Once a quarter, we gather mortgage leaders to discuss industry best practices for ensuring compliance and consumer protection. This was our most collaborative discussion yet—participants were chiming into the discussion left and right, sharing their questions, concerns, challenges, and insights.
The discussion covered a wide range of topics, including the CFPB’s recent advisory opinion on comparison shopping platforms, who bears the responsibility of marketing compliance, recent examination and audits, UDAAP (specifically the CFPB’s policy statement on abusiveness), keeping loan officers RESPA compliant on social media, and more.
What We’re Recapping
- The Recent Advisory from the CFPB on Comparison Shopping Platforms
- Marketing Compliance Responsibilities
- Examinations and Audits
- UDAAP and the CFPB’s Policy Statement on Abusive Acts and Practices
- Loan Officers on Social Media: Preventing RESPA Violations When Sharing Open Houses
- Join the next mortgage roundtable
The Recent Advisory from the CFPB on Comparison Shopping Platforms
The conversation started out strong when one attendee asked, “How is the group navigating the recent advisory opinion from the CFPB regarding digital comparison shopping platforms?”
It’s been top-of-mind for many participants, but the overall consensus is that there hasn’t been much action taken by mortgage companies—yet.
Some participants are waiting to see what happens with the Credit Trigger Bill before taking any action. The fate of the bill will ultimately impact how the CFPB moves forward with ideas or guidance on lead generation services.
For those who aren’t familiar with the Credit Trigger Bill and its connection to the CFPB’s advisory opinion, here’s a quick background: The Credit Trigger Bill aims to limit the selling of trigger leads, including those related to mortgage applications. The CFPB recently identified trigger leads as a possible violation of the Real Estate Settlement Procedures Act (RESPA) and other consumer protection laws in its advisory opinion.
Others agreed and mentioned that they haven’t done anything specific yet, but they do keep a close eye on their loan officers and lead generation efforts. They thoroughly vet everything and keep the advisory opinion and bill top-of-mind.
Another participant stated that while they don’t use the specific platforms mentioned in the CFPB’s advisory opinion, they are preparing for the possibility of the scope being widened to include other areas, such as realtors naming preferred lenders on home listings.
Marketing Compliance Responsibilities
A common theme that was discussed is that marketing teams, individual branches, and loan officers are now being held responsible for “policing themselves” and making sure that they’re in compliance—which is a “recipe for disaster,” says one attendee.
Another attendee, who sits on their organization’s marketing team but whose sole responsibility is compliance, asked the group how they felt about:
- Certifying certain people or branches on marketing compliance so that they can better police themselves; and/or
- Developing training materials that distinguish between low-risk and high-risk content, and provide clear guidelines for determining which content can be posted without requiring compliance approval, versus which content must be submitted for approval
When marketing teams get desperate, they get more creative and push the envelope, which can lead to riskier outputs—so it’s concerning to some to pass it off to people not in compliance, said one attendee.
Some organizations are already providing training to their marketing teams. One attendee talked about how they created a reference guide for their marketing team that outlines the “have to haves” for different marketing channels and assets for it to be compliant. They also have a database of disclaimers that the entire company can access.
Another attendee mentioned that they have created a repeatable boilerplate template for marketing materials that don’t involve products, like an announcement of servicing a new state or a new loan officer. This template doesn’t have to be approved by compliance as it follows pre-approved guidelines.
The overall consensus is that empowering marketing teams to create compliant content is helpful, but “removing oversight completely is very scary.”
Examinations and Audits
One thing that’s for certain is that compliance exams and audits are still going strong—one attendee said that their company is juggling six exams at once. Another attendee has been dealing with an ongoing exam for over a year, and just got hit with 40 more requests for it.
Social Security Audits
One attendee shared that the Social Security Office (SSO) is now auditing mortgage companies on how they verify consumers’ social security numbers. And, even if you outsource the verification process, you’re still responsible for what your third party does. They emphasized that the SSO is looking for specific procedures and record retention, especially when it comes to third parties.
It’s also worth noting that the SSO is hiring independent CPA firms to carry out these audits. So, if you get an email from a new person asking for social security info, you need to do your due diligence and make sure they’re the real deal before handing over any sensitive information.
Pandemic Planning for Business Continuity and Disaster Recovery Plan (BCDR)
One attendee warned that auditors are now requesting organizations to include pandemic planning in their Business Continuity and Disaster Recovery Plans (BCDR) if not already present. The auditors didn’t provide any specific guidance on how to add it in, besides that procedures should be clearly documented for any future instances.
Auditors are also looking at how often organizations perform disaster recovery tests. Make sure to update your BCDR to include post-pandemic procedures and environments like remote work.
UDAAP and the CFPB’s Policy Statement on Abusive Acts and Practices
The CFPB recently published a policy statement on abusive acts and practices that aims to clarify what’s considered “abusive.” But, attendees feel that the policy is still very subjective based on the individual who’s reading it and how they receive it.
“In all the years I’ve been in this job, there’s not much that I would consider abusive,” says one attendee.
In his remarks, Director Chopra defined “abusive” as “company conduct that obstructs people’s ability to digest information.” It’s all about how you are sharing information—does it prohibit the consumer from being able to understand that information?
The group agreed that it’ll be interesting to see how the CFPB continues to define and enforce it.
State Examinations and UDAAP
Compared to other regulations like the Truth in Lending Act (TILA), UDAAP is not cited as frequently in exams. And, specific to the abusiveness prong, examiners have very rarely cited “taking unreasonable advantage of the consumer” in attendees’ experiences.
One attendee mentioned that there have been consumer complaints where they mentioned that they’ve been taken advantage of (likely due to a lack of understanding of the financial system), but they never had an examiner come back and cite for that.
Either way, attendees agreed that marketing content still needs to go through the compliance department and that they don’t feel comfortable letting them govern themselves on UDAAP.
Loan Officers on Social Media: Preventing RESPA Violations When Sharing Open Houses
One attendee asked the group if they’ve had any issues with loan officers sharing social media posts from realtors promoting an open house.
Loan officers can like these posts, but reposting or making statements that could imply that they are working together could raise RESPA concerns.
One attendee said that to make it semi-compliant (noting that they shouldn’t share at all but they’re going to do it anyway), they need to turn the post around and make it about them and deflect the realtor. Writing something like, “Come see me and see how you can get pre-approved for a mortgage loan,” for example, would help avoid the implication that they are working together.
Join the next mortgage roundtable
Want to be part of the next roundtable discussion? Request your invite to be a part of the COMPLY Mortgage Compliance Community—a community dedicated to navigating the ever-evolving world of mortgage regulatory compliance.
As a member, you’ll have access to:
- A private and monitored Slack group where you can connect and collaborate with your peers year-round
- Invitations to our quarterly virtual roundtable events
- Priority access to mortgage compliance content and additional events (both in-person and virtual)
Request your invite here!
PerformLine 
John Zanzarella 