Some of you may have seen me post this question in a different forum, so my apologies for the duplication.
***************
We don’t have any on-line application options and are not E-SIGN compliant; E-SIGN is on my To-Do list for this year. We have written policies that we don’t provide any disclosures electronically, and any e-mails we send to customers that contain non-public personal information must be sent in an encrypted format.
However, it’s not unusual for customers to send us information via e-mail. Those may or may not contain non-public information and may or may not be encrypted. Obviously we can’t control what the customer does. However, I have concern, based on real occurrences, of outside emails, including those from customers, being caught in our filter and never reaching the intended recipient, such as the loan officer. We have several levels of filters. Items caught in some of them result in the intended recipient having no knowledge anything is awaiting them in the filter. The only way for it to be discovered is if you find out verbally that something was sent and can tell the IT Department what day (and preferably what time of day) the e-mail was sent, to whom, and from what e-mail address. Armed with this information they can go look to see if it’s caught. If so, it can either be released if it’s determined to be safe, or accessed through a non-network machine. The IT Department says the filter is supposed to be checked daily, but there's a lot caught and it's difficult and time-consuming to go through it all to determine what is legitimate versus spam.
My concerns are possible compliance violations. If we take action based on the fact that we don’t have something the customer sent to us what compliance implications might we encounter? For example, if we send a customer a Notice of Incompleteness specifying additional information needed on a loan application and a deadline for its receipt. We don’t hear anything from the customer within the specified time frame, so we close the file and cancel the rate lock with the investor. At some point later we find out the customer did send us the requested information within the specified time frame but it was caught in the filter. Another scenario is a customer who sends us an e-mail during their rescission period telling us they want to rescind. If the e-mail isn’t received and we disburse, where does that leave us? For what it’s worth, we are supposed to get customers to sign an Affidavit of Non-Rescission after the end of the 3 days, but we all know it’s not a perfect world.
Would any of these answers be affected by whether our employee, such as the lender, told the customer it was OK to send the material via e-mail? Also, lenders' email addresses are printed on their business cards and, per regulation, are on the GFE. Since we provide email addresses, if we are unable to receive emails, could that be considered a UDAAP issue?
Lots of questions, lot of challenges, so I welcome anyone's input.
_________________________
____________________________________
Keep Calm and Carry On
CRCM