Red Flag Rules from FTC and Fannie Mae
Dear Reader,
Rachel Horman, Esq., one of Bankers Advisory’s staff attorneys and our resident expert on Consumer Credit and Information Security, has authored the following article. To discuss how Bankers Advisory can help your organization monitor compliance, contact me at anna@bankersadvisory.com.
Anna DeSimone
Red Flag Rules from FTC & Fannie Mae
by Rachel Horman, Esq.
Staff Attorney, rachel@bankersadvisory.com
Fannie Mae’s Loan Quality Initiative (LQI) Addresses “Red Flags”
Fannie Mae has launched Loan Quality Initiative (LQI) to improve loan delivery data at the pre-funding stage and ensure data integrity from the borrower. The primary purpose of the LQI is to mitigate repurchase risk and improve compliance with underwriting and eligibility guidelines by obtaining accurate personal identifying information and other loan data from the borrower as early in the loan process as possible. The LQI also requires lenders to validate the loan data before, during, and immediately after loan delivery to ensure that the data is complete and representative of the actual loan information.
For loan applications dated on or after June 1, 2010, Fannie Mae will require lenders to verify a borrower’s identity before extending any credit. All borrowers must have a valid Social Security Number or Individual Taxpayer Identification Number (TIN) if the borrower is a legal United States resident and ineligible for a Social Security Number. This is in addition to residency and documentation requirements already in place including the U.S. Patriot Act and the Department of the Treasury’s Office of Foreign Assets Control (OFAC) regulations. This verification of Social Security or Individual Taxpayer Identification Numbers is required prior to loan delivery unless a variance to the Selling Guide is obtained such as legal entity borrowers of group homes.
The Desktop Underwriter® (DU) Social Security Number “Potential Red Flag” messages will now change to verification messages requiring the lender to verify the accuracy of the borrower(s)’ Social Security or Individual Taxpayer Identification Number. SSN and TINs that produce a verification message in Desktop Underwriter® will require validation with the Social Security Administration using Form SSA-89. Additionally, the loan will be delivered with Special Feature Code 162 indicating the lender verified the number.
The LQI will change the DU Potential Red Flags borrower occupancy messages to messages requiring the lender to verify the borrower’s intended occupancy status of the subject property. What type of documentation is required will depend on the particular loan and the lender must collect the appropriate documentation in order to verify the actual occupancy status of the borrower. DU will require reasonable documentation of the borrower(s)’ occupancy status for every loan.
Federal Trade Commission Requires All Creditors to Implement Their Red Flags Program by June 1, 2010
After three delays, the Federal Trade Commission (FTC) has issued June 1st as the final date of enforcement of the Fair and Accurate Credit Transactions Act (FACTA) Red Flags identity Theft Rule. The Red Flag Rules are implemented under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) Sections 114 & 315 and the enforcement delays did not apply to other federal agencies’ enforcement over federally and nationally chartered banks, thrifts and credit unions. FTC jurisdiction applies to non-depository mortgage lenders and state-chartered banks. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit, or arranges for others to do so.
The regulation requires that every business have a written plan that serves to detect, prevent and mitigate identity theft. The plan must reflect the size, structure and business model of the institution and be updated periodically. The plan must be approved by the company’s board of directors or senior executive committee who shall direct a designated senior management employee to oversee the program. The designated person must implement the program, train staff, oversee audits, complete annual reports and monitor compliance to all persons who have access to covered accounts, which include both new and existing borrowers.
The FTC rule additionally requires creditors to respond to address discrepancies. A notice of address discrepancy is a notice that is sent to lenders from a consumer reporting agency that informs the company of a substantial difference between the address of a consumer that the company provided to request the consumer report and the address(es) in the agency’s file for the consumer. Upon receipt of such notice, it is the responsibility of the lender to a) compare the information in the consumer report provided by the consumer reporting agency and b) verify the information in the consumer report provided by the consumer reporting agency directly with the consumer.
The overall compliance program should address day-to-day operations and internal workflow on an interdepartmental level as well as external branches & operations centers. The program must address third party originators, loan correspondents, closing agents and other service providers.
Bankers Advisory Staff Attorney Hotline
Bankers Advisory provides a full range of mortgage compliance and consulting services. Our Compliance Monitoring program enables our audit services clients to email any of our staff attorneys with questions. We do not charge hourly rates or subscription fees. Clients pay on a per-file basis for quality control, state and federal compliance audits. Feel free to email any of our staff attorneys with questions pertaining to their area of specialty:
Truth-in-Lending
Marissa Aquila
marissa@bankersadvisory.com
RESPA and State Rules
Kristin Seltman
kristin@bankersadvisory.com
RED Flags & IT Security
Rachel Horman
rachel@bankersadvisory.com
Anna DeSimone founded Bankers Advisory in 1986 and is a nationally recognized authority in residential mortgage lending. She has received numerous industry awards and has authored more than 40 best practices guides and hundreds of articles.
Comments are closed.