indicates that lenders should conduct an annual independent audit review of the QC process to maintain a robust risk management program and clearly define the scope of the audit process as well as the proposed schedule.

Lenders must have internal audit and management control procedures to evaluate and monitor the overall quality of its loan production. At a minimum, Fannie Mae requires:

  • The procedures must be independent of all key functions of the loan manufacturing process that they review, so that such procedures provide an objective and unbiased evaluation that adds value and improves the lender’s operations.
  • The lender’s lines of reporting must reflect the independence of the audit process at all levels, resulting in activities that are conducted in an unbiased manner and without quality compromises resulting from internal influences or conflicts of interest.
  • The audit function must not share any reporting lines with the functional areas that it reviews.
  • The audit function must report directly to the lender’s senior management and/or board of directors. The procedures must be consultative, so that they help the lender accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

For more information on the importance of maintaining an effective internal audit program of the QC functional area, please visit Fannie Mae’s fourth edition of the Quality Insider.


I heard that there are state privacy laws going into effect in 2023 in Colorado, Connecticut, Utah, and Virginia. What does this mean for mortgage lenders operating in these states?


Each state’s privacy statute exempts financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). As such, since mortgage lenders are subject to the GLBA, they are exempt. Below, please find reference to each applicable statutory exemption:

Colorado Consumer Privacy Act (CPA) – SB 190 § 6-1-1304(2)(j)(II)

This part 13 does not apply to: Collected, processed, sold, or disclosed pursuant to the federal “Gramm-Leach-Bliley Act” U.S.C. SEC. 6801 et seq., as amended and implanting regulations, if the collection, processing, sale or disclosure is in compliance with that law.

Connecticut Data Privacy Act (CTDPA) – SB 6 § 3(a)

The provisions of sections 1 to 178 11, inclusive, of this act do not apply to any: financial institution or data subject to Title V of 184 the Gramm-Leach-Bliley Act, 15 USC 6801 et seq.

Utah Consumer Privacy Act (UCPA) – SB 227 § 13-61-102(2)(k)

This chapter does not apply to a financial institution or an affiliate of a financial institution governed by, or personal data collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. Sec. 6801 et seq., and related regulations.

Virginia Consumer Data Protection Act (VCDPA) – § 59.1-576

This chapter shall not apply to any financial institution or data subject to Title V of the federal Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.).


As a residential mortgage lender and/or broker, what are my company’s Anti-Money Laundering (AML) training requirements?


The Bank Secrecy Act (BSA), which requires mortgage lenders and brokers to maintain an AML program, indicates that persons/entities subject to the BSA must:

[p]rovide for on-going training of appropriate persons concerning their responsibilities under the program. A loan or finance company may satisfy this requirement with respect to its employees, agents, and brokers by directly training such persons or verifying that such persons have received training by a competent third party with respect to the products and services offered by the loan or finance company.”

The Multistate Mortgage Committee Examination Manual – BSA/AML Program Examination Procedures (Exam Manual) provides insight on what state regulators will consider effective AML ongoing training for employees.  Specifically, the Exam Manual indicates:

Training should include all applicable regulatory requirements and the company’s BSA/AML Program policies, procedures, and controls. At a minimum, the training program must provide training for all personnel whose duties require knowledge of the BSA/AML Program. An effective training program should be tailored to the specific responsibilities of personnel. … Existing employees should receive training at least annually and new employees should receive appropriate training within a reasonable period after joining the company. The training program should reinforce the importance of the BSA/AML Program and ensure that all employees understand their role in maintaining an effective Program.

The Exam Manual also highlights the importance of adequate training for the AML Compliance Officer and for the Board of Directors and/or Executive Management in their leadership roles.

Although neither the BSA nor Exam Manual indicate a specific period of time in which employees must complete AML training after hire, best practice is for all employees to complete this training within 30 days of hire.  It is possible for any employee to encounter suspicious or illegal activity at any time.  Employees must understand their responsibilities under the AML program and how to handle and internally report/escalate suspicious situations. 

Mortgage lenders/brokers must also maintain adequate records of all AML training.  This includes, but is not limited to:

  • Training materials/content;
  • Testing materials and scores; and
  • Attendance records including relevant dates of training (i.e. assigned date, completed date, due date). 


If we issue preapprovals for TBD properties, are we required to report the preapproval on our HMDA LAR?


It depends. 

If a mortgage lender maintains a preapproval program under HMDA, the lender must report preapprovals that are (i) denied or (ii) approved but not accepted. 

