SAFE Act Policy & Procedure Contents

The Secure and Fair Enforcement for Mortgage Licensing Act of 2008(SAFE Act) was enacted on July 30, 2008, and mandates a nationwide licensing and registration system for residential mortgage loan originators (MLOs). The SAFE Act prohibits individuals from engaging in the business of a residential mortgage loan originator without first obtaining and maintaining annually

Mortgage loan originator or MLO means an individual who takes a residential mortgage loan application and offers or negotiates terms of a residential mortgage loan for compensation or gain. The term mortgage loan originator does not include:

  • An individual who performs purely administrative or clerical tasks on behalf of an individual
    who is an MLO;
  • An individual who only performs real estate brokerage activities (as defined in 12 U.S.C. Section 5102(3)(D)) and is licensed or registered as a real estate broker in accordance with applicable state law, unless the individual is compensated by a lender, a mortgage broker, or other MLO or by any agent of such lender, mortgage broker, or other MLO, and meets the MLO definition; or
  • An individual or entity solely involved in extensions of credit related to time-share plans, as that term is defined in 11 U.S.C. Section 101(53D).

The first requirement of the act is to Develop policies and procedures : All credit unions originating any residential mortgage loans also will have to adopt, and employees will have to follow, written policies and procedures designed to ensure compliance with the rule. This includes credit unions that currently have MLOs who fall under the de minimum exception.

Components of Policy & Procedures :

1- The Policy should say below for Registration Requirements :


Management is directed to implement procedures to ensure that all employees who are defined as mortgage loan originators (MLOs) are registered with the system designated by the Agencies. It is not required to register employees who have never been registered or licensed through the Nationwide Mortgage Licensing System and Registry (Registry) as a mortgage loan originator and who have acted as a mortgage loan originator for five or fewer residential mortgage loans during the last 12 months. Appendix A of the regulation includes non-exclusive examples mortgage loan originator activity examples.

Need to implement a process that includes a periodic, but not less than annual, review of all job descriptions for persons working in the mortgage loan area, to ensure that all appropriate personnel are registered. This review should be documented and available for review by examiners and auditors. Mortgage loan management is required to ensure that they do not allow non-registered employees to conduct any activities associated with mortgage loan origination as set forth in the regulation. If management finds that an employee has fail to comply with the registration requirements or any other requirement such as providing applicants with their unique identifier, they will be disciplined according to our internal human resource policy, that may include termination of the employee.

2 –The Policy should have a section on how to confirm the Adequacy and Accuracy of Employee Registrations

It can be mentioned as “Our mortgage loan originators must make the information following information available to the Registry. Our policy will be to collect the appropriate information from our MLOs and send it along with our own information as appropriate. [ it can be optional: to choose to collect and keep the information electronically.] We will use the form attached to this policy for gathering and maintaining this information.
The [XXXXX Title] is responsible for ensuring that information we send to the Registry is accurate. To the extent possible we will verify the information supplied by the employee with information from our human resources and other appropriate internal records. We will submit the information electronically or any other specific method as dictated by the Registry system.

A – Below Required Employee information need to be documented

  • Current name and any other names used.
  • Home address and contact information.
  • Address of the employee’s principal business location ; and business contact information.
  • Social security number.
  • Gender.
  • Date and place of birth.
  • Financial services-related employment history for the 10 years prior to the date of registration or renewal, including the date the employee became an employee of our [bank/thrift/credit union].
  • Convictions of any criminal offense involving dishonesty, breach of trust, or money laundering, or agreements to enter into a pretrial diversion or similar program in connection with the prosecution for such offense, against the employee or organizations controlled by the employee.
  • Civil judicial actions against the employee in connection with financial services related activities, dismissals with settlements, or judicial findings that the employee violated financial services-related statutes or regulations, except for actions dismissed without a settlement agreement.
  • Actions or orders by a state or federal regulatory agency or foreign financial regulatory authority that:
    • Found the employee to have made a false statement or omission or been dishonest, unfair or unethical; to have been involved in a violation of a financial services-related regulation or statute; or to have been a cause of a financial services-related business having its authorization to do business denied, suspended, revoked, or restricted;
    • Are entered against the employee in connection with a financial services-related activity;
    • Denied, suspended, or revoked the employee’s registration or license to engage in a financial services-related activity; disciplined the employee or otherwise by order prevented the employee from associating with a financial services-related business or restricted the employee’s activities; or
    • Barred the employee from association with an entity or its officers regulated by the agency or authority or from engaging in a financial services-related business.
    • Final orders issued by a state or federal regulatory agency or foreign financial regulatory authority based on violations of any law or regulation that prohibits fraudulent, manipulative, or deceptive conduct.
    • Revocation or suspension of the employee’s authorization to act as an attorney, accountant, or state or federal contractor.
    • Customer-initiated financial services-related arbitration or civil action against the employee that required action, including settlements, or which resulted in a judgment.

It is also required to submit the employee’s fingerprints, in digital form if practicable and any appropriate identifying information for submission to the Federal Bureau of Investigation and any governmental agency or entity authorized to receive such information in connection with a state and national criminal history background check. Fingerprints provided to the Registry that are less than three years old may be used to satisfy this requirement.

B – Employee Authorizations and Attestation

Although the organization may facilitate the transmission of this information to the Registry, the employee must:

  • Authorize the Registry and the employing institution to obtain information related to sanctions or findings in any administrative, civil or criminal action, to which the employee is a party, made by any governmental jurisdiction; Attest to the correctness of all information required submitted on behalf of the employee by our institution and Authorize the Registry to make available to the public information as required by the law.

C – Bank Information

  • Name, main office address, and business contact information;
  • Internal Revenue Service Employer Tax Identification Number (EIN);
  • Research Statistics Supervision and Discount (RSSD) number, as issued by the Board of Governors of the Federal Reserve System;
  • Identification of our primary federal regulator;
  • Name(s) and contact information of the individual(s) with authority to act our primary point of contact for the Registry;
  • Name(s) and contact information of the individual(s) with authority to enter the information required to the Registry and who may delegate this authority to other individuals; and
  • If a subsidiary of an insured state nonmember institution, that notation and the RSSD number of our parent financial institution.

D – Attestation

The contact person and/or their delegate(s) must comply with Registry protocols to verify their identity and must attest that:

  • They have the authority to enter data on our behalf;
  • The information provided to the Registry is correct;
  • Organization will keep the information required; and will file accurate supplementary information on a timely basis

3- Unique Identifier:

Once registered, employees will receive a unique identifier that they will keep as long as they perform mortgage loan originator activities and are registered and/or licensed. We will make the unique identifiers of all of our mortgage loan originators available to consumers upon request.

These identifiers will be kept with other records that show compliance with this rule by the XXXX title.

The registered loan originators must provide his or her unique identifier to a consumer:

  • Upon request;
  • Before acting as a mortgage loan originator; and
  • Through their initial written communication with a consumer, if any, whether on paper or electronically.

4- Employee Training:

The board directs management to ensure that all mortgage loan originators are fully trained about their responsibilities under the law. All new originators, even if they have been registered or licensed elsewhere will receive SAFE Act training within 90 days of their employment. Management will keep copies of the training material, the date of the training, and a list of persons attending. Training will be repeated at least annually, or more often if the rule changes or if, based on internal or external audits, violations have occurred.