Chapter 7 - Review of Federal Law - Part 3

Types of Privacy Notes

• 4 types o 1. Initial - These are sent to customers no later than when the relationship is established and includes an opt-out notice o 2. Opt Out- This is sent to consumers or customers prior to sharing non-public personal information. The opt-out is provided with every other notice. o 3. Annual - This notice is sent yearly to customers throughout the term of the relationship . o 4. Revised - this notice is sent if the institution changes its privacy policy or opt-out terms. • These notices can be delivered by hand, by mail, or electronically.

What is a Red Flag?

• A red flag includes patterns, practices, or specific activities that indicate the possibly of identity theft. These red flags may vary depending on the type of account or the specific situation. Some common red flags are: • Alerts, notifications, and warnings from a credit reporting company; • Suspicious documents; o Personal Identifying Information that is inconsistent; and o Suspicious account activity.

Required Disclosure to the Borrower

• Before a financial institution can use e-signatures and electronic records they are required to obtain permission from the borrower. This includes providing a disclosure to the consumer explaining their rights to obtain any record in a non-electronic form and the right to withdraw consent to the use of electronic records. The financial institution is also required to provide a statement of software and hardware requirements for access to and retention of electronic records.

E-Sign Act

• Electronic Signature in Global and National Commerce Act • Regulation: N/A • 2000 • Main purpose: Allows for electronic signatures on mortgage loan documents • Disclosures/Notices Required: o Prior content o Notice of availability of paper records • The E-Sign Act allows for electronic signatures to be used as a valid signature for financial transactions with the permission of the borrower. The E-Sign Act also allows for electronic records to satisfy any federal statute.

Economic Growth, Regulatory relief and Consumer Protection Act

• In May of 2018, Congress passed the Economic Growth, Regulatory Relief and Consumer Protection Act which requires nationwide consumer reporting agencies to provide national security freezes free to consumers. The National Security Freeze restricts prospective lenders from obtaining access to credit reports making it harder for identity thieves to open accounts in a consumer's name. This amendment to FCRA requires that whenever the Summary of Consumer of Consumer Rights or the Summary of Consumer Identity Theft Rights is required to be sent that a new disclosure must be sent related to the national security freeze. The Summary of Consumer Rights is a summary of rights to obtain and dispute information in consumer reports and to obtain credit scores. The Summary of Consumer Identity Theft Rights is a summary of rights of identity theft victims. • To review the Summary of Consumer Rights Go Here: https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.docx • To review the Summary of Identity Theft Rights go here: https://files.consumerfinance.gov/f/documents/bcfp_consumer-identity-theft-rights-summary_2018-09.docx

