SAFE Act Audit Deadline Approaching

If you haven’t completed your SAFE Act annual independent test, you’re not alone.

September 18, 2012

The Secure and Fair Enforcement for Mortgage Licensing Act of 2008, also known as the SAFE Act, requires that credit unions subject to the Act’s requirements conduct an annual independent test (also referred to here as an audit).

If your credit union hasn’t yet completed its SAFE Act annual independent test, you’re not alone. But you still have time to comply before the end of 2012.

One question credit unions frequently have asked regarding the SAFE Act annual audit requirement is “When must we complete the audit so it’s considered in compliance with the Act’s ‘annual’ requirement?”

In other words, does “annual” mean one year from the initial registration deadline for credit union mortgage loan originators (MLOs)—which was July 29, 2011—or does “annual” mean within the 2012 calendar year since that’s the first full calendar year of compliance requirements?

Credit unions can perform the SAFE Act “annual” independent test at any time in the 2012 calendar year with an agreed-upon effective date or review period, according to an informal opinion from NCUA’s Office of Consumer Protection. So, there’s still time to complete the annual audit if you haven’t already done so. Here are some things to consider when completing the audit.

First, internal staff, the supervisory committee, or an outside third party can complete the audit. The key is whoever conducts the audit must be “independent” of the SAFE Act program.

Next, credit unions should ensure the audit scope sufficiently addresses these areas:

The overall integrity and effectiveness of the SAFE Act compliance program, including policies, procedures, and processes. Evaluate policies and procedures to ensure they contain the information required by the SAFE Act in 12 CFR 1007.14, including:

1. Identifying who needs to be registered;

2. Training;

3. Specifying unique identifier requirements;

4. Confirming registration;

5. Implementing compliance monitoring systems;

6. Conducting independent testing;

7. Detailing action for failure to comply with registration or policies;

8. Reviewing criminal background reports; and

9. Ensuring third parties have policies and procedures to comply with the SAFE Act as necessary.

The adequacy, accuracy, and completeness of staff training. Evaluate employee training to ensure MLOs understand registration requirements and how to comply with them.

The adequacy and accuracy of MLO registrations. Review a sample of duties and responsibilities to determine which employees must be registered. Confirm the adequacy and accuracy of those registrations. This includes making sure that any updates and renewals are completed in a timely manner.

MLOs’ use and distribution of unique identifiers to ensure they’re properly being disclosed to consumers upon request, before the MLO acts as such, and through the initial written communication with the consumer. The credit union also must make MLO unique identifiers available to consumers.

An evaluation of management’s efforts to resolve any noted violations or program deficiencies.

Auditors can evaluate these areas by reviewing credit union documentation and the Nationwide Mortgage Licensing System and Registry, as well as interviewing staff.

Finally, your credit union must document and report to the board of directors the audit scope, procedures performed, and the findings.

For additional resources, visit the Consumer Financial Protection Bureau’s SAFE Act examination procedures at (select “regulation” and then “examination manual”).

ANDREA STRITZKE is vice president, regulatory compliance, for PolicyWorks. Contact her at or at