As business processes have changed in the past week, with federal and state health officials issuing guidance and orders concerning public health, a number of mortgage loan officers have been asked to work from home or the process is being considered.
Many states have different rules on allowing loan officers to work from home when their home is not considered a branch office under regulations. But state banking and financial institution regulators have issued guidance in the past week or more on how to comply with standards and while working from home.
The Conference of State Bank Supervisors aggregated guidance information from state regulators here.
Among the areas issuing guidance is the Washington Department of Financial Institutions after the governor issued an emergency proclamation.
“Because the Washington State Department of Health has confirmed the localized person-to-person spread of the virus, licensed mortgage origination companies may wish to take precautions to further avoid the risk of exposure by having employees work at home,” the guidance states. “This includes mortgage loan originators, who are otherwise required to only work from licensed locations.”
Thus, the department issued interim guidance to temporarily allow licensed mortgage loan originators (MLO) to work from home, whether they are in the state or not, even if the home is not a licensed branch.
“If the data security provisions set forth below are met, the department will not take administrative or other punitive action against a licensed mortgage loan originator or the sponsoring licensed company if the mortgage loan originator conducts activities requiring licensure from home,” the guidance states.
The data security provisions are:
- The licensed mortgage loan originator must be able to access the company’s secure origination system (including a cloud-based system) directly from any out-of-office device the mortgage loan originator uses (laptop, phone, desktop computer, tablet, etc.) using a virtual private network or similar system that requires passwords or other forms of authentication to access.
- All security updates, patches, or other alterations to the devices security must be maintained.
- The licensed mortgage loan originator must not keep any physical business records at any location other than the licensed main office.
“While it is up to the company and the MLO to decide whether consumers go to MLO licensed branch homes, if MLOs work from an unlicensed branch home, they must not have consumers come to the home,” the guidance concluded.
The Montana Division of Banking and Financial Institutions issued guidance covering loan officers in its state.
“Due to the health risk associated with COVID-19, the division is temporarily allowing licensed mortgage loan originators to work from home, whether located in Montana or another state, even if the home is not a licensed branch,” the guidance states. “All other provisions of the Montana Mortgage Act remain in place.
“While it is up to the company and the MLO to decide whether consumers go to MLO licensed branch homes, if MLOs work from an unlicensed branch home, they must not have consumers come to the home.”
The Kansas Office of the State Bank Commissioner (OSBC) issued guidance which included security provisions such as the ones issued by Washington.
“K.S.A. 9-2203(a) requires that mortgage business in the state of Kansas shall only be conducted from a licensed main office or branch office. However, the OSBC recognizes that mortgage loan originators may be asked to work remotely from their residence or another company-designated location to help prevent the spread of COVID-19, even though such location is not currently licensed as a branch office,” the guidance states. “For compliance purposes, the OSBC will respect the decision made by the company to temporarily modify work assignments, including Kansas licensed MLOs working remotely, to reduce the risk of exposure or transmission of COVID-19 during this state of emergency. Prospective or existing consumer borrowers should not travel to an MLO’s residence to conduct business.”
The guidance included best practices for remote workers to ensure their information was secure while out of the office:
- Computers and devices that leave the office should include at-rest encryption.
- Paper records should not be taken off-site if they contain confidential information.
- Connectivity to the main office or sensitive systems should be encrypted in transit by use of a virtual private network or similar technology.
- Activity should be conducted in a private home environment, avoiding public areas such as coffee shops or libraries.
Mississippi provided another example, as the Department of Banking and Consumer Finance (DBCF) issued interim guidance regarding its intent to temporarily allow MLOs to work from home.
“If the data security provisions set forth below are met, the DBCF will not take administrative or other punitive action against a licensed mortgage loan originator or the sponsoring licensed company if the mortgage loan originator conducts activities requiring licensure from home,” the guidance states.
“The following data security requirements must be met to ensure the secure transmission and storage of consumer data during this interim period:
- The licensed mortgage loan originator must be able to access the company’s secure origination system (including a cloud-based system) directly from any out-of-office device the mortgage loan originator uses (laptop, phone, desktop computer, tablet, etc.) using a virtual private network or similar system that requires passwords or a multi-authentication process.
- All security updates, patches, or other alterations to the devices must be maintained.
- The licensed mortgage loan originator must not keep any physical business records at any location other than the secure file location listed in NMLS.”
The guidance concluded by stating if MLOs chose to work from an unlicensed branch home, they shall not have consumers come to them.