Prohibited Acts Under the MAP Rule

• It is a violation of the MAP Rule for any person to make any material misrepresentation, expressly or by implication, in any commercial communication, regarding any term of any mortgage credit product, including but not limited to misrepresentations about: o The interest charged for the mortgage credit product, including but not limited to misrepresentations concerning: o The amount of interest that the consumer owes each month that is included in the consumer's payments, loan amount, or total amount due, or Whether the difference between the interest owed and the interest paid is added to the total amount due from the consumer o The annual percentage rate, simple annual rate, periodic rate, or any other rate o The existence, nature, or amount of fees or costs to the consumer associated with the mortgage credit product, including but not limited to misrepresentations that no fees are charged o The existence, cost, payment terms, or other terms associated with any additional product or feature that is or may be sold in conjunction with the mortgage credit product, including but not limited to credit insurance or credit disability insurance o The terms, amounts, payments, or other requirements relating to taxes or insurance associated with the mortgage credit product, including but not limited to misrepresentations about: • Whether separate payment of taxes or insurance is required; or • The extent to which payment for taxes or insurance is included in the loan payments, loan amount, or total amount due from the consumer; o Any prepayment penalty associated with the mortgage credit product, including but not limited to misrepresentations concerning the existence, nature, amount, or terms of such penalty; o The variability of interest, payments, or other terms of the mortgage credit product, including but not limited to misrepresentations using the word "fixed"; o Any comparison between: • Any rate or payment that will be available for a period less than the full length of the mortgage credit product; and • Any actual or hypothetical rate or payment; o The type of mortgage credit product, including but not limited to misrepresentations that the product is or involves a fully amortizing mortgage; o The amount of the obligation, or the existence, nature, or amount of cash or credit available to the consumer related to the mortgage credit product, including but not limited to misrepresentations that the consumer will receive a certain amount of cash or credit as part of a mortgage credit transaction; o The existence, number, amount, or timing of any minimum or required payments, including but not limited to misrepresentations about any payments or that no payments are required in a reverse mortgage or other mortgage credit product; o The potential for default under the mortgage credit product, including but not limited to misrepresentations concerning the circumstances under which the consumer could default for nonpayment of taxes, insurance, or maintenance, or for failure to meet other obligations; o The effectiveness of the mortgage credit product in helping the consumer resolve difficulties in paying debts, including but not limited to misrepresentations that any mortgage credit product can reduce, eliminate, or restructure debt or result in a waiver or forgiveness, in whole or in part, of the consumer's existing obligation with any person; • The association of the mortgage credit product or any provider of such product with any other person or program, including but not limited to misrepresentations that: o The provider is, or is affiliated with, any governmental entity or other organization; or • The product is or relates to a government benefit, or is endorsed, sponsored by, or affiliated with any government or other program, including but not limited to using formats, symbols, or logos that resemble those of such entity, organization, or program; • The source of any commercial communication, including but not limited to misrepresentations that a commercial communication is made by or on behalf of the consumer's current mortgage lender or servicer; • The right of the consumer to reside in the dwelling that is the subject of the mortgage credit product, or the duration of such right, including but not limited to misrepresentations concerning how long or under what conditions a consumer with a reverse mortgage can stay in the dwelling; • The consumer's ability or likelihood to obtain any mortgage credit product or term, including but not limited to misrepresentations concerning whether the consumer has been preapproved or guaranteed for any such product or term; • The consumer's ability or likelihood to obtain a refinancing or modification of any mortgage credit product or term, including but not limited to misrepresentations concerning whether the consumer has been preapproved or guaranteed for any such refinancing or modification; and • The availability, nature, or substance of counseling services or any other expert advice offered to the consumer regarding any mortgage credit product or term, including but not limited to the qualifications of those offering the services or advice. • Please note all covered commercial communications must be kept for a minimum of 2 years from the date that the communication was made to the consumer to comply with the MAP Rule.

Suspicious Activity Reports (SARS)

• A large part of BSA/AML is the requirement of suspicious activity reports or SARs. These reports must be filed with FinCEN when one of the following circumstances occurs: o Insider abuse involving any amount. Whenever the bank detects any known or suspected federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank, where the bank believes it was either an actual or potential victim of a criminal violation or series of criminal violations, or that the bank was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying one of the bank's agents, or other institution-affiliated parties as having committed or aided in the commission of the criminal violation, regardless of the amount involved in the violation o Transactions aggregating $5,000 or more where a suspect can be identified. Whenever the bank detects any known or suspected federal criminal violation, or pattern of criminal violations, aggregating $5,000 or more, where the bank believes it was victim of a criminal violation, or that the bank was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying a possible suspect or group of suspects. o Transactions aggregating $25,000 or more regardless of potential suspects. Whenever the bank detects any known or suspected federal criminal violation involving transactions conducted through the bank, involving or aggregating $25,000 or more in funds or other assets, where the bank believes it was either an actual or potential victim of a criminal violation, or that the bank was used to facilitate a criminal transaction, even though the bank has no substantial basis for identifying a possible suspect or group of suspects; or o Transactions aggregating $5,000 or more that involve potential money laundering or violations of the Bank Secrecy Act. Any transaction (which for purposes of this paragraph (a)(4) means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, though, or to a financial institution, by whatever means effected) conducted or attempted by, at or through the bank and involving or aggregating $5,000 or more in funds or other assets, if the bank knows, suspects, or has reason to suspect that o The transaction involves funds derived from illegal activities or is intended or conducted to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or The transaction has no business or apparent lawful purpose or is not the sort of transaction in which the customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction. • The required SAR must be filed no later than 30 calendar days after the date of the initial detection of the issue. A bank must maintain a copy of any SAR filed and all supporting documentation for 5 years from the date of the filing.

