Mortgage Software Solutions Blog

What Your Mortage Company Needs to Know about HOEPA

Home Ownership Equity Protection Act-1.jpg

Congress passed the Home Ownership and Equity Protection Act (HOEPA) in 1994 as an amendment to the Truth in Lending Act. The legislative intent was to tackle the abuses in the mortgage refinancing industry and with respect to home equity loans that charge high interest rates or high fees. Below is some basic information about loans and required disclosures you should be familiar with as a mortgage company.

Section 32 Loans

People often refer to these loans as Section 32 loans in reference to Section 32 of Regulation Z of the Truth in Lending Act (TILA) which put the law into action. The Consumer Financial Protection Bureau issued a final Regulation Z in 2013 which was effective for loans on and after January 1, 2014.

Types of Loans Covered by Section 32

Section 32 covers a loan if the Annual Percentage Rate (APR) exceeds the average prime offer (APOR) rate for a comparable maturity loan by:

  • 6.5% for first liens
  • 8.5% for first liens less than $50,000 secured by a manufactured home, or other personal property
  • 8.5% for junior liens

Section 32 also covers loans where the total fees and points are greater than:

  • 5% of the loan amount for loans of $20,000 or more, or
  • The lesser of 8% of the total loan amount or $1,000, for loans less than $20,000 (threshold figures adjusted annually).

The law also considers a loan a "high-cost mortgage" if that loan charges prepayment penalties 36 months or more after the loan begins or the account opens, or if the prepayment penalty exceeds more than 2% of the amount being prepaid. A prepayment penalty does not include "conditionally waived" upfront good faith third-party closing costs.

Section 32 loans apply to those for refinancing, purchase-money loans, home equity loans and home equity lines of credit with high rates or high fees. The rule does not apply to loans to build a home, reverse mortgages, loans issued by HFAs, or loans under USDA's Section 502 Direct Loan program.

What Happens if a Loan Comes under Section 32?

The lender who makes a Section 32 loan must make certain disclosures to the borrower no less than three business days before the loan process completes or the account opens.

The following required disclosures are in addition to the general TILA disclosures:

  • Written notice that the borrower does not have to complete the loan even if he's already signed the application and received the disclosures (borrowers have 3 business days after receiving the Section 32 disclosures to decide if they want to sign the loan agreement)
  • Written warning that the lender will take a mortgage lien on the home, that a borrower who fails to make the required payments can lose the home and all money put into it
  • Written disclosure of the APR, the payment amount. If the borrower has a variable rate, the written notice must state that both the rate and the monthly payment amount may increase as well as the maximum monthly amount

The final regulation provides, if the information in the disclosures becomes outdated or inaccurate, the lender must provide new disclosures and start a new three-day period. Consumers may waive the three-day period for a personal emergency.

The lender may provide the new disclosures by telephone -- if the consumer initiated the change -- and if (before the parties complete the loan agreement or the account opens):

  • The lender provides the new disclosures
  • The lender and consumer sign a written agreement with respect to telephonic disclosures

Abuses Are Banned from High-Rate Loans

The law prohibits the following features in relation to high-rate Section 32 loans:

  • Balloon payments generally; (Balloon payments generally mean a loan where the borrower's regular payments do not pay off the principal and the borrower must pay a lump sum amount of principal at the term end)
  • Prepayment penalties
  • Financing points and fees
  • Late fees if they are greater than four percent of the past due amount or late fees imposed before the loan is 15 days past due
  • Lenders must provide the borrower with a payoff statement within 5 days of the borrower's request (with fees restricted)
  • Fees to modify or defer the loan
  • Lenders may not recommend or encourage default

For home equity lines of credit, the lender must assess the borrower’s ability to repay. For closed-end home equity loans, the borrower must satisfy the requirements of the 2013 Ability-to-Repay Final Rule. Congress passed the ability to pay provisions under the Dodd-Frank Wall Street Reform and Consumer Protection Act. The final Regulation Z put these rules into effect.

