FEDERAL AND STATE COMPLIANCE AND REPORTING REQUIRMENTS

FEDERAL AND STATE COMPLIANCE AND REPORTING REQUIRMENTS

Equal Credit Opportunity Act (ECOA)

Authority and scope

The authority and scope of ECOA is set forth in the regulation issued by the Board of Governors of the Federal
Reserve System pursuant to title VII (Equal Credit Opportunity Act) of the Consumer Credit Protection Act, as
amended (15 USC Section 1601 et seq.). ECOA applies to all persons who are creditors, as defined in 12 CFR
Section 202.2(l) of the applicable regulations. Certain exemptions are operative; however, they generally do not
extend to creditors/lenders of residential mortgage loans. Information collection requirements imposed upon
creditors/lenders contained in the foregoing regulation have been approved by the Office of Management and
Budget under the provisions of 44 USC Section 3501 et seq. and have been assigned OMB No. 7100-0201.

Purpose

The purpose of ECOA is to promote the availability of credit to all creditworthy applicants without regard to
race, color, religion, national origin, sex, marital status, or age (provided the applicant has the capacity to
contract); whether all or part of the applicant's income is derived from a public assistance program; or that the
applicant has in good faith exercised any right under the Consumer Credit Protection Act. ECOA prohibits
creditors/lenders practices that discriminate on the basis of any of these factors. The use of the term consumer
may not necessarily exclude certain commercial loan applications from being subject to ECOA.

This law requires creditors/lenders to notify applicants of actions taken on their applications (including credit
denials); to report credit histories in the names of both spouses on an account; to retain records of credit
applications; and to collect information about the applicant's race and other personal characteristics in
applications for dwelling-related loans (generally, residential mortgage loans occupied as the primary residence
of the consumer/borrower); and to provide applicants with copies of appraisal reports prepared and used in
connection with credit transactions.

Federal and State Licensed and Chartered Creditors/Lenders are Subject to ECOA in Mortgage
Transactions

Among the requirements imposed by ECOA when an action is taken by such creditors/lenders after an
application has been received from a consumer/borrower is to provide a prescribed notice informing the
applicant of the reasons for the denial or altering of the credit terms requested. The notice is to be issued within
30 days of the decision. The reasons may include the credit worthiness and financial standing of the
consumer/borrower, the value of the security property, the incompleteness or lack of necessary information
required to complete the loan application, or that the file remains open and no credit decision has been made,
among others. The specific notice requirements are included in Regulation B of ECOA.

Regulation B also addresses the issue of spousal and multiple signatures on the loan documentation. For
example, requiring a signature simply because the individual is married to the applicant, amounts to substantive
discrimination when the transaction is subject to ECOA. The Official Staff Commentary contains the advice
that submission of a joint financial statement is meant to presume that the application is for joint credit. The
FRB strongly recommends that a creditor/lender clearly document the use of additional signatures. It is also
recommended that mortgage loan originators (MLOs) whether employed by the creditor/lender or performing
as an independent agent and fiduciary of the consumer/borrower, keep log sheets of the substance of
conversations with the applicant(s) about the loan application. Creditors/lenders are advised not to presume the
consumer/borrower will transfer title to the security property as a means to escape the reach of collectors.

Another clarification has been included within the revised ECOA regulations requiring creditors/lenders when
considering separately the income of each applicant or combining the income of both applicants to apply the
same methods for all applications, regardless of the relationship of the applicants to each other. Record
retention is required for a period of 25 months from the date of initial solicitation for extensions of credit.
Records to be kept include the solicitation criteria and any lists maintained in connection therewith. Further,
records of any complaints received from consumers/borrower must also be maintained by creditors/lenders.

Subsequent to the establishment of a secondary market for alternative mortgages or non-traditional loan
products, consumer advocates have raised questions about when an applicant is in fact an applicant and have
asked the FRB to take action to protect consumers prior to the submission of a loan application. The question is
whether ECOA and the regulations thereof protect consumers who have not yet applied for credit. In response,
the FRB has added requirements for record keeping to allow examiners to evaluate the design and demographic
impact of solicitations, including the information used to select targets for such solicitations, of any consumer
complaints received, and of any evidence of unequal treatment.

The definition of creditor has been clarified to include, when multiple parties are involved in a single credit
application, anyone involved in making the credit decision or in setting the terms of the credit. Such persons are
creditors for the purposes of ECOA. This means that an MLB/MLO who negotiated the terms with a
consumer/borrower is an ECOA creditor by virtue of having set terms of credit.

Third Parties Subject to the Requirements for Creditors under ECOA

Under Regulation B, the term “creditor” includes any person “who in the ordinary course of business” regularly
delivers loan applications to creditors/lenders, or selects or offers to select creditors/lenders to whom requests
for credit may be made.” This definition does not apply to the term “creditor” pursuant to TILA which
specifically excludes third parties who are arrangers of extensions of credit. Official Staff Commentary 2(1)-2
provides guidance to mortgage brokers (MLBs/MLOs), i.e., “For certain purposes, the term ‘creditor’ includes
persons such as real estate brokers who do not participate in credit decisions but who regularly refer applicants
to creditors or select or offer to select creditors to whom credit requests can be made. These persons must
comply with Section 202.4, the general rule prohibiting discrimination, and with Section 202.5(a) on
discouraging applications.” MLBs/MLOs are subject to the general prohibitions against discrimination in

mortgage loan transactions and are not to engage in any unlawful conduct that would discourage any persons
applying for a mortgage loan (Business and Professions Code Section 10177(l)(1) and (2), among others).

Adverse Action Issues. The Official Staff Commentary to Regulation B also provides guidance regarding the
giving of notices of adverse action when the loan application of a consumer/borrower is delivered by third
parties such as MLBs/MLOs to creditors/lenders. When loan applications are submitted by MLBs/MLOs on
behalf of consumers/borrowers to more than one creditor/lender and the loan transaction proceeds with one of
the creditors/lenders, the remaining creditors/lenders who received the loan applications are under no duty to
provide a notice of adverse action to the consumer/borrower.