A preapproval program for HMDA purposes involves requests for preapprovals for home purchase loans (other than open-end lines of credit, reverse mortgages, or loans secured by multifamily dwellings) whereby, after comprehensive analyses of applicants’ creditworthiness (including verification of income, resources, etc.), the lender issues written commitments valid for designated periods of time and up to specified loan amounts. The written commitments may not be subject to conditions other than the following:

(i) Conditions that require the identification of a suitable property;

(ii) Conditions that require that no material change has occurred in the applicant’s financial condition or creditworthiness prior to closing; and

(iii) Limited conditions, such as requiring acceptable title insurance binder or a certificate of clear termite inspection, that are not related to the financial condition or creditworthiness of the applicant that the financial institution ordinarily attaches to a traditional home mortgage application.  

If a mortgage lender does not regularly use the procedures outlined above and instead considers preapproval requests on an ad hoc basis, the lender would not have a HMDA preapproval program.

If required to report preapprovals, a mortgage lender should use the date the lender received the preapproval request or completed the application form as the application date.  A lender should be generally consistent in which method it uses.  For the final action take date, a mortgage lender should report the following for preapprovals:

  • Preapproval Approved But Not Accepted = any reasonable date, such as approval date, deadline for accepting offer, or date file was closed; and

  • Preapproval Denied = date preapproval request was denied or date notice sent to applicant.


What are the amendments to the Safeguards Rule, do they apply to my company, and when do they go into effect?


The Safeguards Rule requires financial institutions (including mortgage lenders and brokers) to develop, implement, and maintain an information security program to protect customer financial information. In October 2021, the Federal Trade Commission (FTC) approved amendments to the Safeguards Rule in order to ensure the Rule keeps pace with current technology and addresses current risks.

The amendments require financial institutions to maintain a more detailed and comprehensive information security program. The amendments also provide greater clarity including specificity in regard to elements required for an information security program and additional definitions of terms like “multi-factor authentication,” “penetration testing,” and “security event”.

While some provisions went into effect in January 2022, other sections of the rule were set to go into effect on December 9, 2022. The FTC recently voted to extend the December 2022 effective date to June 9, 2023. The provisions of the updated rule specifically affected by the six-month extension include:

  1. designating a “qualified individual” to oversee the information security program and reporting to the Board in writing on the program at least annually;

  2. developing a written risk assessment that includes:

    1. criteria for the evaluation and categorization of identified security risks or threats;

    2. criteria for the assessment of the confidentiality, integrity, and availability of information, including the adequacy of the existing controls in the context of the identified risks or threats; and

    3. requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the information security program will address the risks;

  3. limiting and monitoring who can access sensitive customer information through various safeguards;

  4. encrypting all sensitive information held or transmitted;

  5. training security personnel;

  6. developing an incident response plan;

  7. periodically assessing the security practices of service providers; and

  8. implementing multi-factor authentication or another method with equivalent protection for any individual accessing customer information.

Despite the six-month extension, companies should not delay in addressing the new requirements as they will take time to develop and implement.

The FTC published a guide, FTC Safeguards Rule: What Your Business Needs to Know, which is a useful resource for complying with the Safeguards Rule.


Are business purpose loans reported on the Mortgage Call Reports (MCR) and/or the HMDA LAR?


Business purpose loans are clearly excluded from the MCRs based upon the MCR definition of an application:

An application is an oral or written request for an extension of credit encumbering a 1- 4 family residential property. Exclude any commercial/business/investment purpose encumbrances from reporting. Include inquiries or Pre-Qualification requests that result in denial of credit. The application date used is either (1.)The date on the initial 1003 with the borrower’s signature; (2) The date of an oral request for extension of credit, with deference to the initial 1003; (3) Inquiries and Pre-Qualification requests, if declined, should use the denial date.

For HMDA purposes, an exclusion exists for loans that are primarily for business or commercial purposes unless the loan is also a home purchase loan, home improvement loan, or refinancing – in which case, it should be reported on the HMDA LAR.

1003.3(c)(10): The requirements of this part do not apply to: (10) A closed-end mortgage loan or open-end line of credit that is or will be made primarily for a business or commercial purpose, unless the closed-end mortgage loan or open-end line of credit is a home improvement loan under § 1003.2(i),a home purchase loan under § 1003.2(j),or a refinancing under § 1003.2(p);

Home Purchase Loan a closed-end mortgage loan or an open-end line of credit that is for the purpose, in whole or part, of purchasing a dwelling. 12 CFR 1003.2(j)

Home Improvement Loan a closed-end mortgage loan or an open-end line of credit that is for the purpose, in whole or part, of repairing, rehabilitating, remodeling, or improving a dwelling or the real property on which the dwelling is located. 12 CFR 1003.2(i)

Refinancing a closed-end mortgage loan or an open-end line of credit in which a new dwelling-secured debt obligation satisfies and replaces an existing dwelling secured debt obligation by the same borrower. 12 CFR 1003.2(p)

Pages: 1 2