Other Abusive Practices Prohibited by Section 32

Section 32 forbids lenders to engage in lending practices based on the property's collateral value without taking into account whether the borrower can repay the loan.

Home improvement loan dollars must disperse directly to the borrower (or jointly to the lender and the contractor) or to an escrow agent.


A borrower who sues the lender for violation of Section 32 may recover statutory and actual damages, court costs and attorney's fees. The borrower may also rescind the contract for up to three years.

To delve further into the details on the final rules with regard to determining interest APRs and index, determining high-cost points and fees, as well as determining interest rate thresholds under the average prime offer rate (APOR) read Recent Changes to HOEPA. 

Topics: Compliance for Mortgage Companies

Leverage Your Cloud Software for a More Efficient Workflow



Making the most of your mortgage software for an efficient workflow is an admirable goal. However, it’s not enough to have this goal; you have to know how to make it come to fruition. Read on to discover different ways to do this. But first, it’s important to understand the role of your software.

Mortgage Software

Your software should improve the borrower's experience when applying for a mortgage. It should also improve the efficacy of the your company’s internal operations.

Softwareor any tool you use—is not an added benefit to the mortgage process, however, if it adds unnecessary steps to the employee's workload and slows down the workflow.

We need it to meet the needs of lenders, including the demands imposed by the Consumer Financial Protection Board's regulatory schemes. When it is successful, mortgage software plays to the your company’s strengths. It fills in gaps where there would typically be deficiencies. And, perhaps most difficult of all, it predicts regulatory requirements.

Understanding Your Organizational Workflow

Learning how mortgage software can improve your workflow and how to select the right product requires an intense evaluation of the two processes that make up the workflow.

  • internal operations
  • borrower experience

Internal Operations

Each mortgage application has the same basic stages (although additional requirements may attach for specific loans). Organizations need to understand, by evaluating and analyzing the processes, how they operate in each of the stages described below:

  • pre-qualification
  • application
  • verification
  • processing
  • underwriting
  • closing

Managers probably have their own ideas of how their companies may improve the various stages. After all, it is not always a one-size-fits-all solution. It is important to evaluate these stages not only in terms of legacy processes but also in terms of how they might improve through the use of cloud technology.

The analysis of a workflow provides an opportunity to review compliance efforts and see where automation or cloud technology can help improve compliance. An added benfefit is that it may even save time and money.

A prime example is the three-day disclosure rule. A tool that automatically sends disclosure information within the three-day disclosure window may eliminate human errors (inconsistencies) and speed up the process at the same time. Cloud software applications may save time by verifying data provided by borrowers against aggregate databases.

Your analysis will show where you have bottlenecks, inefficiencies, and duplication of effort. When you look at the workflow priorities together with the organization's strategic goals, the type of software that works best for the organization will become apparent.

The Borrower's Experience

The digital mortgage is coming to the industry. For a business that has relied on face-to-face communication with borrowers and a significant paper trail, it may seem a difficult transition. There are, however, many ways that technology can improve the borrower experience. In fact, borrowers may move easier in that direction than lenders.

On-demand services in other consumer areas has led borrowers to expect faster service from elsewhere in their lives, including what is typically considered the largest purchase of a person’s life - home buying. The process will never match push-button, instant satisfaction like other consumer service areas, because of the compliance aspect. Technology, however, can help in two ways.

  • Transparency through on-line dashboards, mobile applications, and other self-serve features
  • Access to loan data through digitally managed and delivered documents, and a holistic view of their data helps borrowers feel they have a better handle on their loans


This powerful cloud-based portal from Access Business Technologies provides your teams the freedom from the paper chase that they want, but with the control they need over internal workflow and compliance processes. With Mortgage WorkSpace offers your company the abilities to manage documentation, software applications, devices and security all from within the portal. Additionally, it includes Office 365 Mortgage, giving you the advantages of Office 365 but built specifically for the mortgage industry.

To learn more about how cloud-based solutions can make your mortgage company more efficient, please contact us.