A notice of adverse action under ECOA (if applicable) would be issued by the creditor/lender whose proposed
loan transaction was initially accepted by the consumer/borrower. Should the consumer/borrower elect not to
proceed with any of the creditors/lenders receiving concurrent loan applications, each creditor/lender who took
an adverse action are well advised although may not be required to either provide the consumer/borrower
directly or through the MLB/MLO (who accepted and delivered the loan application) with the required notice
of adverse action.

A notice of adverse action given by an MLB/MLO must disclose the identity of each creditor/lender on whose
behalf the notice is being given. The FRB requires notices of adverse action given by third parties to distinguish
the reasons for the decline of credit or altering of the credit terms by each creditor/lender to which the specific
reasons apply. The Official Staff Commentary provides guidance on how notices of adverse action are to be
given by MLBs/MLOs as third parties.

Guidance to creditors/lenders is provided regarding the content of such notices when the loan application is
delivered by a third party. Applications submitted through a third party are subject to the following:

1. Third-party notice – delivery by creditor. The notification of adverse action may be given by
one of the creditors to whom an application was submitted through the third-party.…

2. Third-party notice – enforcement agency. If a single adverse action notice is being provided
to an applicant on behalf of several creditors and they are under the jurisdiction of different federal
enforcement agencies, the notice need not name each agency; disclosure of any one of them will
suffice.

3. Third-party notice – liability. When a notice is to be provided through a third party, a creditor
is not liable for an act or omission of the third party that constitutes a violation of the regulation if the
creditor accurately and in a timely manner provided the third party with the information necessary for
the notification and maintains reasonable procedures adopted to prevent such violations.”

The foregoing guidance is published in Comment 9(g) to Section 202.9 of Regulation B. When delegation to an
MLB/MLO as a third party occurs for the purpose of giving the notice of adverse action on behalf of the
creditor/lender, the broker must be specifically authorized by the creditor/lender. In such circumstances, the
creditor/lender (particularly when applying California law) may well be liable for compliance violations
resulting from any deficiencies in the adverse notice or for any other violations of Regulation B engaged in by
the authorized MLB/MLO. The issue presented is whether the MLB/MLO when authorized becomes the agent
of the creditor/lender for the purpose of issuing the notice of adverse action.

ECOA and State Law Requirements for Real Estate Brokers (MLBs/MLOs)

Real estate brokers (MLBs/MLOs) may have primary responsibility for providing the notice of adverse action.
The MLB/MLO may be authorized to engage in certain legitimate prescreening functions, relying on
qualification standards supplied or required by the creditor/lender. Should the MLB/MLO make the
determination the loan application is not to be delivered to the creditor/lender as the consumer/borrower does
not meet the qualification standards imposed; the broker has taken an adverse action on the application and
would be responsible for providing the notice of adverse action.

Pursuant to California law, MLBs/MLOs must provide a notice to the consumer/borrower of any adverse action
and whether the adverse action is based in whole or part on any information contained in the consumer credit
report received and used by such licensees (regardless of the role of these brokers in the loan transaction). The
notice of adverse action required under California law is based upon the use of a consumer credit report and not

on the predicate of receiving a loan application. However, it is generally accepted that compliance with the
notice requirements under Regulation B of ECOA will comply with California law provided MLBs/MLOs issue
the notice of adverse action based upon the use of a consumer credit report rather than on the receipt of the loan
application (Civil Code Section 1785.20).

Home Mortgage Disclosure Act (HMDA)

Background and Application

The Home Mortgage Disclosure Act (HMDA) was adopted by Congress in 1975 (12 USC Section 2801 et
seq.). HMDA was authorized and implemented by the FRB and became effective in 1976. It is commonly
known as Regulation C, which was significantly amended in 2004. HMDA and the implementing Regulation C
applies to federally insured banks, savings and loans, savings banks, credit unions as well as “for profit”
mortgage lending institutions (licensed lenders and non-banks other than depository institutions). These
mortgage lending institutions are subject to reporting under HMDA when home purchase loans originated equal
or exceed 10% of the lending institution’s loan origination volume, or if the purchase money loans originated
equaled at least $25 million, or if the lending institution had either $10 million in assets or originated at least
100 home purchase loans, including refinances of home purchase loans.

Collection and Disclosure of Information

HMDA requires that creditors/lenders (as defined above) collect and publically disclose information about
housing related loans, including characteristics about the applicants and consumers/borrowers. The original
purpose of HMDA was to provide the citizens/residents and public officials of the United States with sufficient
information to determine whether such creditors/lenders are serving the housing credit needs of the
communities and neighborhoods in which they are located, to assist public officials and private investors in
distributing funds in areas that may need investment, and to assist in identifying possible discriminatory lending
patterns and enforcing fair lending laws. These obligations are also included in the Community Reinvestment
Act (CRA).

Covered Loans

Covered loans include home purchase loans, home improvement loans and refinances secured by a dwelling.
“Dwelling means any residential structure, whether or not attached to real property. It includes vacation or
second homes and rental properties; multifamily as well as 1 to 4 family structures; individual condominium
and cooperative units; and manufactured and mobile homes. It excludes recreational vehicles such as boats and
campers, and transitory residences such as hotels, hospitals, and college dormitories” (FFIEC publication, “A
Guide to HMDA Reporting, Getting It Right!”).

Reporting Requirements

HMDA reporting is limited to property on which a dwelling is located and does not apply to loans on
unimproved land, construction only loans and other temporary financing, purchased loans or interests in
mortgage backed securities, servicing rights, loans acquired as part of a merger or acquisition; and the
acquisition of a partial interest in a home purchase, home improvement, or a refinancing loan; prequalification
requests, or “assumptions” that do not involve a written agreement between the creditor/lender and the new
borrower (generally described as a “subject to” transfer). As aforementioned, the federal agency, FFIEC, has
published “A Guide to HMDA Reporting, Getting It Right!” which is available on the FFIEC’s website
(http://www.ffiec.gov/hmda/guide.htm). This publication describes in detail the scope, purpose and how to
properly report as required by HMDA.

