FAQs – Products

SocialShield^® is ActiveComply’s social media compliance software built specifically for mortgage companies, banks, credit unions, and broker-dealers. It automatically discovers employee social media profiles using NMLS Consumer Access™ data, monitors activity 24/7 across LinkedIn, Facebook, Instagram, X (Twitter), TikTok, YouTube, and Yelp, archives every post in tamper-evident records, and sends real-time alerts when compliance violations are detected. It replaces manual social media audits with a continuous, automated compliance program.

LO (loan officer) social media monitoring is the ongoing process of reviewing, archiving, and flagging loan officer posts across personal and professional social media accounts for compliance with CFPB advertising rules, FINRA recordkeeping requirements, fair lending laws, and internal policy. It is required because regulators hold financial institutions responsible for supervising all employee communications — including personal social media posts that reference mortgage products, rates, or services. Failure to monitor exposes firms to enforcement action, fines, and exam findings.

Loan officer social media compliance is governed by multiple overlapping regulations: CFPB rules on mortgage advertising (Regulation Z / TILA), RESPA restrictions on affiliated business arrangements, ECOA and fair lending prohibitions on discriminatory language, HUD/FHA advertising guidelines, FINRA Rule 17a-4 for broker-dealers, and state-specific mortgage regulator guidance. Additionally, the FFIEC has issued guidance recommending that financial institutions treat negative online reviews as formal customer complaints. ActiveComply’s SocialShield^® is designed to monitor against all of these frameworks simultaneously.

FINRA Rule 17a-4 requires broker-dealers to retain business-related electronic communications — including social media — for a minimum of three years, with the first two years in an easily accessible format. SocialShield^® automatically archives all monitored social media content in tamper-evident records that meet FINRA’s retention and production standards. When a regulator requests records, compliance teams can produce them immediately from the SocialShield^® archive without manual retrieval or reconstruction.

The CFPB supervises mortgage lenders’ advertising practices across all channels, including social media. SocialShield^® monitors loan officer and employee social media activity against CFPB Regulation Z requirements — flagging rate advertisements missing required APR disclosures, misleading product claims, and UDAAP violations in real time. Compliance teams receive immediate alerts when flagged content is posted, giving them the ability to act before the content is seen by consumers or regulators.

Social media archiving for financial services requires capturing and retaining all business-related social media content in a format that is tamper-evident, complete, and producible on demand during a regulatory exam or legal proceeding. This means archiving posts, comments, bios, profile changes, images, and video content — not just text. SocialShield^® automatically archives all monitored content in exam-ready format, covering every major platform where financial services employees are active.

In 2025, mortgage social media compliance is governed by CFPB Regulation Z (TILA), RESPA, ECOA/fair lending rules, HUD/FHA advertising guidelines, state mortgage regulator guidance, and — for broker-dealers — FINRA Rule 17a-4. Key requirements include displaying the NMLS ID number on all social media profiles and posts, including accurate APR disclosures in any rate advertisements, avoiding discriminatory or steering language, and maintaining tamper-evident archives of all social media communications. Several states, including California, Texas, Florida, New York, and Washington, have issued additional social media guidance with active enforcement programs.

NMLS (National Mortgage Licensing System) compliance on social media requires loan officers to display their NMLS ID number on all digital profiles and posts that reference mortgage products or services. SocialShield^® automates NMLS compliance in two ways: it uses NMLS Consumer Access™ data to automatically discover every LO’s social profiles without manual uploads, and it continuously scans those profiles for missing or incorrect NMLS disclosures — alerting compliance teams to violations in real time.

Yes. Regulators do not distinguish between personal and professional social media accounts when it comes to mortgage-related content. If a loan officer posts about rates, products, or their role as an LO on a personal account, that post is subject to the same CFPB, FINRA, and state regulatory requirements as content posted on a business account. Financial institutions are responsible for supervising all employee communications that relate to their business — regardless of the platform or account type. SocialShield^® monitors both personal and professional public profiles.

Rate advertising on social media is the most common compliance violation found during CFPB exams. Under Regulation Z (TILA), any advertisement that includes a specific interest rate must also include the Annual Percentage Rate (APR). Any post mentioning specific payment amounts must include additional required disclosures. Teaser rates, ‘as low as’ language, and promotional rate posts without full disclosures are UDAAP and Regulation Z violations. SocialShield^® flags all rate-related social media posts in real time so compliance teams can address them before they escalate.

