Accredited Mortgage Professional (Canada) (AMP)

Correct: Under the regulations implementing the Biggert-Waters Act, lenders are required to accept private flood insurance that meets the statutory definition. A policy is deemed to meet this definition if it includes a ‘compliance aid’ statement or if the lender determines the coverage is ‘at least as broad’ as a standard NFIP policy. This includes matching NFIP requirements for deductibles, exclusions, and the requirement for a 45-day notice of cancellation to the lender.

Incorrect: Option B is incorrect because FEMA does not endorse or approve individual private insurance policies for mortgage compliance. Option C is incorrect because while deductibles must be comparable to NFIP limits, there is no flat $1,000 requirement or mandate for an umbrella policy. Option D is incorrect because while the insurer must be licensed or admitted in the state, the state insurance commissioner does not provide specific compliance approvals for individual mortgage transactions.

Takeaway: Lenders must accept private flood insurance if it contains a compliance aid statement or is determined to be at least as broad as standard NFIP coverage.

Correct: The CFPB was established by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 specifically to address the fragmented nature of consumer protection. By consolidating authorities previously held by seven different federal agencies (including the Federal Reserve, FTC, and HUD), the CFPB provides a single point of accountability and ensures that consumer financial laws are applied consistently across the entire mortgage market, covering both bank and non-bank entities.

Incorrect: The creation of a self-regulatory organization would lack the federal enforcement authority intended by the Dodd-Frank Act. Decentralization to state attorneys general would lead to the same ‘patchwork’ of regulations that the CFPB was designed to harmonize. Integrating mandates into prudential regulators like the OCC was the pre-crisis model, which was criticized because safety and soundness goals often conflicted with, and took precedence over, consumer protection interests.

Takeaway: The CFPB’s primary structural innovation was the consolidation of disparate federal consumer protection authorities into one independent agency to ensure consistent enforcement across the financial sector.

Correct: The CFPB and other regulators expect a comprehensive Compliance Management System (CMS) to capture complaints from all points of consumer contact. Establishing a centralized intake framework ensures that the lender can perform root cause analysis, identify systemic issues, and ensure timely responses across all platforms, regardless of how the consumer chose to communicate. This centralized approach is critical for accurate regulatory reporting and risk assessment.

Incorrect: Restricting the channels through which a consumer can complain can be viewed as an attempt to suppress grievances and may violate UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) principles. Delegating tracking to marketing without integration into the CMS creates silos and prevents a holistic view of compliance risk, as marketing staff may not be trained to identify regulatory violations. Increasing audits on one channel (call center) does not address the fundamental control weakness of uncaptured data in other channels.

Takeaway: An effective complaint management program must provide a centralized, multi-channel intake process to ensure all consumer grievances are captured, tracked, and analyzed for systemic risk.

Correct: Under the Servicemembers Civil Relief Act (SCRA), service members have the right to terminate a residential lease if they receive orders for a permanent change of station (PCS) or a deployment for a period of 90 days or more. To exercise this right, the service member must deliver a written notice of termination to the landlord along with a copy of their military orders or a supporting letter from their commanding officer. Termination of a lease that provides for monthly payment of rent is effective 30 days after the first date on which the next rental payment is due.

Incorrect: Filing a petition with a housing authority or obtaining a waiver from the Department of Defense is not a requirement under the SCRA; the protection is self-executing upon proper notice to the landlord. Verbal notice is insufficient under federal law, which specifically requires written notice and documentation of orders. There is no 50-mile radius requirement or minimum lease duration (such as six months) specified in the SCRA for lease terminations related to PCS orders.

Takeaway: To legally terminate a lease under the SCRA due to military orders, a service member must provide the landlord with written notice and a copy of their official orders.

Correct: Regulatory guidance regarding third-party risk management requires lenders to maintain active oversight and ensure that vendors adhere to consumer protection standards. When a vendor fails to meet performance or compliance benchmarks, the lender must take structured steps to remediate the deficiency. Implementing a formal remediation plan with milestones ensures the vendor is held accountable, while seeking backup providers addresses the operational risk of vendor concentration and potential future termination.

Incorrect: Granting a permanent exception is inappropriate as it allows a known compliance deficiency to persist, increasing the lender’s regulatory and reputational risk. Transferring the workload internally may solve the immediate timing issue but fails to address the vendor’s underlying failure to meet contractual and regulatory obligations. Immediate suspension without a transition plan could lead to significant operational disruptions and does not provide a structured path for the vendor to correct their systemic issues.

Takeaway: Effective third-party risk management requires a balance of rigorous compliance oversight, structured remediation for performance failures, and proactive contingency planning for critical service providers.

