The annual American Association of Residential Mortgage Regulators Regulatory Conference was held in San Antonio with record attendance. The event was highlighted by the Ombudsman meeting, Cyber Security discussions, need for coordination and more from State and Industry points of view. The event again provided unique opportunities to meet industry experts and regulators and network in a relaxed atmosphere.
While the Ombudsman meeting is not officially part of the AARMR conference, it is set to coincide with AARMR. The next meeting will be in February at the NMLS Conference in New Orleans. Scott Corscadden overviewed efforts since the last meeting and provided status updates on work items. Updates included overview of state timelines for sponsorship changes and detail on the practice of backdating license updates. The NMLS policy committee is currently reviewing this practice and system issues that may necessitate it.
Keisha Whitehall Wolfe of Mayer Brown raised the concern of regulators layering additional requirements without providing prior notice. The specific issue centered on a few states now requiring full disclosure of all owners despite NMLS policy and state requirements for disclosure of persons owning 10% or more. The reasons were discussed, but the change was not previously shared and caught companies unaware. The impact was a delayed approval and several transactions were impacted. The states have the right to request additional information, but agreed that sharing the additional requirements could have helped.
Rich Cortes of Connecticut previewed changes coming to the MCR in 2018. The improvements focus on filing requirements for Business Activity, clarifications on Correspondent Lending, changes to Service Reporting Requirements and Financial Condition. The proposal has been worked on by regulators and brought before the Industry Development Working Group in San Antonio. The plan for a published version of detailed changes in September and a 60-day comment period to run towards the end of the year. The changes once approved would be effective for first quarter of 2019.
AARMR also announced the creation of a working group on challenges to licensing international companies and non-citizens. Haydn Richards of Bradly Arandt was named as the industry chair and is looking for interested parties to contribute. There were also requests to form another working group to address the growing need for coordinated regulation round Cyber Security. The New York Department of Financial Services’ Cybersecurity Regulations spurred concerns around unique state requirements.
Deborah Robertson of Land Home Financial Services highlighted these concerns during the Industry Advisory Council presentation. The New York requirements, existing data breach laws in 47 states and additional proposals highlight the need for coordination to avoid inflexible mandates. Regulatory fragmentation can divert focus and company resources, and ultimately threaten to make everyone more vulnerable to cyber-attacks. There is no one size fits all or simple answer, but a there is need for a national strategy toward a standard cybersecurity policy
The debate on standardization and improved coordination carried through other discussions and presentations. While the industry called for more alignment, but awareness that sovereign state law and regulatory needs predicated most. In the end, increased coordination is needed but complete uniformity may never be possible, or necessary.