Red Flag Rules

• As a part of FACTA, the Red Flags Rule was established. It was established to prevent identity theft. The Red Flags Rule applies to financial institutions and creditors. The Rule also requires those organization conduct risk assessments to determine if it has "covered accounts" and are safeguarding those accounts properly. • A financial institution is defined as a state or national bank, a mutual savings bank, a credit union, or any other person that, directly or indirectly holds a "transaction account" belonging to a consumer. A "transaction account" is a deposit account or loan account where the owner may make payments or deposits or transfers to third parties. It includes checking, savings and share draft accounts. • Creditor is defined broadly as a business or organization that defers payments for goods or services or provides goods or services and bill consumers later. Examples include utility companies, health care providers, or telecommunication companies. Creditor also includes an entity that regularly approves or arranges loans or the extension of credit or makes credit decision (mortgage brokers and lenders would fall under the term). • Covered accounts come in two categories: 1. A consumer account for the customer's personal, family or household purposes that involves or allows multiple payments or transactions (credit card accounts, mortgage loans, auto loans, checking accounts and savings accounts). 2. Any other account that a financial institution or creditor offers or maintains for which there is a reasonable foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks. These include small business accounts, sole proprietorship accounts, or single transaction consumer accounts. • Now that we understand who and what the Rule applies to, let's talk about what the Rule requires that these financial institutions and creditors do. The Red Flags Rule gives the required entities a roadmap to developing, implementing and administering an identity theft program. The program is required to have four basic elements, those elements are: 1. The program must include reasonable policies and procedures to identify the red flags of identity theft that may occur in day-to-day operations. 2. The program must be designed to detect the red flags that have been identified. (example, if fake IDS have been identified as a red flag, then the program must have procedures to detect possible fake, forged or altered identification). 3. The program must spell out appropriate actions that need to be taken when a red flag is detected. • The program must detail how to keep the program current for new threats. • MLO's serve as the front-line defense to spot red flags, so it is important to remain vigilant and follow company's policies.

Patriot Act Disclosure Form

• As part of compliance with the Patriot Act financial institutions are required to check two forms of identification for each borrower. The financial institutions usually then use those two pieces of identification to fill out a Patriot Act Disclosure. To see an example of this form, go to: http://www.pawnotary.com/forms/Patriots percent20Act percent20Disclosure.pdf. Keeping this form in the loan file shows that the financial institutions properly complied with the Patriot Act and identified the borrower.

Customer Identification Program

• As part of the U.S. Patriot Act, financial institutions are required to ask for borrower's identification to verify the borrower identity. Regulation requires that all Customer • Identification Programs developed by financial institutions are reasonable in obtaining the information to: o Verify the information of the individual(s) applying for a loan program, o Maintain records to show what methods were used in identifying the individual, and o Determine if the individual(s) applying for a loan appears on any list of known or suspected terrorist or terrorist organization. • Every financial institution should develop a program to show: o Identification procedures required to collect the information required, o Verification procedures using the documents obtained, o Recordkeeping system procedures required by law, o Government list review procedures for checking against terrorist lists, and o Adequate notice procedures which give the customer a statement regarding the importance of the Customer Identification Program. • The information that must be obtained to comply with the Customer Identification is: o Name, o Date of Birth, o Address [must be an actual street address (no PO or APO boxes)], and o Identification number (US citizen - Social Security Number or taxpayer identification number; Non-US Citizen one of more of the following is required - taxpayer identification number, passport # and country of issuance, alien ID #, or any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard).