Yes. Regulators can and do review publicly visible social media content during examinations. CFPB examiners regularly search for loan officer profiles and review posts for advertising violations, missing disclosures, and fair lending issues. State regulators in active enforcement states like California, Texas, Florida, and New York routinely include social media review in their examination process. More importantly, regulators can request that institutions produce archived records of past social media activity — which is why tamper-evident archiving is a compliance requirement, not just a best practice.

Yes. SocialShield^® serves banks under both FDIC and CFPB supervision, addressing the FDIC’s guidance on social media use and the FFIEC’s joint guidance on managing social media risks. For banks with mortgage divisions, SocialShield^® covers both the bank-level FDIC compliance requirements and the mortgage-specific CFPB and state regulator requirements. It also covers wealth management divisions operating under FINRA supervision.

WebCompass^® is ActiveComply’s mortgage website compliance software. It continuously scans and monitors all corporate websites, loan officer microsites, branch pages, and team pages for compliance violations — including missing NMLS disclosures, outdated license information, ADA accessibility issues, unauthorized branding, broken links, and fair lending concerns. Because regulators treat a financial institution’s website as its ‘digital storefront,’ website compliance is a primary examination focus and a significant source of enforcement action.

Loan officers frequently maintain personal websites, team pages, or microsites independently of their employer’s IT and compliance controls. These unauthorized or unsupervised sites often contain missing NMLS disclosures, outdated license information, rate advertisements without required disclosures, and branding inconsistencies that violate regulatory requirements and corporate policy. WebCompass^® automatically discovers and monitors all LO-associated websites — including those the compliance team didn’t know existed — and flags violations for remediation.

Yes. Under Title III of the Americans with Disabilities Act (ADA), courts and the Department of Justice have consistently held that financial institution websites must be accessible to people with disabilities. Banks, credit unions, and mortgage companies face growing exposure to ADA website lawsuits and regulatory scrutiny. Common violations include missing alt text on images, inaccessible forms, poor color contrast, and non-keyboard-navigable pages. WebCompass^® scans all monitored websites for ADA accessibility issues and prioritizes them for remediation.

Yes. If your mortgage company operates a consumer-facing website — which includes corporate sites, branch pages, and loan officer microsites — it is subject to ADA Title III accessibility requirements. The Department of Justice finalized rules in 2024 requiring many organizations to meet WCAG 2.1 Level AA standards. Non-compliance exposes mortgage companies to private lawsuits, DOJ investigations, and reputational harm. WebCompass^® continuously monitors all your websites for ADA compliance issues and flags them before they become enforcement actions.

Mortgage companies are required to display the company’s NMLS ID number prominently on all websites, including the main corporate site, branch pages, and any loan officer microsites. Each individual loan officer’s NMLS ID must also appear on any page where they are identified as a mortgage professional. The Equal Housing Lender logo or statement and applicable state licensing disclosures are also required. WebCompass^® automatically scans every monitored page for these required disclosures and alerts compliance teams when they are missing, incorrect, or inconsistently displayed.

WebCompass^® uses NMLS data to identify all licensed loan officers associated with an institution and then scans the web for websites, social profiles, and digital presences associated with those individuals — including pages the compliance team did not know existed. When an unauthorized or unsupervised LO website is discovered, WebCompass^® flags it for compliance review. This ‘shadow site’ detection is critical because regulators hold institutions responsible for all consumer-facing digital content associated with their licensed employees, regardless of whether the institution sanctioned the page.

Every page of a mortgage company’s website where mortgage products or services are discussed, advertised, or offered must display the company’s NMLS ID number. Individual loan officer pages must display the LO’s personal NMLS ID. State-specific licensing disclosures are also required and vary by state — particularly for multi-state lenders operating in CA, TX, FL, NY, and WA. WebCompass^® monitors all pages for current, accurate NMLS disclosures and tracks license expiration dates to prevent outdated licensing information from remaining on live pages.

The most common website compliance violations found during mortgage regulatory exams include: missing or incorrect NMLS ID numbers, outdated state license disclosures, missing Equal Housing Lender logos, rate advertisements without required APR disclosures, ADA accessibility failures, unauthorized LO microsites with non-compliant content, and inconsistent branding that violates company policy or co-marketing rules. WebCompass^® monitors for all of these continuously, allowing compliance teams to remediate issues before an examiner discovers them.

