In July of this year, Fannie Mae announced an update to the Agency’s Seller and Operator Guidelines to include requirements for mortgage sellers and mortgage managers to comply with state address confidentiality programs (ADCON) and to include the coding for borrowers who identify themselves as participating in such programs (SEL-2022-06; SVC-2022-05). Fannie Mae’s announcement followed a similar announcement by Freddie Mac in December 2021 (Bulletin 2021-29).
What are ADCONs and what do banks, credit institutions and servicers need to know?
ADCONs are state-sponsored programs designed to protect certain “participating” crime victims by keeping participants’ home, work and / or school (“secure information”) addresses confidential. All states and the District of Columbia have some form of ADCON law, with the exception of Alaska, Utah, South Carolina, South Dakota, and Wyoming. There are several types of ADCON, but all programs work by providing a participant with an alternate address (a “designated address”) to use in place of the participant’s physical home address (or “actual address”). Each ADCON has a state-level administrator who processes applications to participate in the ADCON, forwards received mail to the designated address, and accepts the Participant Processing Service.
As originally promulgated, ADCON’s obligations only applied to government agencies such as state DMVs or county registrars. In recent years, however, 21 states have enacted ADCONs that explicitly extend these obligations to private entities. Five states require private entities such as financial services firms to use the designated address in correspondence and not to disclose hidden participant information. These five mandatory states are Indiana, Iowa, Maryland, Minnesota, and Wisconsin. Two other states, Michigan and Ohio, prohibit financial services firms from disclosing hidden information of participating employees. In other states, financial services firms are prohibited from obtaining a person’s actual address if the company is aware that the person is a participant.
While an ADCON law does not explicitly require private companies to comply, all state administrators encourage voluntary membership by private companies. See, for example, the Montana Safe at Home training video for private companies (note that several states refer to ADCONs as “Safe at Home” programs).
What Fannie Mae does and Freddie Mac want salespeople and servicers to do this?
First, agencies want vendors and service providers to notify them if a borrower is a participant. This means that sellers and managers must enter a unique code for existing and future transferred loans, marking the borrower as an ADCON participant. Freddie Mac also requires vendors to inform him of the designated address for attendees.
Second, Fannie Mae also wants vendors and suppliers to comply with state laws. This means that service providers must send borrower statements and other correspondence to the designated address; not disclose the actual address without the specific consent of a participant; and, where applicable, do not look up the actual address from public records for known participants. Notably, although agency announcements have brought ADCON laws to the surface, these obligations existed before the agency announcements.
The Fannie Mae compliance deadline was September 21, 2022, and the Freddie Mac compliance deadline was December 1, 2021.
How can financial services firms comply with ADCONs?
Most financial institutions and servicers face two fundamental challenges when it comes to ADCON compliance. First, they may not have procedures to flag attendees when opening accounts or borrowing, and as a result, they may not be aware of the existing participating accounts currently in their portfolio. Second, when disbursing the loan and opening the account, they may not have processes, policies and procedures in place to identify participants and manage participant accounts once they are opened. This same problem can exist for the active loan service.