Tuesday, March 15, 2011

NMLS Privacy Guidelines

In the course of working with our clients on their licensing and registration compliance, the question often comes up about the confidentiality of nonpublic personal information that is stored in the Nationwide Mortgage Licensing System Registry (NMLS).  
Additionally, we are asked who may obtain access to an Mortgage Loan Originator's (MLO's) confidential information.
Indeed, this question has come up several times in the NMLS Users Forum that we recently created in the following web spaces:
It is essential to know the NMLS privacy guidelines. Some information is available on the NMLS website, but not enough, and it is too condensed or insufficiently available.
We have prepared a 2-page Privacy Guidelines synopsis of the NMLS privacy guidelines. 

The information in the NMLS is maintained to support regulatory supervision while providing the general public with access to certain information.
Privacy guidelines, in general, are based on the provisions of the Privacy Act of 1974 [5 U.S.C. 552a], as amended, which must be implemented by the NMLS. The authority to maintain the  NMLS and its privacy protocols comes from Section 1507 of the Secure and Fair Enforcement for Mortgage Licensing Act (S.A.F.E. Act) [12 U.S.C. 5106]. 

The guidelines apply to any persons required by the S.A.F.E. Act to register in or license through the NMLS to obtain unique identifiers, and to maintain their registrations and licenses.
NMLS contains information documenting identity, including name and former names, social security number, gender, date of birth, and place of birth; home and business contact information; the date on which the MLO becomes an employee with the institution; criminal history, including the results of a background check; financial services-related employment history; civil, arbitration, regulatory, and disciplinary actions arising out of the MLO's financial services; and licensure revocations and suspensions. 

Under the Privacy Act [5 U.S.C. 552a (b)], all or a portion of the records or information contained in the NMLS may be disclosed to:
  • The appropriate federal, state, local, foreign, or self-regulatory organization or agency responsible for investigating, prosecuting, enforcing, implementing, issuing or carrying out a statute, rule, regulation, order, policy or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy or license.
  • A federal agency in the executive, legislative, or judicial branch of government, or to a Federal Reserve Bank, in connection with the hiring, retaining, or assigning of an employee, the issuance of a security clearance, the conducting of a security or suitability investigation of an individual, the classifying of jobs, the letting of a contract, the issuance of a license, grant, or other benefits by the receiving entity, or the lawful statutory, administrative, or investigative purpose of the receiving entity to the extent that the information is relevant and necessary to the receiving entity's decision on the matter.
  • The Department of Justice, a court, an adjudicative body or administrative tribunal, a party in litigation, or a witness if the MLO's regulator determines, in its sole discretion, that the information is relevant and necessary to the matter.
  • A congressional office in response to an inquiry from the congressional office made at the request of the individual to whom the record pertains.
  • Contractors, agents, or others performing work on a contract, service, cooperative agreement, or activity for the MLO's regulator and who have a need to access the information in the performance of their duties or activities for the MLO's regulator.
  • Appropriate federal, state, local authorities, and other entities when (a) it is suspected or confirmed that the security or confidentiality of information in the system has been compromised; (b) there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs that rely upon the compromised information; and (c) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
  • Depository and financial institutions or their subsidiaries or institutions regulated by the MLO's regulator for use in registering employees as MLOs or renewing employee registrations.
  • Third parties when the information relates to the employment history of, and publically adjudicated disciplinary and enforcement actions against, loan originators that is included in the NMLS for access by the public in accordance with Section 1507 of the S.A.F.E. Act. (Cited Above)
  • Nonpublic personal information of MLOs, including confidential information submitted by the MLO's regulator.
  • Nonpublic personal information and confidential information required to establish an account.
  • Nonpublic personal information and confidential information to verify the identity of anyone who contacts the NMLS.
  • Information provided by regulators and MLOs that are used by the regulators to issue and maintain a state license or monitor a federal registration, including:
license status
application approvals
regulator's and MLO's updates
  • Collection and disbursement information regarding state license fees, registration fees, system processing fees, and information to process payment transactions.
Records are stored in electronic media and retrieved by an individual MLO's name or unique identification number and by the financial institution's name.
Information in NMLS is kept for a minimum of five years after the MLO no longer holds a valid state license or registration that is maintained in NMLS.

Visit Library
Law Library Image
Privacy Guidelines of Nationwide Mortgage Licensing System Registry (NMLSR) -
Lenders Compliance Group
March 14, 2011
Post Separator-2-LCG