Babe Ruth is considered by many to be the greatest baseball player of all time. Why? Well for starters, he set MLB records for home runs, runs batted in, bases on balls, slugging percentage, and on-base plus slugging, the last two of which still stand today. You’d be hard-pressed to find someone in the country who hasn’t at least heard of him. Now compare Babe Ruth to another MLB record-setter: Herman Long. Ever heard of him? Unless you’re a diehard baseball fan, you probably haven’t. Why? Because the record he set was for the most career errors, with nearly 1,100 in his 15 seasons in the league. Needless to say, you’d probably like to avoid becoming the Herman Long of SAFE Act violations. Over the years we’ve looked over a lot of SAFE Act programs at many financial institutions, and we’ve come up with this list of the five most common violations to help you make sure you can stay error free.

1. Not making unique loan identifiers available to consumers through multiple means.

Each individual who registers with the National Mortgage Licensing System Registry receives a unique identifying number. This identifier will remain the individual’s for life and allows MLOs to be tracked as they change employers or locations.
In order for this number to be useful for consumers, MLOs must provide it upon request. As a best practice, MLOs should make their identifier available to consumers through several different means, such as loan program descriptions, advertisements, business cards, stationery, etc. The regulation also requires institutions to make MLO identifiers available to customers or members in a reasonable way. For example, your institution could maintain a list of registered MLOs and their identifiers on your website or post the information prominently in your branches. Your SAFE Act Policy should address the details of how you will provide the MLO unique identifiers.

2. Failing to consistently update the Registry.

For the Registry to serve its purpose, it must be accurate. The information to be kept updated—which is the same information that must be submitted to the Registry in order for an MLO to obtain their “unique identifier” in the first place—includes things like identifying information, financial service employment history, disclosure of regulatory actions taken against the employee, etc.
Should changes occur to any of this information, the registry should be updated within 30 days of the change. To ensure that this happens at your institution, your SAFE Act Policy should specifically state by name the person you wish to be responsible for updating the registry.

3. Neglecting to track and perform due diligence for third-party mortgage loan originators.

Although many institutions use a third-party mortgage loan originator (because doing so is often beneficial for smaller institutions), they often neglect due diligence or fail to note the fact that they use a third party for this purpose in their policy. If you use a third-party MLO, make sure your institution’s policy includes this fact as well as the due diligence procedures you have in place.

4. Not mentioning the de minimis exception in your policy.

The de minimis (a Latin expression meaning “too minor to merit consideration”) exception excludes the need to register employees of covered financial institutions who have acted as an MLO in fewer than six residential mortgage loans in a 12-month period. However, regardless of whether or not the exception is applicable to your institution, you should clearly state in your SAFE Act Policy whether or not you wish to apply it. This is crucial because the SAFE Act prohibits financial institutions from evading the registration requirement, and not mentioning it in your policy may give the appearance of potential evasion or not being aware of the regulation.

5. Employing an MLO as the system administrator.

The SAFE Act states that your system administrator must not be an MLO. However, this is the most common mistake we see in the many SAFE Act policies we’ve reviewed. An institution may be exempt from this regulatory requirement if it has 10 or fewer full-time employees and is not a subsidiary. Although it seems obvious, it’s surprising how often this requirement slips through the cracks. Unless your institution has 10 or fewer full-time employees and is not a subsidiary, make sure it identifies in its SAFE Act policy a system administrator who is not an MLO.
These processes are easily overlooked, which means it’s a good idea to look carefully and make sure nothing is slipping through the cracks. Double checking your SAFE Act policy will help ensure you don’t go down in history as the industry’s SAFE Act violation record holder.