GLBA

• Gamm-Leach-Bliley Act or Financial Modernization Act • GLBA • 1999 • Protect confidentiality of non-public personal information • Disclosure / notices required: o Privacy Notice • Terms o Non-public personal information o Pretexting • GLBA is a law that has influence over a variety of different areas in the financial industry, but for the purposes of this course, we are concerned most with the privacy section of GLBA. The privacy sections, restrict the disclosure of non-public personal information (NPI). The act established minimum federal privacy standards with the caveat that states could adopt stricter standards not inconsistent with federal laws. GLBA also imposes criminal penalties for anyone who obtains customer information from a financial institution under false pretenses. • There are three arms to GLBA: o The Safeguard Rule o The Opt-Out Rule o The Pretexting Rule • According to GLBA a financial institution is any entity of any size that is significantly engaged in providing financial products or services. This can include check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders or other similar entities

Notice to Home Loan Applicant Disclosure

• In a situation where a creditor discloses to a consumer credit reporting agency negative information the creditor must disclose that information to the consumer. The disclosure must be made to the consumer no later than 30 days after the negative information was provided to the credit bureau(s). If the borrower disputes the negative information, they can send a notice to the creditor that contains the identification of the specific information being disputed, explanation of the reason for the dispute, and all supporting documentation required as evidence of the dispute. The dispute must be resolved within 30 days after the dispute was received. • A consumer may obtain his or her free credit report, permitted by FACTA, by going to www.annualcreditreport.com or to the credit bureau websites directly.

Opt-Out Rule

• In conjunction with the Safeguard Rule, financial institutions are required to protect non-public personal information including the use of privacy notices. First, financial institutions collect information through various ways, including loan applications, credit reports and other financial documentation. Most of the information obtained on those documents are considered nonpublic personal information or NPI. NPI is protected by GLBA and if a financial institution shares (or sells) the above types of information with a third party for uses other than the original intention, the financial institution is required to provide a detailed privacy policy disclosure to the application with the option to opt-out. • Nonpublic personal information is information that is not easily obtained publicly. A few examples of public information are name, address, and telephone number as those things can be obtained through public record. Examples of nonpublic personal information are things like bank account information, credit card account information, social security numbers, and loan account information. These things are not obtainable through public record and this information can be used for identity theft. • As part of the privacy notice requirements there are different privacy notices required depending upon the consumer's relationship with the financial institution. For example, there are different requirements for someone who is just a consumer. A consumer is someone who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family or household purposes. Examples of a consumer relationship are when someone applies for a loan, obtains cash from a foreign ATM, cashes a check with a check-cashing company or arranges a wire transfer. A customer though has a customer relationship with a financial institution, a customer relationship is a continuing relationship with a consumer. The distinction is important because depending on whether a person is a consumer or a customer there are different requirements for the financial institution. • Under GLBA the obligation to a customer is high and requires the financial institution to: o Provide an initial privacy notice at the time the customer relationship is established; o Provide, with the initial privacy notice or separately, an opt-out notice prior to sharing non-public personal information with non-affiliated third parties outside of specific exemptions; o Provide an annual privacy notice for the life of the customer relationship; o Provide customers with a "reasonable amount of time" to opt-out before disclosing non-public personal information to non-affiliated third parties; and o Provide customers with a new revised privacy and opt-out instructions if they change their privacy policy. • Please note that many companies chose to not participate in the sharing or selling of information to non-affiliated third parties.

What is money laundering?

• Money laundering is a term used to describe a scheme in which criminals try to disguise the identity, original ownership, and destination of money that they have obtained through criminal conduct. The laundering is done with the intention of making it seem that the proceeds have come from a legitimate source.

MAP ACT

• Mortgages Act and Practice Act • The MAP Rule • 2011 • Regulation N • Its purpose is to regulate Advertising • Terms o Commercial communication o Mortgage credit product o Term • The Federal Trade Commission enforces the act • TILA is a complementary act • The Mortgage Acts and Practices Act or MAP was created in 2011 to prohibit misrepresentation in a commercial communication about any term(s) of a mortgage credit product. • There are three important terms to remember when discussing the MAP: o Term means any of the fees, costs, obligations, or characteristics of or associated with the product. It also includes any of the conditions on or related to the availability of the product. o Mortgage credit product means any form of credit that is secured by real property or a dwelling and that is offered or extended to a consumer primarily for personal, family, or household purposes. o Commercial communication means any written or oral statement, illustration, or depiction, whether in English or any other language, that is designed to effect a sale or create interest in purchasing goods or services, whether it appears on or in a label, package, package insert, radio, television, cable television, brochure, newspaper, magazine, pamphlet, leaflet, circular, mailer, book insert, free standing insert, letter, catalogue, poster, chart, billboard, public transit card, point of purchase display, film, slide, audio program transmitted over a telephone system, telemarketing script, on-hold script, upsell script, training materials provided to telemarketing firms, program-length commercial ("infomercial"), the internet, cellular network, or any other medium. Promotional materials and items and Web pages are included in the term commercial communication.