Correct: In the mortgage industry, compliance is heavily dictated by the Government-Sponsored Enterprises (GSEs) like Fannie Mae and Freddie Mac. Their Seller/Servicer Guides are updated frequently throughout the year. A robust compliance management system (CMS) must include a schedule for regular reviews (at least annually) and a mechanism to incorporate investor updates immediately to prevent loan buybacks, delivery errors, and regulatory penalties. This dual-track approach ensures the organization remains current with both long-term regulatory trends and immediate operational requirements.

Incorrect: A biennial review cycle is too infrequent for the fast-paced mortgage regulatory environment, and allowing departments to manage workflows independently creates silos and inconsistency that increase risk. Waiting for a full year of data before finalizing updates prevents the firm from reacting to immediate legal or investor mandates, potentially leading to non-compliance in the interim. Allowing sales and marketing to drive policy updates creates a significant conflict of interest and undermines the independence and oversight required for an effective compliance function.

Takeaway: A proactive compliance review schedule must integrate both periodic assessments and event-driven updates triggered by investor or regulatory changes to ensure operational alignment.

Correct: Under the Flood Disaster Protection Act (FDPA) and implementing regulations, the mandatory purchase requirement for a loan secured by a building located in an SFHA is the ‘lesser of’ three amounts: the outstanding principal balance of the loan, the maximum amount of coverage available under the NFIP for that specific property type (currently $250,000 for residential), or the insurable value of the building (which is typically the replacement cost value of the structure, excluding land).

Incorrect: The option involving the greater of the appraised value of land and improvements is incorrect because land is not insurable under the NFIP and should never be included in the flood insurance calculation. The option regarding 80% of replacement cost refers to a common standard for hazard insurance to avoid coinsurance, but it is not the regulatory floor for flood compliance. The option involving loan costs, fees, and interest is irrelevant to the valuation of the collateral or the insurance requirements set by the NFIP.

Takeaway: Federal law requires flood insurance coverage to be the lesser of the loan balance, the NFIP maximum limit, or the insurable value of the improvements.

Correct: The primary risk in a fragmented complaint process is that the institution fails to recognize systemic issues. Regulators, particularly the CFPB, expect a Compliance Management System (CMS) to include a complaint management program that identifies patterns. By resolving complaints in isolation, the lender misses the opportunity to fix the underlying process error (the root cause), which could lead to widespread regulatory non-compliance or UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) violations.

Incorrect: Option b is incorrect because while data accuracy is important, the scenario specifically describes a failure in the complaint management process rather than a specific credit reporting error. Option c is incorrect because while reputational risk is real, it is a secondary business concern compared to the primary regulatory risk of systemic compliance failure. Option d is incorrect because it focuses on training loan originators for a problem occurring in the servicing department, and it fails to address the need for a centralized analysis of the complaints themselves.

Takeaway: A robust complaint management system must move beyond individual resolution to include trend analysis and root cause identification to prevent systemic regulatory violations.

Correct: Integrating the LMS with the LOS creates a preventative control that ensures compliance documentation is directly linked to operational capability. By automating the restriction of access based on training records, the organization ensures that only personnel with verified, documented training can engage in regulated activities, thereby eliminating the risk of human error in manual tracking and providing a real-time audit trail.

Incorrect: Establishing a secondary review for every tenth file is a detective control that only addresses a sample of the population, leaving the majority of loans at risk. Physical training logs are inefficient, prone to loss, and do not provide real-time enforcement of compliance requirements. Third-party audits are a monitoring control that occurs after the fact; while they provide oversight, they do not prevent the processing of loans by untrained staff at the point of origination.

Takeaway: The most effective compliance tracking involves integrating training documentation with operational systems to create automated, preventative controls that restrict activity until training requirements are met.

Correct: A risk-based approach to compliance management ensures that critical procedures such as KYC and CIP are updated in response to external regulatory changes or internal shifts in risk. Relying on a static three-year cycle is insufficient in a dynamic regulatory environment, as it allows for significant gaps between the issuance of new guidance (such as FinCEN requirements) and the institution’s operational implementation.

Incorrect: Increasing audit sample sizes identifies errors but does not address the root cause of outdated procedural documentation. Delegating compliance updates to frontline staff is inappropriate because they often lack the specialized regulatory knowledge and independence required to interpret complex legal requirements. Suspending all operations is a disproportionate response that causes unnecessary business disruption when a targeted update to the review policy would suffice.

Takeaway: Compliance review cycles should be dynamic and risk-based to ensure that mortgage lending procedures remain aligned with evolving regulatory requirements and institutional risk profiles.