The Holden Act

Background and Purpose

Following the enactment of HMDA under federal law, California adopted “The Holden Act” to impose similar
requirements upon creditors/lenders that either are state licensed or chartered depository institutions or licensed
under California law (Health and Safety Code Section 35810 et seq.). To the extent that this state law includes
subject matter addressed under HMDA or under the Federal Fair Housing Act (42 USC Section 3601 et seq.),
the federal law is intended to apply and would prevail, unless the state law is more restrictive.

The purpose of the Holden Act is to ensure, among other objectives, no financial depository institution
discriminates in the availability of financial assistance for the purpose of purchasing, rehabilitating, improving,
or refinancing housing accommodations (whether in whole or in part) due to the conditions, characteristics, or

trends in the neighborhood or geographic area surrounding the housing accommodations. An exemption is
provided when the financial depository institution can demonstrate the consideration of the foregoing
conditions in a particular case is required to avoid an unsafe and unsound business practice (Health and Safety
Code Section 35810(a)).

Discrimination Standards

The foregoing discriminatory standards are also applied by this law when considering Government Code
Sections 12926, 12926.1, 12955, and 12955.2, including with reference to familial status (the relationships that
may exist among the occupants, as well as the issue of age). However, California law recognizes the limited
exemption from the familial status standard applicable to older persons (senior citizens), as defined in
Government Code Section 12955.9. Further, Civil Code Sections are controlling relating to certain housing for
senior citizens when applying the familial status issue (Civil Code Sections 51.2, 51.3, 51.4, 51.10, 51.11,
799.5, and 1360). The housing exemptions for senior citizens from otherwise applying the non-discriminatory
familial status issue includes housing accommodations specifically designed for use by older persons (whether
as rental housing or as housing within common interest developments (CIDs)). The statutes regarding familial
status are intended to ensure no discrimination occurs regardless of the relationships or age that may exist
among the occupants of the housing accommodations (Health and Safety Code Section 35811).

The Holden Act also precludes discrimination by depository institutions and licensed lenders (creditors/lenders)
regarding the racial, ethnic, religious, or national origin composition of a neighborhood or a geographic area
surrounding the housing accommodations (or whether such composition is undergoing change or is expected to
undergo change). Further, in appraising of housing accommodations for the purpose of providing financial
assistance, depository institutions and licensed lenders are not to use practices that are inconsistent with the
prohibitions regarding discrimination concerning the composition or the expected future composition of a
neighborhood or geographic area. However, the aforementioned creditors/lenders are not precluded when
directing the appraisal of intended security properties from considering conditions of the housing
accommodations that constitute a threat to the health or safety of the occupant or that which may apply in the
appraisal process when estimating the fair market value of such properties (Health and Safety Code Sections
35812 and 35813).

Compliance and Reporting Obligations

The Secretary or the Secretary’s designee of Business Transportation and Housing Agency (BT & H) is
charged with the responsibility of monitoring and investigating the lending patterns and practices of the
depository institutions and licensed lenders to ensure compliance with the provisions of this law. Annual
reports to the California Legislature by the Secretary are required on the activities of supervising regulatory
agencies and departments in ensuring compliance and reporting from all persons/entities that are in the business
of originating residential mortgage loans in California, including (among others) insurers, mortgage bankers,
investment bankers, credit unions, and MLBs/MLOs that are engaged in the making of such mortgage loans.

These regulations are to include reports as required and deemed necessary by the Secretary to the appropriate
supervising regulatory agencies or departments. The reports are intended to be substantially consistent with the
reporting standards established under HMDA. The Secretary’s regulations are intended to also address the
reporting requirements imposed upon those creditors/lenders whose assets or residential mortgage loan volumes
are insufficient to meet the federal reporting requirements (Health and Safety Code Sections 35815 and 35816).

The Fair and Accurate Transaction Act (FACT) – “The Red Flag Rules”

Background and Application

The FACT Act was passed in 2003 and is an extension of the Gramm-Leach-Bliley Act (GLB Act). The
citation for the FACT Act is Public Law 108–159, December 4, 2003. Sections of the FACT Act have become
effective over a period of time and regulations are promulgated by different federal agencies for distinguishable
purposes. The last two Sections of the FACT Act are known as the “Red Flag Rules” and the “Address
Discrepancy Policy”. These Sections became effective August 1, 2009.

Regulations

The Federal Trade Commission (FTC) and the National Credit Union Association (NCUA) issued regulations
to implement the “Red Flag Rules” and the “Address Discrepancy Policy”, which regulations affect depository
institutions and “creditors” (as defined) with “covered accounts” (15 USC Sections 1681a(q)(3)(4), 1681c(h),

1681m(e), and 1691a(e), and 16 CFR Part 681). Included within the definitions of the foregoing are financial
depository institutions, i.e., state or federally licensed or chartered banks, savings associations, savings banks,
mutual savings banks, and credit unions; and any other persons/entities that hold a “transaction account”
belonging to a customer or client/principal depending upon the fact situation.

“Creditor” Defined

For the purposes of the aforementioned statutes and regulations, the term “creditor” is any person/entity that
regularly extends, renews, or continues credit; any person/entity that regularly arranges for the extension,
renewal, or continuation of credit; or any assignee of an original “creditor” who is involved in the decision to
extend, renew, or continue credit. “Creditors” under this law (who are other than depository institutions)
include mortgage bankers, finance companies, automobile dealers, mortgage brokers (MLBs/MLOs), real estate
brokers involved in defined activities in relationship to property sales, utility companies, telecommunication
companies, and non-profit entities that defer payment for goods and services (among others).

While depository institutions are primarily regulated by the FRB and other related federal banking regulatory
agencies (including the NCUA), most “creditors” come under the jurisdiction of the FTC. This would include,
as aforementioned, MLBs/MLOs. As defined for application of the “Red Flag Rules” under the FACT Act, the
term “creditor” is not intended to apply to the definition of “creditor” (often referred to as creditor/lender) for
the purposes of extending credit or making loans to consumers/borrowers pursuant to TILA. The term creditor
for this purpose is the lender in the loan transaction required to complete and deliver the disclosures and notices
of rights and to otherwise comply with TILA and Regulation Z (15 USC 1601, Subsection 103(f), and 12 CFR
Section 226.2(a)(17)).