Fair and Credit Transaction Act

• Regulation: N/A • FACTA • 2003 • Improves consumer access to credit information • Provides avenues for the resolution of consumer disputes • Helps to prevent and detect identity theft • Disclosures / Notice required: o Notice to Home loan applicant • Terms o Identity theft o Consumer disputes • CFPB enforces these laws

The Do Not Call Act

• Regulation? N/A • 2003 • To implement and enforce the Do-Not-Call Registry • Donotcall.gov • The Do Not Call Act and the Telephone Consumer Protection Act are the two federal laws that regulate telemarketing. The 1991 Telephone Consumer Protection Act restricts telemarketing calls to households that did not wish to receive telephone solicitations from pre-recorded voice messages from automatic telephone dialing systems. In 2003, a national Do Not Call registry was established that covers all telemarketers, with the exception of certain non-profit organizations. The registry covers individual household landline numbers as well as cell phone numbers. Anyone can be added to this list by visiting the website: www.donotcall.gov. In 2008, Congress amended the Do-Not-Call registry making all additions to the registry permanent to the Do-Not-Call list. To remove a number from the list, someone would have to cancel the phone number or personally request its removal. • Further, the Telephone Consumer Protection Act established the following rules: o Telemarketing calls may only be placed between 8am and 9pm in the time zone of the consumer being called; o "Abandoned" calls are prohibited. A call is considered abandoned if a person answer the call and the telemarketer does not connect to the sales representative within 2 seconds after the greeting; o Telemarketers are required to transmit a caller ID when available; o Threatening, harassing or intimidating tactics are prohibited; and o Telemarketers and sellers are required to keep specific records for 2 years, including promotional materials and telemarketing scripts. • There is an exception where the caller has an established business relationship, and the customer has not asked to be put on the company's internal Do Not Call List. An originator that has established a relationship can solicit the consumer for up to 18 months from any purchase or loan transaction and 3 months from any inquiry or prospect. • All businesses are required to honor Do-Not-Call requests within 31 days from the date the request was made. • Any company that is subject to the Do-Not-Call requirements that does not access the registry prior to making calls could be considered in violation of the Rule. The telemarketing company could be liable because it did not check the registry first. Violations could run up to $40,000 per violation and each call may be considered a separate violation.

Bank Secrecy Act / Anti Money Laundering (BSA/AML)

• Regulation? N/A • BSA/AML • 1970 • To prevent money laundering • Yearly educated is required • Terms o Money laundering o Suspicious activity report (SAR) Do within 30 days • FinCEN enforces

BSA/AML

• The Bank Secrecy Act/Anti-Money Laundering or BSA/AML specifically requires financial institutions institute a compliance program to detect money laundering and suspicious activity. There are four pieces to this compliance program: o 1. Risk Assessment; o 2. A system of internal controls to ensure ongoing compliance; o 3. Independent testing of BSA/AML compliance; o 4. The designation of an individual or individuals responsible for managing BSA compliance; and o 5. Training for appropriate personnel • Every institution needs to create a compliance program based upon the risks that exist in their business. Once their business risks are identified, they need to create internal controls and review all existing policies and procedures to make sure that they can achieve AML compliance. In addition to the internal review and creation of controls to detect money laundering, there must be independent testing by a third party every 12-18 months to determine that AML compliance is in place and that those internal controls are doing what they should be doing. • As part of this process, a BSA/AML compliance officer must be assigned. This individual or individuals should be an expert in BSA/AML regulations and have the ability and resources to design and implement the plan. They are also responsible for filing suspicious activity reports, which we will discuss later in this section. • The last leg of the compliance plan is annual compliance training. This training is required for personnel that deal with situations where risk of money laundering exits this includes MLOs.