Topics: MortgageWorkSpace

3 Tips to Help Defend Your Mortgage Company from Cyber Threats


The digital threat landscape for mortgage companies is enough to unnerve the most stalwart IT professional. Reviewing threat alerts is part and parcel of asking yourself the question, can you defend your mortgage company from ALL of today's threats? Well, we're here to help. Here are three tips that might just aid you on your way.

  1. Be Proactive When it Comes To Your Company’s Data

Today's mortgage companies do more and more business online. To monitor your company’s IT security means monitoring multiple platforms of threat alerts. On an ongoing basis, mortgage companies need to be diligent with understanding the following as they relate to your everyday operations:

  • Viruses
  • Malware and Ransomware
  • Websites and IPs to whitelist/blacklist
  • Updates for apps
  • Security alerts for O/S
  • Scams (which often result in all of the above)
  1. Know What Cyber Threats are Out There

A sophisticated malware campaign that threatened company IT networks with multiple intrusions has been doing so since April of 2016 . These cyber criminals have stolen administrative credentials, certificates, and then made multiple implants of several types of malware that attack critical IT systems. The campaign targeted multiple victims across multiple sectors. Depending on what security defenses are in place on a targeted organization's networks, the cyber criminals may gain full access to the organization's network, including the data stored there.

Additionally, because the malware uses stolen administrative credentials, a target's monitoring toolsput in place to protect its networksmay view the intrusions as coming with authorized access. This will unfortunately circumvent security protocols, as the incoming threat will not be recognized as such. What’s the moral of this story? If you’re going to have tools, make sure they’re smarter than the threats that can trick them.

Sectors targeted include Information Technology, Energy, Healthcare, Public Health, Communications and Critical Manufacturing. While these are some of the more commonly affected industries, no industry is truly safe.

The United States Computer Emergency Readiness Team issued Yellow Threat Level Alert (TA17-117A) with respect to this particular campaign.

  1. Understand and Use the Right Tools for Your Business

The following tools are available to help fight malware intrusions.

  • MXToolBox. This internet tool allows you to identify the domain name if you know the IP address (known as reverse lookup). Reverse lookup means you can find websites from the known IP addresses of intruders. You can also do a forward lookup to find the IP address from a particular domain name.
  • ForcePoint/WebSense: This company specializes in computer security software that helps protect data and networks from attacks inside and outside the organization, in the Cloud, and on mobile devices.
  • Webroot: Manages endpoints (computer, mobile devices, printers, POS terminals, etc.) anywhere, anytime, online. Delivers threat data in real-time. Continuously collects data, analyzes it, and makes correlations.
  • Software Restriction Policies: Software Restriction Policies are trust policies developed by the network administrator that keep scripts and codesthat the administrator finds not entirely trustworthyfrom running. Software Restriction Policies integrate with Microsoft's Active Directory and Group Policy. Administrators may use Software Restriction Policies to create highly restricted configurations on computers that only allow certain applications to run.
  • Intune: Microsoft created Intune to manage mobile devices, mobile applications, and to manage PCs from the Cloud. Intune keeps corporate data secure while allowing an organization's employees to access the data anytime, anywhere, and from almost any device.
  • Sonic Wall: Sonic Wall is a powerful firewall security tool. It protects networks against viruses, spam, spyware, intrusions, and various other threats. It scans and inspects all the traffic in the network using deep packet technology (that is, looking at the data part of a packet when it passes an inspection point). Designed to protect many kinds of businesses from retailers to organizations with branch offices, from medium-sized organizations to large enterprises.
  • Sonic Winds: Sonic Winds has a line of products that help manage networks more efficiently, including security and compliance products, such as its log and event manager, to quickly identify security incidents. Sonic Winds also creates reports that make regulatory compliance a breeze.

Remember the recent WannaCry ransomware attack? Experts can all mostly agree that being proactive with your threat management is the best way to avoid threats. Also, having tools in place create a far more ideal outcome for your company than waiting for an attack to happen and then doing something about it.  