Covered Accounts

Under the FACT Act and related federal law and implementing regulations, a “covered account” is an account
used primarily for personal, family, or household purposes, and which involves multiple payments or
transactions. “Covered accounts” include credit card accounts, mortgage loans, automobile loans, margin
accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts, among others. The
term “covered account” is also intended to apply to an account for which there is a foreseeable risk of identity
theft, e.g., such as small businesses or sole proprietor accounts.

Transaction Accounts

The term “transaction account” is defined pursuant to the aforesaid regulations to mean a deposit or other
account from which the owner makes payments or transfers (i.e., checking accounts, negotiable order of
withdrawal accounts, savings deposits subject to automatic transfers, and shared draft accounts). This term
would also apply to accounts held in behalf of clients/beneficiaries such as escrows or impounds for the future
payment of property taxes and insurance premiums; and trust accounts for advance fees, earnest money
deposits, loan servicing, or funds from property management activities, among others.

Loan servicing trust accounts in connection with transactions involving residential mortgage loans are
presumably included within the definition of “covered accounts” as the funds held and disbursed are used
primarily for personal, family, or household purposes, and the loan servicing involves multiple payments or
transactions. Commercial loan servicing accounts maintained on behalf of private investors/lenders raise
questions regarding this issue. For example, are the funds of the private investors/lenders used for or in any way
applied to personal, family, or household purposes? This is a factual matter to be determined with the
assistance of professionals including knowledgeable legal counsel and a CPA.

Policies and Procedures

Depository institutions and “creditors” under the “Red Flag Rules” are to establish policies and procedures (or a
written program) that identifies and detects the relevant warning signs of identity theft, such as unusual account
activity, fraud alerts on consumer reports, attempted use of suspicious account application documents, or
unauthorized access to the data or records maintained regarding the account(s). The policies and procedures (or
the written program) should describe appropriate responses to prevent and mitigate the conduct or activities
identified by the warning signs (the “Red Flags”).

The objectives when designing a program to comply with the “Red Flag Rules” are to 1.) Detect identity theft
(“Red Flags”); 2.) Prevent future identity theft; 3.) Mitigate identity theft; and 4.) Update the program

periodically, as necessary. Since the transaction files of MLBs/MLOs are to be maintained a minimum of three
years (and for certain purposes, longer periods), the policies and procedures (or the written program) to
accomplish the foregoing objectives of detecting, preventing, mitigating, and updating the program is to apply
to and for the protection of the information contained within these files.

“Red Flag Rules”

The “Red Flag Rules” are intended to be flexible to provide depository institutions and “creditors” with the
opportunity to design and implement a program that is appropriate for the size and complexity of each, as well
as to consider the nature of their financial operations. The “Red Flag Rules” fall into five categories:

1. Alerts, notifications, or warnings from a consumer reporting agency;

2. Suspicious documents;

3. Suspicious personal identifying information, including a suspicious address;

4. Unusual use of or suspicious activities relating to a “covered account”; and,

5. Notices from customers/clients, victims of identity theft, law enforcement authorities, or other
businesses about possible identity theft in connection with “covered accounts”.

Address Discrepancy Policy

Depository institutions and “creditors” are required to adopt an “Address Discrepancy Policy”. The purpose of
such a policy is to establish procedures to identify and respond to discrepancies noted in the information
received from customers/clients regarding their past and present addresses. For example, the credit report
reveals a different address of the customer/client than the loan application; the address for tax information
returns is distinguishable from the address where payments or disbursements to the consumer/client are to be
made; or when the consumer/borrower is requesting a loan on an owner-occupied security property and the
applicant’s current reported address in third party verifications are different than the security property; among
others. Not only are policies and procedures required to identify these discrepancies (“Red Flags”), but
guidance for staff members is necessary to assist in resolving these discrepancies before proceeding any further
with the financial services requested.

How to Comply

The starting point for developing a program is the Guidelines issued for the Red Flags Rule are available at
www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf . The guidelines are found on pages 63773 and
63744 of the document. It is also recommended that practitioners contact knowledgeable legal counsel to
prepare a Red Flag manual incorporating the policies and procedures to be applied in each fact situation,
including the elements and issues discussed in this section. The program must provide for appropriate
responses to the Red Flags identified to prevent and mitigate identity theft, including monitoring an account,
closing an account, not opening an account (or declining to proceed with the loan application), contacting the
customer/client when detecting a Red Flag, or any combination of the foregoing. In certain events, such as a
recent data breach or a phishing fraud that targeted the depository institution or “creditor” may require specific
preventative actions.

Administering the Program

No matter how good the policies and procedures (written program) looks on paper, the true test is how it works.
The program must describe how it is to be administered, including the approval of the management of the
business organization and how the program will be maintained and kept current. According to the Red Flag
Rule, the program requires approval by the board of directors of the business organization, and if the firm
operates without a board, then by a senior employee whose responsibility it is to administer the program. The
board or designated employee must approve any changes made to the program.

Further, the program should include staff training as appropriate and provide a means for the manager to
monitor the work of service providers, including third parties. Evidence of compliance with the Red Flags Rule
by independent service providers who are third parties with whom the business organization does business
should be included as an element of the program. The program is to describe how oversight is accomplished
and it must be kept relevant and current.

Penalties for Non-Compliance

Although there are no criminal penalties for failure to comply with the Red Flags Rule, depository institutions
or “creditors” that violate the rule are liable for a civil penalties of $1,000 per occurrence, a fine of $2,500 per
occurrence, plus actual damages.