The Disposal Rule

• The Disposal Rule is part of FACTA and dictates how institutions should dispose of consumer information. It was designed to reduce the risk of consumer fraud and related harm, including identity theft, created by the disposal of consumer information. • Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information. • Reasonable measures to protect against unauthorized access to or use of consumer information upon disposal include, but are not limited to, the following examples: o Implementing and monitoring compliance with policies and procedures that require the burning; o Pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed; o Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed; o After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule. In this context, due diligence could include reviewing an independent audit of the disposal company's operations and/or its compliance with this rule, obtaining information about the disposal company from several references or other reliable sources, requiring that the disposal company be certified by a recognized trade association or similar third party, reviewing and evaluating the disposal company's information security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the potential disposal company; and o For persons or entities who maintain or otherwise possess consumer information through their provision of services directly to a person subject to this part, implementing and monitoring compliance with policies and procedures that protect against unauthorized or unintentional disposal of consumer information, and disposing of such information in accordance with examples (b)(1) and (2) of this section.

FACTA

• The Fair and Accurate Credit Transaction Act or FACTA is an amendment to FCRA and adds provisions to improve the accuracy of consumers' credit related records. It gives consumers their right to one free credit report each year from each credit reporting agency. It also allows the consumers to purchase, for a reasonable fee, a credit score along with the information about how the credit score is calculated. FACTA also requires the provision of "risk-based pricing" notices and credit scores to consumers whose applications are denied or who receive less favorable offers of credit. The FACTA also adds provisions designed to prevent and mitigate identity theft, including a section that enables consumers to place fraud alerts in their credit files. • FACTA states that "any person who makes or arranges loans" and uses consumer credit scores must follow specific disclosure guidelines. This applies to loan applications completed by a consumer for a closed end or an open-end loan that is secured by a 1-4 family unit dwelling. • MLO's must disclose the following information to the consumer as soon as is reasonably practicable: o The consumer's credit score or the most recent credit score that was provide by the credit reporting agency; o The range of possible credit scores under the model used; o Any factors that adversely affect the score, up to 4 key factors, including excessive inquiries; o The date the credit score was created; and o The name of the company that provided the credit report. • Annual credit report .com is a company that will provide the credit report for free

HPA

• The Homeowner's Protection Act • HPA • 1998 • Regulates private mortgage insurance • Terms o Private mortgage insurance (PMI) o Loan to Value (LTV) • The Homeowner's Protection Act of 1998 was created to regulate the cancellation of private mortgage insurance (PMI). On all non-high risk residential mortgage transactions with private mortgage insurance, a borrower can initiate the cancellation of PMI coverage by submitting a written request to the servicer. The servicer is required to act on that request when: o The principal balance of the loan is first scheduled to reach 80 percent LTV; o The borrower has good payment history; and o The borrower satisfies any requirement of the mortgage holder for evidence of a type established in advance that the value of the property has not declined below the original value and certification that the borrower's equity in the property is not subject to a subordinate lien. • Once the PMI is cancelled the servicer cannot require further PMI payments or premiums more than 30 days after the later of: o the date the written request was received, or o the date on which the borrower satisfied the holder's evidence requirements. • Further, a servicer is required to automatically terminate PMI for residential mortgage transaction on the earliest date that both: o The principal balance of the mortgage reaches 78 percent LTV, and o The borrower is current on mortgage payments.

The Safeguard Rule

• The Safeguard Rule under GLBA requires companies to establish a written information security plan that describes its program to protect information. The plan must be appropriate to the company's size and complexity, the nature and scope of its activities, and the sensitivity of the customer information that it handles. As part of the plan, each company must: 1. Designate one or more employees to coordinate its information security program; 2. Identify and assess the risks to customer information in each relevant area of the company's operation and evaluate the effectiveness of the current safeguards for controlling these risk 3. Design and implement a safeguards program and regularly monitor and test it 4. Select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee its handling of customer information 5. Evaluate and adjust the program considering relevant circumstances, including changes in the firm's business or operations, or the results of security testing and monitoring • The requirements for the policy are designed to be flexible. Companies are encouraged to implement safeguards appropriate for their individual circumstances. • Financial institutions protect customer's personal information by requiring the use of a strong password for computer access (or requiring employees to regularly change their passwords for computer access). Financial institutions also watch for fraudulent attempts to obtain customer information, require customer information be only for those that need to know, and require employee training on how to respond to requests for customer information

