DFPI – February 28, 2023 New Remote Work Guidance

Written by Melissa Grindel | Feb 28, 2023 3:27:00 PM

The California regulator, the Department of Financial Protection and Innovation (DFPI), formally announced new remote work guidance at the end of the COVID-19 State of Emergency on February 28th, 2023. This new guidance supersedes an executive order from March 22nd, 2020 that was issued by the department, which at the time was known as the Department of Business Oversight (DBO).  

This new DFPI guidance outlines that the California Residential Mortgage Lending Act (CRMLA) does not prohibit employees of a licensee from working at a remote location and that licensees may indeed authorize employees to perform limited functions there – so long as there are no signs or distinguishing marks that would indicate the remote workspace is a business location.  

The DFPI’s guidance also clearly indicates that in instances where a mortgage loan officer or another employee is working remotely, branch managers must continue to supervise adequately in accordance with Rule 1950.122.6 of the CRMLA (Cal. Code of Regs., tit. 10, § 1950.122.6), including performing periodic inspections. The below factors will be evaluated by the DFPI when considering compliance: 

Key Considerations for Adequate Supervision 

  • Is the remote location being advertised to the public as a business location? 
  • Are all MLOs properly assigned to designated branch offices?  
  • Are designated branch office addresses reflected on all advertisements and communications? 
  • Is electronic mail facilitated through the licensee’s email system? 
  • Does the company have & enforce written supervision procedures for loan origination and lending activities conducted remotely?  
  • Is a full list of remote locations maintained by the licensee? 
  • Does the company have & enforce written supervision procedures for cybersecurity? Including: 
  • Use of VPN 
  • Multi-factor authentication 
  • Backup & recovery systems 
  • Protocols for cybersecurity incidents 

Key Components in Branch Office Consideration 

  • Does only 1 employee, or multiple employees of the same family who reside at the home, work at the remote location? 
  • Are confidential physical files accessible at the remote location? 
  • Does the remote location contain secure storage for protecting confidential physical files? 
  • Can all loan processing be reviewed at the main or branch office? 
  • Are all records accessible by the DFPI at the main or branch office?  

This DFPI guidance is coupled with existing information from AB-2001 California Financing Law: remote work. Remote work is here to stay in the golden state, but the supervision expectations from the DFPI have not lessened. Mortgage lenders who wish to allow remote work must ensure that their compliance management system incorporates new policies and procedures that are hyper-focused on reducing remote work risks. In 2023, companies will certainly realize the need to better leverage technology to adequately supervise not only cyber security concerns but also the physical security concerns posed in remote working environments.  
View full post