Colorado Amends MLO Licensing and Consumer Protection Provisions

MLO Licensing        

The state of Colorado has amended MLO licensing provisions under its Mortgage Loan Originator Licensing and Mortgage Company Registration Act. These provisions are effective as of August 8, 2018.

License Requirements

Under the previous provision, mortgage loan originators were required to complete a mortgage lending fundamentals course which included at least nine hours of instruction. Under the amended provision, mortgage loan originators are instead required to attend at least twenty hours of education approved by the Nationwide Multistate Licensing System and Registry.

Board of MLOs

The board of mortgage loan originators consists of five members appointed by the governor with the consent of the Senate. Under the previous provision, three members shall be licensed MLOs. Under the revised provision, three members must be licensed MLOs, and the governor is encouraged to appoint at least one MLO who is an employee or exclusive agent of a Colorado-based company. The requirement that the other two members must be members of the public at large who are not engaged in mortgage origination or lending remains unchanged.

For the full text of House Bill 1174, please refer to http://leg.colorado.gov/sites/default/files/documents/2018A/bills/2018a_1174_signed.pdf.

 

Consumer Protection

 Colorado has enacted consumer protection provisions related to consumer data privacy. These provisions are effective as of September 1, 2018.

Disposal of Documents          

Under the new provisions, covered entities that maintain paper or electronic documents are required to develop a written policy for the destruction or proper disposal of those documents. The policy must require that the entity destroy any documents containing personal identifying information when they are no longer needed. Destruction can be achieved by shredding, erasing, or otherwise modifying the personal identifying information so that it is unreadable.

Protection of Information

Entities are furthered required to implement and maintain reasonable security measures to protect consumer’s personal identifying information. These measures must be appropriate to both the nature of the identifying information and to the nature and size of the business. A covered entity must also either provide its own security protection for the information it discloses to a third-party service provider, or it must require the third-party service provider to implement and maintain its own reasonable security measures.

Notice of Security Breach

In the event of a breach of personal information, a covered entity must provide notice to the affected Colorado resident no later than thirty days after the date of determination that a security breach has occurred. Such notice must include: 1) the estimated date or dates that the breach occurred, 2) a description of the personal information that is believed to have been acquired through the breach, 3) information that can be used by the resident to contact the covered entity about the breach, 4) the toll-free numbers, addresses, and websites of consumer reporting agencies; and 5) a statement that the resident can obtain information from the Federal Trade Commission and the credit reporting agencies regarding fraud alerts and security freezes.

For the full text of House Bill 1128, please refer to https://leg.colorado.gov/sites/default/files/documents/2018A/bills/2018a_1128_signed.pdf.

  • 14134296646

Elizabeth Dailey, JD, is a Regulatory Compliance Director with CLA. She is a graduate of the University of New Hampshire and earned her juris doctor at New England Law. She is admitted to the Massachusetts Bar.

Comments are closed.