Compliance Q&A: OFAC, FCRA, and the SAFE Act
When must mortgage loan originators be fingerprinted?
Q Does the SAFE Act require mortgage loan originators (MLOs) to be fingerprinted every three years?
A The regulation requires MLOs to submit fingerprints to the Nationwide Mortgage Licensing System & Registry (NMLS) for a criminal background check. But MLOs don’t have to be fingerprinted every three years.
Fingerprints are only required at initial registration, and when MLOs change their place of employment and current fingerprints on file are more than three years old.
Refer to NCUA’s regulations (Sec. 761.103(a)(4)(i)(B): Employees previously registered or licensed through the registry).
The re-registration requirements apply when employees transfer from one financial institution to another and both institutions are covered under the SAFE Act regulations.
And they also apply when individuals are state-licensed under the SAFE Act prior to transferring to financial institutions covered by these rules.
Next: OFAC hit list
Q Does a credit union need to file the Office of Foreign Assets Control’s (OFAC) Annual Report of Blocked Property if it has had no “hits” on the Specially Designated Nationals (SDN) and Blocked Persons List in the past year?
A OFAC requires credit unions to block property (i.e., freeze funds) involving blocked countries, entities, and individuals that appear on the SDN List.
Credit unions must report all blockings to OFAC within 10 business days of occurrence, and file a comprehensive annual report (Form TDF 90-22.50) by Sept. 30 each year of all blocked property held as of June 30.
There’s no need to file the annual report if the credit union has had no “hits” on the SDN List and holds no blocked property.
Next: FCRA opt-out regs
Q Our credit union uses information in our database to generate credit offers, rather than using prescreened lists obtained from credit bureaus.
Do we still have to comply with the Fair Credit Reporting Act (FCRA) prescreen opt-out regulation?
A The FCRA prescreen opt-out regulation wouldn’t apply.
The prescreening regulation covers anyone who uses credit reports to make unsolicited firm offers of credit or insurance. The regulation doesn’t cover other mass mailed offers that aren’t derived from prescreened lists credit bureaus develop.
So, if the credit union obtained the names of consumers meeting the criteria for these offers from a credit bureau’s database (or from a list that the credit union supplied to the credit bureau), the regulation applies.
But in this case, the regulation doesn’t apply if the credit union uses its own internally generated information to make the offers.
For more information, visit CUNA’s e-Guide to Federal Laws and Regulations