To find out how ABT can help your mortgage company put up the good fight against the seemingly endless security threats, contact us. ABT has many recommended practices in place, such as website filters, app whitelisting, password policies, account control (limited admin access for users), workstation management (DeviceGuardian™ for major clients) server patching, change control, and network firewalls. Having ABT's Mortgage Technology Experts on your side helps you leverage all of their tools. ABT has over 50 years of IT management in the mortgage sector and we will help secure your mortgage company beyond the banking standard.


Topics: ABT

Why Archives are Important for your Mortgage Business

WhyArchivingIsImportant .jpg

What image comes to mind when someone mentions archives? Dusty file cabinets in a basement or buried and mislabeled folders on your desktop are two common ideas of what archiving is. There is much more involved with archiving than meets the eye. First of all, an archive is more than a backup. It has to meet three requirements to do its job:

  • Availability. It has to be in a form that makes it easy to recover needed information. A disorganized pile of records isn't an archive, whether it's physical or digital. The design has to meet the business's future needs. This means anticipating the kinds of requests people will need to make. The home mortgage Records Retention Program requires retaining some kinds of information for years and reporting it.
  • Security. Mortgage files contain sensitive personal information. Letting it into the wrong hands can lead to serious liability. The FTC's Safeguard Rule requires financial institutions to protect consumer information, and it defines “financial institution” broadly. Malicious alteration or deletion can make an archive useless. Only authorized people should have access, and they should have only the access they need to do their jobs.
  • Permanence. It's often necessary to keep records for years. They have to last longer than any particular storage device. They will need to be readable in the future, regardless of any changes in software. Avoiding “data rot” requires good design from the start. An archive needs ongoing maintenance to make sure nothing quietly becomes unusable.

How does this apply to your mortgage business? Keeping mortgage-related data safe and readily accessible is essential for smooth operations. A complicated array of legal requirements mandates data retention. Fannie Mae requires permanent mortgage records, along with long-term retention of other documents. You may also have an obligation to maintain records relating to credit decisions.

It generally isn't necessary to keep hard copy records, as long as all required information is available in a digital form. Keeping information in electronic form saves space and — when properly maintained and backed up — is safer from physical damage.

Keeping Data Available and Secure

Keeping data available is tricky, because it can’t just be open to everyone. The same applies to security, in that while being safe is good, it still needs to be accessible, or otherwise it’s useless. The requirements pull in two directions. It's necessary to retain information and report it when required by law, but it's equally important to keep confidential data out of the wrong hands. Doing everything right isn't easy. Consider hiring professionals to manage your data for you.

With the cloud-based platform EmailGuardian from Access Business Technologies you can archive internal and external emails in a highly secure archive and keep data safe for all current and future employees. When shopping around for companies to handle your data, the following shoud be considerations. 

  • Attachments are secure 100% of the time with encryption, password protection, and custom expiration dates
  • Large files are archived according to retentiion policies
  • File audit tracking is easy, from a central administration console
  • Data Leak Prevention ensures compliance with corporate policies
  • A complrehensive set of eDiscovery and compliance features can be applied to all data

Data centers around the world keep information like this safe against any single point of failure. Users can view archived mail directly from Microsoft Outlook, and they can set retention rules to control what's archived and what's deleted.

ABT data centers offer Azure-based cloud backup and archiving. This approach reduces the amount of time you have to spend maintaining your archive and protects it against on-premises disasters. Scaling the archive as your business grows is easy. Retrieving stored data is straightforward.

Data Safety

A reliable archive provides multiple benefits. It allows your mortgage business to always be prepared for the unexpected. If your office sustains damage from a natural or man-made disaster, or if the employee who “knows everything” leaves, archived information is your way to continue operations as if none of the above happened.You and your clients can't afford to wait for you to recover data from a myriad of possible locations when it comes down to it. Keeping your data safe from physical breaches shouldn't be your only concerns. Bottom line - properly archiving your information allows it to be available when you need it, and where you need it, regardless of outside factors. 