California depository institutions and “creditors” (as well as any “business” as defined) should not overlook
applicable state law and the civil penalties imposed for the failure to securely maintain and to destroy in a
timely and lawful manner the customer/client records that include personal information (as defined). Disposal
of such records under California law requires shredding, erasing, or otherwise modifying the personal
information in these records to make the information unreadable, or to be undecipherable by any means (Civil
Code Section 1798.80 et seq.). In addition, actions for identity theft may be brought under California law
against any person or entity by victims of identity theft. Civil and criminal sanctions are available under this
law (Civil Code Section 1798.92 et seq.).

The Fair Credit Reporting Act (FCRA)

Background

The Fair Credit Reporting Act of 1971 and subsequent amendments guarantees consumers rights as they relate
to credit information, including a prospective consumer/borrower’s right to know about their own credit. State
and federal laws require the mortgage broker (MLB/MLO) to provide specific disclosures to the consumer who
is applying for credit secured by real property (15 USC Section 1681 et seq. and Civil Code Section 1785.14 et
seq.).

Disclosure of credit scores

FCRA Section 609(g) was added by the FACT Act and requires the disclosure of an applicant’s credit score.
The Act applies to persons making or arranging loans whenever a credit score is used in conjunction with an
application for the loan that will be secured by a 1 to 4 unit residential real property, whether the credit is
closed end or open ended. Further, it applies regardless of the outcome of the credit decision. Therefore,
disclosures are to be made whether the application is approved, denied, withdrawn or closed for
incompleteness. This law does not apply to credit applications for loans secured by mobile homes.

A credit score is defined by the Act as a numerical value or a categorization derived from a statistical tool or
modeling system used by a person who makes or arranges a loan to predict the likelihood of certain credit
behaviors, including default; also referred to as a “risk predictor” or “risk score”. This definition appears to
include credit scores maintained by credit repositories including bureaus that do not take into account the
characteristics of the subject transaction. This definition may extend to depository institutions and other
creditors who undertook to develop their own credit score methodology.

The three most commonly used in California are Experian’s Fair Isaac Corporation score, the FICO Score;
TransUnion’s Empirica Score; and Equifax’s Beacon Score. It does not include any mortgage score or rating of
an automated underwriting system that considers factors in addition to credit information such as the loan-to-
value ratio, the applicant’s assets or other elements of the underwriting process or decision. Fannie Mae’s
Desktop Underwriter and Freddie Mac’s Loan Prospector are excluded, since they take into account the
proposed down payment, loan-to-value ratio and other loan specific data.

The disclosure of an applicant’s credit information must be delivered “as soon as reasonably practicable.” The
contents of the notice under federal law are defined in Section 609 (g)(1)(A). Initially, this law requires that “a
copy of the information identified… that was obtained from a consumer credit reporting agency” and a required
statutory notice be provided to the consumer/borrower. Subsequently, this law requires that six items of
information need to be given as follows:

1. A statement that the information and credit scoring model may be different than the credit score used
by the lender;

2. The current credit score;

3. The range of possible credit scores;

4. The key factors, up to four, that adversely affected the consumer’s credit score in the model used (i.e.,
key factors mean all relevant elements or reasons adversely affecting the credit score for the particular

individual, listed in order of their importance and based on their effect on the credit score; and if the
key factors include the number of inquiries made with respect to the consumer report, this factor must
be disclosed without regard to the four factor limit);

5. The date the credit score was created; and,

6. The name of the person or entity that provided the credit score or credit file from which the score was
created.

The statutory notice required in Section 609 (g)(1)(D) further requires the name, address and telephone number
of each credit repository/bureau providing a credit score that was used plus the statutory text. Later in Section
609 (g)(1)(E)(ii) it provides that this law does not require any person to disclose any information other than a
credit score and the key factors.

The disclosure of credit scores applies to each individual for whom a credit score was used; therefore, each
applicant is to be provided with the statutory required notice and the information set forth above.

Depending upon the fact situation, creditors/lenders and MLBs/MLOs acting under California law must also
provide the consumer/borrower with a notice regarding the use of "Credit Scores" and of information
prescribed by state statute, including the key factors that adversely affect the consumer/borrower's credit score
in the model used. Further, the information provided is to include how to contact the three credit repositories to
correct any inaccuracy in the consumer/borrower's credit report. The three repositories are Experian,
TransUnion, and Equifax (Civil Code Sections 1785.14, 1785.15, 1785.15.1, 1785.15.2, 1785.16, and
1785.17).

Credit Disputes

If an applicant believes there is a mistake in his/her credit report and wishes to dispute or correct the mistake,
the applicant can contact the credit repository that developed the report. Under FCRA, the repository must
complete an investigation of the disputed items within 30 days and provide a written notice of the results of the
investigation within 5 days of completion, and to provide a copy of the credit report (if it has changed) based on
data developed from the dispute. The FTC is responsible for enforcing FCRA.

The Home Valuation Code of Conduct (HVCC)

Background

The Home Valuation Code of Conduct (the Code) is the result of a joint agreement among Fannie Mae, Freddie
Mac, the Federal Housing Finance Agency (FHFA), and the New York State Attorney General. The Code is
intended to enhance the independence and accuracy of the appraisal process and to provide added protections
for homebuyers, lenders, investors in mortgage loans, and to generally support the housing market. While the
Code arises from an agreement, depository institutions are subject to the impact on the agreement of regulations
concerning third party relationships promulgated in OCC regulations 12 CFR Sections 5.34, 5.36, and 5.39
describing the permissibility of the activities to be conducted. Further, affiliated relationships that may result
from the joint agreement are subject to the rules applicable to such relationships (Sections 23A and 23B of the
Federal Reserve Act, 12 USC 371c and c(1)).

Delivery of Single Family Mortgages to Fannie Mae and Freddie Mac

Effective May 1, 2009, Fannie Mae and Freddie Mac no longer purchase residential mortgages from Sellers
that have not adopted the Code with respect to single-family mortgages (other than government insured or
indemnified loans) delivered to Fannie Mae or Freddie Mac. Also, effective for single-family mortgages with
loan application dates on or after May 1, 2009, Fannie Mae and Freddie Mac seller/servicers must represent and
warrant that the appraisal report is obtained in a manner consistent with the Code.