VirtualVerify^® is ActiveComply’s remote work compliance verification solution for mortgage companies and financial institutions. It enables compliance teams to remotely inspect and verify that employee home offices, branch locations, and event venues meet regulatory requirements — without requiring in-person visits. VirtualVerify^® documents workspace configurations, device setups, licensing displays, and marketing event activities, producing audit-ready records that demonstrate regulatory compliance for remote and distributed teams.

NMLS and state mortgage regulators require that loan officers working remotely maintain a compliant workspace that meets the same standards as a licensed branch or office. Requirements vary by state but typically include: a dedicated, private workspace for handling sensitive consumer information, proper display of required licensing information, secure technology and data handling practices, and documented supervisor oversight. VirtualVerify^® standardizes the remote inspection process so institutions can consistently verify and document compliance across every remote LO location.

VirtualVerify^® automates the NMLS remote work compliance verification process by enabling compliance teams to conduct standardized virtual inspections of employee workspaces. The platform guides inspectors through a structured checklist, captures documentation, and produces exam-ready records of each inspection. This eliminates the inconsistency of informal or undocumented remote work approvals — which is the primary gap regulators identify when examining institutions with large remote workforces.

Yes. VirtualVerify^® extends beyond remote workspaces to cover marketing event compliance — including co-sponsored events, realtor open houses, and community sponsorships that can create RESPA affiliated business arrangement exposure. The platform documents event details, cost-sharing arrangements, attendees, and activities, producing records that demonstrate RESPA compliance and protect institutions during regulatory review of their marketing and business development activities.

RESPA (the Real Estate Settlement Procedures Act) prohibits mortgage companies from giving or receiving kickbacks or referral fees in connection with real estate settlement services. Co-marketing arrangements between loan officers and real estate agents are a primary area of RESPA enforcement. VirtualVerify^® documents marketing events, tracks cost-sharing arrangements, and maintains records of all co-sponsored activities — giving compliance teams the evidence they need to demonstrate that marketing relationships comply with RESPA requirements during a CFPB or state regulator examination.

TrustFrame™ is ActiveComply’s AI-powered marketing content compliance review platform for mortgage companies. It routes marketing materials through a customizable compliance ruleset and returns near-instant approval decisions — dramatically reducing the review bottleneck that slows mortgage marketing teams. Compliance rules are configured to the institution’s specific regulatory obligations and internal policies, so loan officers and marketing teams get fast, consistent review decisions without waiting for manual compliance officer review.

TrustFrame™ uses purpose-trained AI to analyze mortgage marketing content against a configured compliance ruleset covering CFPB Regulation Z, UDAAP, fair lending requirements, RESPA, and internal brand standards. When a loan officer or marketing team member submits content for review, TrustFrame™ analyzes it in seconds, flags specific compliance issues directly on the document, and routes it for approval or revision. This replaces days-long manual review queues with near-instant decisions while maintaining a complete audit trail for exam production.

UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) is one of the CFPB’s primary enforcement tools for mortgage advertising. TrustFrame™ is configured to identify UDAAP risk in marketing content — including misleading claims, omitted material information, confusing or contradictory disclosures, and language that could be considered deceptive to consumers. Every piece of marketing content reviewed by TrustFrame™ is evaluated against the firm’s UDAAP standards before it goes live, reducing the risk of enforcement action.

With TrustFrame™, the marketing content approval workflow is: (1) A loan officer or marketing team member submits content through the TrustFrame™ portal. (2) TrustFrame™ AI reviews the content against the configured compliance ruleset in seconds. (3) Issues are flagged directly on the document with specific guidance. (4) Content that passes moves to a compliance officer for final approval or auto-approves based on configured thresholds. (5) Approved content is archived with a complete audit trail. The entire process replaces manual email reviews that can take days.

TrustFrame™ enables mortgage companies to implement a pre-approval workflow for loan officer social media content — requiring LOs to submit posts for compliance review before publishing. This is particularly valuable for firms in enforcement-sensitive markets or those recovering from prior CFPB findings. The AI-powered review engine returns decisions fast enough that LOs can get same-day approval on time-sensitive content, removing the friction that causes LOs to bypass the approval process entirely.