Data drives business nowadays. When everything necessary is securely archived, it isn't necessary to rely on memory and guessing or to waste time searching different collections of records.

Aside from unpredictable disasters that can set you back, your business needs to be confident with all of its legal compliances. When you need to provide data for an audit or any other time, your data needs to be there. Archiving in the mortgage industry is more important than it is in many others due to the legalities, duration, and complexity of the information that is shared. Using the right products to manage your company's data could make the difference in whether you stay in business for years to come. 
Topics: Access Business Technologies

Why You Shouldn't Ignore Security Updates for Your Devices

Security Updates are Important for DevicesDid you know that 98% of cyber attacks can be stopped simply by keeping your devices up-to-date?  Our lives seem to be moving faster as we advance our technologies. Sometimes, we don’t like to even stop for the most minor of tasks. For instance - that notification about the need to update your mobile device that you find a little annoying. And then you do what most people do - ignore it. You know it’s inevitable and has to be done, but you just keep swiping to delay it because now just isn’t a good time. Don’t let that one-day delay turn into an eternity or you might be in for an unpleasant surprise.

Furthermore, these updates aren’t exclusive to your smartphones. Your tablets, laptops, desktops, browsers, and even certain types of software need to be updated at regular intervals. Let's explore why you should keep everything up to date, on your iPhones and beyond.

With all Apple products, there are security vulnerability updates across the spectrum of its products. Even if your devices are running fine now, don’t ignore these. Additionally, remember to update you iTunes on your Windows desktop and laptop computers.

Did you know that there is a feature on most of today's computers that will automatically keep your their software up to date? If you run a Windows-based machine, it's as easy as going to Start>Control Panel>Automatic Updating. If you operate a Mac computer, you can go to the "Apple Menu" and select "Software Update." Under the "Schedule" tab, make sure to click "Check for Updates" and "Download Updates Automatically."  Or better yet there are tools that make it easy to keep ALL your employee devices up-to-date easily.

Why is keeping up to date such a big deal? Software manufacturers are endlessly fixing bugs, updating drivers for new devices, and making improvements on the software that you use every day. Updating your system will improve the reliability, security, and speed of your computer or handheld device.

As we mentioned above, the most important reason to keep your devices updated is security. There are vulnerabilities in almost all software systems; it’s not a matter of if, but when, someone will figure these out. Did you know that companies, such as Google and Apple, actually have employees whose jobs are to hack into their own operating system? Their objective each day is to discover and address their own system weaknesses before cyber criminals do.

Sometimes an update will indicate what it will fix or improve a function. Usability and add-ons are often included, but they aren’t the most important reason to update your devices. So just because they don’t always come with cool or exciting “improvements and bug fixes” you still need to set to make it a regular habit to update sooner than later. The idea is to make your operating systems or software difficult or impossible to be hacked into, which in turn might make your personal information vulnerable to cyber thieves.

And while we are on the subject of staying up to date with technology, make sure that your antivirus is consistently up-to-date.

Mac users, you may not need to worry about antivirus software as much as Microsoft users. This is because only 10 percent of all computers are Macs, making Macs an unlikely target for viruses, as there aren't as many out there.

Microsoft users, you need to be strong in your antivirus game. Like your computers, most antivirus software has an option for automatic updates.

If you’ve never experienced a catastrophic device failure or data breach, consider yourself lucky. However, know that the statistics for cyber criminals are only growing:

The best way to protect your company’s data across multiple devices--work or personal--is with the DeviceGuardian™ tool from Access Business Technologies.  DeviceGuardian is specifically designed for the kinds of updates needed in the Mortgage Industry.This automated powerful product allows mortgage company employees to use their own personal devices for work while keeping company data secure and compliant with the Consumer Financial Protection Bureau. It works easily on all existing and new devices, and is just one more surefire way ABT can manage all security updates so your mortgage company is protected from pervasive and ongoing cyber threats.
Topics: Access Business Technologies