The sale of mortgage loans that are excluded from the foregoing representation and warranty include FHA and
VA insured or indemnified mortgage loans; Section 184 Native American Mortgages; and Section 502
Guaranteed Rural Housing Mortgages.

Fannie Mae and Freddie Mac have jointly established the Uniform Mortgage Data Program (UMDP) under the
direction of the FHFA to provide common requirements for appraisal and loan delivery data, including a
Uniform Appraisal Dataset that standardizes key appraisal data elements to enhance data quality and promote
consistency; and a Uniform Collateral Data Portal (UCDP) for the electronic collection of appraisal data.

Non-compliance with the Code

Complaints about non-compliance with the Code may be submitted electronically or through the mail using the
complaint submission form. The complaint submission form must be completely filled out to be accepted and
reviewed. Anonymous or incomplete complaints will not be reviewed. Instructions are provided on the
complaint types that are eligible for submission to Fannie Mae or Freddie Mac.

Taking Precautions

There are many factors that led to the inflated property values experienced a few short years ago, which
substantially contributed to the market conditions that are being experienced at the time of this writing. One of
those factors involved real estate appraisers who were not objective in their appraisal work, but rather were
unduly influenced to arrive at specified values by those who hired them. Appraisers were influenced in a
variety of ways, ranging from subtle to overt, but the net effect was uncontrolled market appreciation that could
not be sustained.

To address the problem of the improper influence of real estate appraisers, Civil Code Section 1090.5, was
enacted and became effective October 5, 2007. It provides in part that “No person with an interest in a real
estate transaction involving an appraisal shall improperly influence or attempt to improperly influence, through
coercion, extortion, or bribery, the development, reporting, result, or review of a real estate appraisal sought in
connection with a mortgage loan.” To further restrain undue influence upon appraisers, the law also provides
that if a person who violates the law is licensed under any state licensing law, and the violation occurs within
the course and scope of the person’s duties as a licensee, the violation shall be deemed a violation of that state
licensing law.

To help real estate licensees avoid any potential impropriety, the DRE (working in conjunction with the Office
of Real Estate Appraisers, the Department of Corporations, and the Department of Financial Institutions)
developed the following list of practices which may constitute evidence of a violation of California law and
should be avoided when engaging the services of a licensed real estate appraiser.

1. Withholding or threatening to withhold timely payment or partial payment for a completed appraisal
report, regardless of whether a sale or financing transaction closes;

2. Withholding or threatening to withhold future business from an appraiser, or demoting or terminating
or threatening to demote or terminate an appraiser;

3. Expressly or impliedly promising future business, promotions, or increased compensation for an
appraiser;

4. Conditioning the ordering of an appraisal report or the payment of an appraisal fee or salary or bonus
on the opinion, conclusion, or valuation to be reached, or on a preliminary value estimate requested
from an appraiser;

5. Requesting that an appraiser provide an estimated, predetermined, or desired valuation in an appraisal
report prior to the completion of the appraisal report, or requesting that an appraiser provide estimated
values or comparable sales at any time prior to the appraiser’s completion of an appraisal report;

6. Providing to an appraiser an anticipated, estimated, encouraged, or desired value for a subject property
or a proposed or target amount to be loaned to the borrower, except that a copy of the sales contract
for purchase transactions may be provided;

7. Requesting the removal of language related to observed physical, functional or economic
obsolescence, or adverse property conditions noted in an appraisal report;

8. Providing to an appraiser, appraisal company, appraisal management company, or any entity or person
related to the appraiser, appraisal company, or appraisal management company, stock or other
financial or non-financial benefits;

9. Allowing the removal of an appraiser from a list of qualified appraisers, or the addition of an appraiser
to an exclusionary list of disapproved appraisers used by any entity, without prior written notice to
such appraiser, which notice shall include written evidence of the appraiser’s illegal conduct, a
violation of the Uniform Standards of Professional Appraisal Practice (USPAP) or state licensing

standards, substandard performance, improper or unprofessional behavior or other substantive reason
for removal;

10. Ordering, obtaining, using, or paying for a second or subsequent appraisal or automated valuation
model (AVM) in connection with a mortgage financing transaction unless: (i) there is a reasonable
basis to believe that the initial appraisal was flawed or tainted and such basis is clearly and
appropriately noted in the loan file, or (ii) such appraisal or AVM is done pursuant to written, pre-
established bona fide pre- or post-funding appraisal review or quality control process or underwriting
guidelines, and so long as the lender adheres to a policy of selecting the most reliable appraisal, rather
than the appraisal that states the highest value; or,

11. Any other act or practice that impairs or attempts to impair an appraiser’s independence, objectivity, or
impartiality or violates law or regulation, including, but not limited to, the Truth in Lending Act
(TILA) and Regulation Z, or USPAP.

It should be noted that neither Civil Code Section 1090.5, nor any other California code section, prohibits a
person with an interest in a real estate transaction from asking an appraiser to do any of the following: (1)
consider additional, appropriate property information; (2) provide further detail, substantiation, or explanation
for the appraiser’s value conclusion; and/or (3) correct objective factual errors in an appraisal report.

While the above list is illustrative of acts that may be evidence of violations of the prohibitions against undue
influence contained in Civil Code section 1090.5, it is not exhaustive. It is, however, intended to alert real estate
licensees of practices that could potentially lead to disciplinary action. In this regard, real estate licensees are
admonished to exercise caution when working with real estate appraisers and avoid actions that could be
considered improper influence.”

The USA Patriot Act

Background

An applicant is to be identified to determine if there exists an association with terrorism, narcotics trafficking
and/or money laundering. This is accomplished by utilizing the lists published by the Office of Foreign Asset
Control. The information regarding the persons or nation-states that identify with such an association is known
as the U.S. Treasury Department’s Specially Designated Nationals (SDN) and Blocked Persons list. This list
also includes nation-states that have been placed on non-favored nation status. If the applicant is either
specifically named or is from one of the nation-states appearing on the list, the financial institution (depository
institution) or licensed creditor/lender, including MLB/MLO, cannot proceed with a loan application or with
other financial services. The website for the list is www.ustreas.gov/offices/enforcement/ofac/sdn/.

