A number of inquiries from regulators has prompted some clarifications.
This policy addresses your policy for information sharing, but also refers to the Safeguarding of Customer Information, the second important provision of Reg P/GLB. The procedures and specific policies for this are addressed in your 2.90 Information Security and FACTA Red Flags Plan.
We re-organized the Privacy Section of the Compliance Module to reflect a request one client had from Fannie Mae to address the scope and disposition of consumer information. You can download the policy here and replace it in your module.
2-47 Privacy Act Policy
OFAC and PATRIOT Act Policy
An investor requested clarification/expansion on the OFAC policies. Remember that we check for OFAC Clearance in a number of ways, and the high-level compliance policy, by itself, may not answer the investor's concerns. Specfically:
In the 2-0 Compliance Module
2-47-21 Customer Identification Procedures
2.72 Employment, Screening and Compensation Practices
In the 1-0 and 1-A Quality Control Plan
1-40 Anti-Money Laundering (AML) and Suspicious Activity Reports (SAR)
To help with simplifying the response to investors by simply using the policy listed in the 2-0 Compliance Module, we updated the OFAC/PATRIOT Act Policy. You can download it here:
2-47-2 PATRIOT Act and OFAC Policies and Procedures
Business Plans and "Business Plans"
You may recognize that many states require a "business plan" as part of the licensing approval process. It is important to know that there are two different meanings for this, and we were reminded of this by Virginia's Licensing Process.
Here is a sample response to the request:
Michigan Requesting Policy Clarification with Respect to In-Home Loan Applications
Michigan has a requirement that customers receive notification of the products you offer, the process for getting a loan, and that the customer can always apply. This brochure is assumed to be made available to customers when they come to your office. When a loan officer visits a customer in his home, there is no assumption of compliance; you must provide affirmative proof the customer receives that.