USA Patriot Act

• The United and Strengthening America by Providing Appropriate Tools required to Intercept and obstruct terrorism Act • Regulation? N/A • 2001 • Main Purpose: Requires identification to be provided for mortgage loans with the purpose of identifying terrorist • Terms o Terrorism o Terrorist o Money laundering o Financial crimes • Entities responsible for enforcing o Financial Crime Enforcement Network (FinCEN) under the United States Department of Treasury • The USA Patriot Act was created in response to the attacks of September11, 2001. The Treasury Department through its Financial Crimes Enforcement Network (FinCEN) became responsible for implementing the Patriot Act. As you'll recall FinCEN is also responsible for the Bank Secrecy Act. • The purpose of the Patriot Act is to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools and other purposes including: o To strengthen U.S. measures to proven, detect and prosecute international money laundering and the financing of terrorism o To subject to special scrutiny foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse o To require all appropriate elements of the financial services industry to report potential money laundering o To strengthen measures to prevent use of the U.S. financial system for personal gain by corrupt foreign officials and facilitate repatriation of stolen assets to the citizens of countries to whom such assets belong

Quiz questions

• The borrower's credit report cannot show a late mortgage payment for transferred loans for o Answer: 60 days • What does ABA stand for? o Answer: Affiliated Business Arrangements • Kickbacks, referral fees and unearned fees are a violation of which section of RESPA? o Section 8 • If someone violates Section 8 of RESPA they are looking at a fine of up to $10,000, up to 1 year in prison or both • A phrase that represents attractive features of a mortgage loan are called: o Triggering terms • The right of recession pertains to which type of transaction? o Refinance transactions • If the borrower exercises their right to rescind, the creditor is required to return all money within how many days? o Answer: 20 • If the right of recession isn't provided to the borrower(s). The right of Rescind expires when? o Answer: 3 years after consummation • HOEPA is in which reg? o Answer: Regulation Z • HOEPA's Additional disclosure requirement means disclosures must be given: o Answer: 3 business days before consummation • HOPEA also adds what requirement? o Answer: Homeowners Counseling • High priced mortgage loans are covered in which section of TILA o Answer: Section 35 • In order for the loan to be in a QM safe harbor, it is presumed that the loan met which requirement? o Answer: The Ability to Repay Requirement • The ATR rule was meant to do what in Underwriting? o Answer: That the borrow had the ATR • MLOs are all paid the same amount per loan, which prevents steering, this is known as: o Answer: Loan Originator Compensation Rule • What section does the borrower sign? o Acknowledgement and Agreement • Can LO's receive extra compensation based on a loan's interest rate? o No • All MLOs are required to list what on the 1003? o The MLOs Unique Identifier • TRID Doesn't apply to? o Reverse mortgages • If the borrower cannot shop for the fee, the tolerance is: o Zero • If an amount paid by a borrower exceeds tolerance threshold a refund is due the borrower no later than: o 60 days after consummation • The final LE must be received by the borrower in how many days before consummation? o 4 days • The booklet that the CFPB requires after application called? o Your home loan tool kit • The only fee charge before a borrower receives their LE is a fee for? o credit report • An MLO can require or collect information about an applicant's race, color, religion, national origin or sex ... o For HDMA purposes • The term "unmarried" may be defined to include all of the following except? o Same-sex marriage • The Fair Housing Act is the same as ECOA with one condition: o It includes disability • HMDA Report is due? o March 1st every year • Telemarketers can call you from o 8 am to 9 pm • Commercial Communications must be kept for how long? o 2 years • HPA states that the PMI must be terminated at what LTV? o 78%

The Pretexting Rule

• When customer information is obtained under false pretenses, including impersonating someone to fraudulently use their personal information is considered pretexting. A pretexter may call someone acting as if he is from a research company and ask a few questions to try to obtain personal information and then will call a financial institution pretending to get more information to defraud the innocent victim. This is prohibited by GLBA. The pretexting rule also prohibits the use of forged, counterfeit, lost or stolen documents to obtain customer information from a financial institution It is also illegal to ask another person to obtain someone else's information using false, fictitious or fraudulent statements to obtain the information from a financial institution.