The Office of Foreign Assets Control (OFAC) administers a series of laws that impose economic sanctions
against hostile targets to further U.S. foreign policy and national security objectives. The list identifies “pariah”
countries, as well as certain groups, such as narcotics traffickers and terrorists, who threaten the security,
economy, and safety of the United States and its citizens. Management of sanctions is entrusted to the Secretary
of the Treasury. While OFAC is responsible for promulgating, developing, and administering the sanctions for
the Secretary under eight basic statutes, all of the bank regulatory agencies cooperate in ensuring financial
institution compliance with the regulations implementing the USA Patriot Act.

Compliance

“U.S. persons” or “persons subject to the jurisdiction of the United States”, depending on the sanctions
program, must comply with OFAC regulations. This law is expected to include licensed creditors/lenders and
MLBs/MLOs that have been characterized as financial institutions for other purposes under federal law, e.g.
FACT. Commercial banks, whether large or small, are subject to these terms and are responsible for complying
with OFAC regulations.

While depository institutions are routinely examined to ensure they maintain policies and procedures in place
for complying with the requirements of OFAC, licensed creditors/lenders (other than depository institutions), as
well as MLBs/MLOs are primarily left to their own practices to establish compliance with this issue. These
creditors/lenders and brokers need to establish internal policies and procedures (including obtaining the lists
available from the previously identified website) to ensure that loan applications and other financial services are
not extended to SDN and Blocked Persons.

For example, establishing new accounts (such as fiduciary, discount, or other securities or brokerage
transaction accounts), pursuing certain loan brokerage activities, developing new loan customers/clients,
proceeding with wire transfers, and engaging in other bank or financial transactions should not occur until the
identity of a potentially Blocked Person are compared to OFAC’s listings. MLBs/MLOs should be subject to
more limited compliance with this law than would depository institutions, depending upon the activities
pursued by these brokers. Real estate brokers (MLBs) who receive capital/funds from private investors/lenders
should research their liability under this law, as these brokers will likely be subject to broader application of the
USA Patriot Act than brokers who package loans to be delivered to depository institutions or licensed
creditors/lenders.

Reporting Procedures and Requirements

Whenever a bank blocks or rejects a prohibited transaction, that bank must report its action to OFAC within 10
days, describing the action taken, including a copy of the payment order or other relevant documentation. In
addition to this periodic report, all holders of blocked property must file a comprehensive annual report of
blocked property (form TDF 90-22.50) by September 30 each year. Reportedly, no procedures have yet to be
developed to monitor licensed creditors/lenders or MLBs/MLOs in connection with this issue. Nonetheless, the
importance of establishing a compliance program and developing internal audit procedures should be obvious.

Specially Designated Nationals and Blocked Persons

Individuals and entities which are owned or controlled by, or acting for or on behalf of, the governments of
target countries or are associated with international narcotics trafficking or terrorism are listed on the Treasury
Department’s Specially Designated Nationals (SDN) and Blocked Persons list. The purpose of maintaining this
list in current status is to inform persons subject to the jurisdiction of the United States they are prohibited from
dealing with those identified and they must block all property within their possession or control in which these
blocked individuals and entities have an interest.

An Overview of Current OFAC Profiles for Blocking Transactions

Commercial banks (and it is believed the following extends to all persons/entities subject to this law) must
block transactions involving the following:

1. Individuals appearing on OFAC’s SDN list;

2. Cuban and North Korean citizens, except U.S. residents, wherever located;

3. Individuals, regardless of citizenship, currently residing in Cuba or North Korea;

4. Entities on OFAC’s SDN list;

5. Companies and Commercial Enterprises located in North Korea and Cuba; and,

6. Governmental entities and officials of Libya, Iraq, North Korea, Cuba, Sudan, Serbia, and the Federal
Republic of Yugoslavia, including those entities and individuals appearing on OFAC’s list of SDNs
and Blocked Persons. All banks in Libya, Iraq, and Serbia are government-controlled banks.

Objectives and Screening

The most fundamental objective of OFAC compliance procedures is to provide enough information to key staff
members in relevant operations to recognize and stop, or “interdict,” suspected transactions for further review
before processing. An effective internal communication network is critical to OFAC regulatory compliance.
Compliance training programs should be initiated by all persons/entities subject to this law.

Such training initiatives can range from mentioning regulations in staff meetings and incorporating compliance
requirements into operating manuals including policies and procedures, and joining with other affected persons
or entities (including trade associations) to sponsor seminars. Relevant operational areas of every affected
person or entity should receive, at a minimum, a listing of sanctioned countries and continuously updated SDN
list (Public Law 106-56-October 26, 2001).

The Flood Disaster Protection Act (FDPA)

Background

The Flood Disaster Protection Act (FDPA) was adopted to provide adequate amounts of federally subsidized
flood insurance to owners of improved real property located in a designated flood hazard area of communities
that participate in the National Flood Insurance Program (NFIP). The purpose of this program is to provide an
alternative to the federal disaster relief funds normally required in flooded areas. The NFIP is administered by
the Federal Emergency Management Agency (FEMA) The federal banking agencies adopted uniform
interagency flood regulations effective October 1, 1996. Further information can be found in the Interagency
Questions and Answers Regarding Flood Insurance at www.occ.treas.gov/handbook/compliance.htm.

Both consumer and commercial loans to be secured by improved real property or with a mobile home (located
or to be located in an identified special flood hazard area) are loans designated for consideration of flood
insurance coverage. The Act also applies to increases in, extensions or renewals of such loans. Federally
regulated lending institutions are prohibited from making, increasing, renewing or extending such loans, unless
the property securing the loan is covered by sufficient flood insurance.

