1.A covered institution shall establish and maintain a board of directors that is
responsible for oversight of the covered institution. If a government-sponsored enterprise or
government national mortgage association has not approved a covered institution to service
loans, or has approved an alternative to a board of directors, the covered institution may
§535B.25, MORTGAGE BANKERS, MORTGAGE BROKERS, AND CLOSING AGENTS 14
establish a similar oversight committee for purposes of exercising oversight and fulfilling
the responsibilities under subsection 2.
2.The board of directors, or a similar oversight committee approved under subsection 1,
shall do all of the following:
a.Establish a written corporate governance framework that includes appropriate internal
controls to monitor and assess
Free access — add to your briefcase to read the full text and ask questions with AI
1. A covered institution shall establish and maintain a board of directors that is
responsible for oversight of the covered institution. If a government-sponsored enterprise or
government national mortgage association has not approved a covered institution to service
loans, or has approved an alternative to a board of directors, the covered institution may
§535B.25, MORTGAGE BANKERS, MORTGAGE BROKERS, AND CLOSING AGENTS 14
establish a similar oversight committee for purposes of exercising oversight and fulfilling
the responsibilities under subsection 2.
2. The board of directors, or a similar oversight committee approved under subsection 1,
shall do all of the following:
a. Establish a written corporate governance framework that includes appropriate internal
controls to monitor and assess compliance with the corporate governance framework.
b. Make a copy of the corporate governance framework available to the administrator
upon request.
c. Monitorandensurethatthecoveredinstitutioncomplieswiththecorporategovernance
framework and with this subchapter.
d. Perform accurate and timely regulatory reporting, including filing the covered
institution’s mortgage call report.
e. Establish internal audit requirements that are appropriate for the size, complexity, and
risk profile of the covered institution, and ensure appropriate independence to provide an
unbiased evaluation of the covered institution’s internal control structure, risk management,
and corporate governance. The established internal audit requirements and the results of
internal audits shall be made available to the administrator upon request.
f. Ensure the covered institution establishes and maintains a risk management program
that identifies, measures, monitors, and controls risk commensurate with the covered
institution’s size and complexity. The risk management program must include appropriate
processes and models to measure, monitor, and mitigate financial risks and changes to the
covered institution’s risk profile and assets being serviced. The risk management program
shall address all of the following:
(1) The potential that a borrower or counterparty fails to perform on an obligation.
(2) The potential that the covered institution is unable to meet the covered institution’s
obligations as the obligations come due as a result of an inability to liquidate assets or to
obtain adequate funding.
(3) The potential that the covered institution cannot easily unwind or offset specific
exposures.
(4) The risk resulting from inadequate or failed internal processes, people, or systems; or
from external events.
(5) The risk to the covered institution’s condition resulting from adverse movements in
market rates or prices.
(6) The risk of regulatory sanctions, fines, penalties, or losses resulting from the
covered institution’s failure to comply with applicable laws and rules or other supervisory
requirements that apply to the covered institution.
(7) The potential that legal proceedings against the covered institution may result in
unenforceable contracts, lawsuits, legal sanctions, or adverse judgements that may disrupt
or otherwise negatively affect the covered institution’s operations or condition.
(8) The risk to earnings and capital arising from negative publicity regarding the covered
institution’s business practices.
3. A covered institution shall undergo an annual external audit and shall make the
external audit available to the administrator upon request. An external audit shall include,
at a minimum, all of the following:
a. An evaluation of the company’s internal control structure.
b. A review of the company’s annual financial statements, including the balance sheet,
income statement, and cash flows, including notes and supplemental schedules prepared in
accordance with generally accepted accounting principles.
c. A computation of the company’s tangible net worth.
d. Validation of the company’s mortgage servicing rights valuation and reserve
methodology, if applicable.
e. Verification the company has adequate fidelity and errors and omissions insurance.
f. Testing of the company’s controls related to risk management activities, including
compliance and stress testing, if applicable.
4. A covered institution shall conduct an annual risk management assessment that shall
conclude with a formal report to the board of directors, and shall make the risk management
15 MORTGAGE BANKERS, MORTGAGE BROKERS, AND CLOSING AGENTS, §535B.25
assessmentavailabletotheadministratoruponrequest. Ariskmanagementassessmentshall
include issue findings and the response or action taken to address each issue. A covered
institution shall maintain ongoing documentation of risk management activities and shall
include the documentation in the risk management assessment.