“The FDPA imposes five basic requirements on a creditor/lender:

1. Prior to making, increasing or renewing or extending a loan, the lender must determine whether the
property is located in an area designated by FEMA as a special flood hazard zone rated “A” or “V”;

2. If the property is located in a special flood hazard area (SFHA), the lender must determine whether the
property is located in a community participating in the NFIP and then provide special notices to the
borrower, loan servicer, and flood insurer;

3. If the community participates in the NFIP, the lender may not close the loan without proof that
sufficient flood insurance is in place (if the community does not participate in the NFIP and flood
insurance is unavailable from FEMA, lenders may wish to obtain flood insurance coverage from a
private insurer to protect the collateral);

4. If the lender ever determines that flood insurance has lapsed or become insufficient in amount, the
lender must force place the insurance required; and,

5. Certain notices about flood insurance coverage are required at various points during the life of the
loan.”

The statutes imposing the above requirements are found in 42 USC 4001-4129, which include the National
Flood Insurance Act of 1968 (1968 Act); the Flood Disaster Protection Act of 1973 (FDPA); and Title V of the
Riegle Community Development and Regulatory Improvement Act of 1994.

Compliance

Regulators of this law include FRB, NCUA, FDIC, the OCC, OTS, and the Farm Credit Administration (FCA),
collectively the agencies, issued a joint rule to implement the National Insurance Reform Act (the OCC’s
implementing regulation is cited as 12 CFR 22). The agencies have adopted, “Interagency Questions and
Answers Regarding Flood Insurance”, published in the Comptroller of the Currency Administrator of National
Banks Comptroller’s Handbook, May 1999. The questions and answers serve as guidance to comply with the
regulations.

The Federal Financial Institutions Examination Council (FFIEC) has published statements in the Federal
Register regarding notice and request for comments on loans in areas having special flood hazards, including
interagency questions and answers regarding flood insurance. The publication by the FFIEC is cited as Council
(FFIEC) 62 FR 39523 (July 23, 1997).

Eligibility for the purchase of flood insurance extends to communities that agree to adopt ordinances to mitigate
the impact of future flooding, such as conditioning the issuance of building permits for new residential
construction upon the requirement that the structure be built so that the lowest floor is above the flood elevation
level.

There are 14 Flood hazard areas defined. If the property is located within an “A” and “V” rated FIRM zones
(A, A1-30, AE, A99, AH, AR, V1-30, VE, V and VO) insurance is required. Insurance is available but not
required for the remaining zones. If the improved property or mobile home is located or will be located in a
flood hazard area but not in an area of special flood hazard, B, X, C or D zones, flood insurance is not required
but may be obtained.

The flood insurance regulations apply to federally regulated depository institutions and loan servicers acting on
behalf of such institutions. The loan servicer’s obligations to comply with the NFIP are governed by the loan
servicing agreement.

“A ‘loan servicer’ means the party responsible for:

1. Receiving any scheduled periodic payments from a borrower on a loan including amounts for taxes,
insurance premiums and other charges with respect to the property securing the loan; and,

2. Making payments of principal and interest and any other payments from the amounts received from
the borrower under the loan.

The flood regulations apply to any loan made by a regulated lender secured in whole or in part by real property
improved with vertical structures or with a mobile home. The term mobile home does not include a recreational
vehicle. Loans secured by vacant land are not subject to flood insurance. Commercial, business agricultural and
residential loans are subject to flood insurance.

The Agencies have created the term “designated loan” and defines that term to mean a loan secured by a
building or mobile home that is located or to be located in a special flood hazard area in which flood insurance
is available under the Act.

When a loan is made to construct improvements upon the property that is located in a special flood hazard area,
flood insurance coverage must be maintained throughout the construction. Where a building and its contents
both secure a loan, and the building is located in a special flood hazard area, flood insurance coverage is
required for the building and any contents stored in that building. Exemptions to the flood insurance
requirements generally include loans that have an original principal balance of $5,000 or less and a term of one
year or less.

FNMA and FHLMC have imposed requirements that loans sold to these entities have adequate flood insurance
coverage. To promote consistent treatment for lenders, the OTS and the FDIC have adopted the position of the
OCC and FRB that a loan purchase does not require that a determination be made whether the security property
is located in a special flood hazard area. Although commercial banks may purchase mortgage loans where flood
insurance was not obtained, these depository institutions must review their loan portfolio to measure the
operative risk and exposure in the absence of flood insurance coverage. This may require the depository
institution to purchase the flood insurance coverage as a means of reducing portfolio risk.

FNMA outlines the basic flood insurance requirements for mortgagees sold on the secondary market in their
most recent Fannie Mae Servicing Guide (Servicing Guide) that can be found online at www.efanniemae.com.
FHLMC’s flood insurance guidelines are contained in Volumes 1 and 2 of its single family Seller/Servicer
guide that can also be accessed on their website at www.freddiemac.com. The NCUA directs federal credit
unions to not purchase member loans without determining whether such loans secured by improved real
property have adequate flood insurance coverage.

Lenders are required to document their flood hazard determinations on the Department of Homeland
Security/Federal Emergency Management Agency Standard Flood Hazard Determination Form (SFHDF)
O.M.B. No. 1660-0040. The current form has an expiration date of December 31, 2011. The form is made
available on FEMA’s website, www.fema.gov.

A notice to the borrower is required whenever a lender makes, increases, extends, or renews a loan secured by a
building or a mobile home located in a SFHA. The notice is also to inform the borrower whether flood

insurance coverage is available under the NFIP. The notice must be in writing and includes required contents.
The flood regulations contain a model notice form that the lender may use at its option.

When flood insurance coverage is required, a lender must ensure that adequate flood insurance coverage is in
place by the time the loan closes. Applicable regulations include the methods for determining the amount of
coverage.

“In general it must be at least equal to the lesser of:

7. The outstanding principal balance of the designated loan;

8. The maximum amount available under NFIP for the particular type of property; and,

9. The value of the improvements (overall value of the property less the value of the land).”

Lenders may require more insurance than required by the applicable regulations to ensure repayment of the
loan; however, the coverage may not be more than the replacement cost of the improvements. The amount of
building coverage limits and contents coverage limits currently in effect are published in the questions and
answers that may be found on the FEMA website. California law prohibits requiring hazard insurance in an
amount in excess of the replacement value of the improvements on the real property (Civil Code Section
2955.5).