Jan. 18: Letters on W-2 and the S.A.F.E. Act; current cybersecurity tips – my car’s collecting what data on me?

This week the commentary discussed the compensation of mortgage loan originators via W-2 due (versus 1099) to various rules and regulations. The piece prompted Brad Hargrave with Hargrave Rosenthal to send, “I wanted to offer a few additional comments to round out Melissa’s insightful analysis of the W-2/1099 debate currently raging in the State of California in connection with CA DRE-licensed MLOs. Regrettably, the thoughts that follow don’t offer much in the way of clarity, but they are relevant to the discussion.

“First, the ‘real estate’ exemption under AB5 (now, CA Labor Code Section 2750.3(d)) is not, on its face, applicable to Realtors only. Rather, the exemption applies to “a real estate licensee licensed by the State of California pursuant to Division 4 (commencing with Section 10000) of the Business and Professions Code, for whom the determination of employee or independent contractor status shall be governed by subdivision (b) of Section 10032.” Division 4 of the CA B&P comprises the entire CA Real Estate Law, and thus applies to all real estate licensees, including Realtors, property managers, mortgage loan originators and anyone else performing services on behalf of another that fall within the definition of “broker” under CA B&P Section 10131.

“Second, CA B&P Section 10032(b), referenced in the above exemption, provides that a real estate broker and a real estate salesperson licensed under that broker ‘may contract between themselves as independent contractors or as employer or employee, for purposes of their legal relationship with and obligations to each other.’ This subsection goes on to discuss other CA Code sections, but importantly, nothing in this subsection suggests that it applies only to certain real estate licensees, such as Realtors.

“Third, while I agree with Melissa’s analysis of Reg. H, the critical language pertaining to the definition of ‘employee’ was not adopted by the CA legislature when it integrated the S.A.F.E. Act into the CA Real Estate Law.  Under Reg. H, the CFPB is free to determine that the State of California is not in compliance with the S.A.F.E. Act on this basis, but to my knowledge, no such determination has been made since the Act took effect. Moreover, I am unaware of the CA DRE having taken any position on this issue to date. (Notably, however, the CA Dept. of Industrial Relations has issued an advisory indicating that a real estate licensee must provide workers compensation coverage to all agents, including those characterized as independent contractors).

“Fourth, while HUD certainly requires W-2 employment of its mortgagees, mortgage brokers have not been subject to direct supervision by HUD for nearly a decade. In my view, HUD Handbook 4000.1 likely requires a wholesale lender to mandate W-2 employment of its third-party originators, which could be accomplished relatively easily by contract, but that view does not seem to be the predominant one within the wholesale lending community.

“Finally, it’s important to underscore that the real estate licensee exemption in CA Labor Code Section 2750.3(d) does NOT mean that a real estate broker is ‘in the clear’ when characterizing and compensating its MLOs as independent contractors. Rather, the preexisting ‘Borello’ multi-factor test remains in place for real estate licensees, as has been the case for nearly 30 years. Application of Borello to the tasks performed by a DRE-licensed MLO likely merits in favor of W-2 employment, but to date, neither the CA DRE, nor any other CA agency, has taken that position definitively. And, I might just add that per CA Labor Code Section 2750.3(d), a broker’s required supervision over a licensed agent for purposes of ensuring compliance with the Real Estate Law is not a factor to be considered when applying the Borello test.

“It’s just my opinion, but CA real estate licensees originating residential mortgage loans pursuant to a DRE-issued MLO endorsement deserve clarity from the State of California on this issue. Moreover, mortgage bankers operating in the State of CA under a DBO license (CRMLA or CFL), both of which require W-2 employment, deserve to know whether they are being placed at an unfair competitive disadvantage by the perpetuation of the independent contractor model within the world of DRE-licensees. The level of confusion, frustration and anxiety spawned by Dynamex and AB5 isn’t fair or healthy for anyone engaged in the business of originating residential mortgage loans in the State of CA, and it is my hope that 2020 brings some clarity to this issue.” Thank you, Brad!

From Texas Troy Garris with Garris Horn observed, “I have been dealing with people asking the independent contractor vs employee question (so-called 1099 vs. W-2) issue for years. There is simply no safe way to create an independent contractor loan originator these days under the numerous applicable laws (RESPA Section 8, FHA, federal and state minimum wage and overtime, ERISA benefits, state licensing, state income tax, workers’ compensation, unemployment insurance tax, the list goes on and on).


“Most people miss the point entirely. The question is not which form does the IRS require for reporting payments to an individual, W-2 or 1099. The question is, instead, whether the person is an employee (generally controlled by the company) or an independent contractor (generally outside the company’s control). If the company is not willing to let its so-called 1099 loan originator substitute someone else to do the work in his or her place, then the company probably has an employee – not a contractor.”

And in a somewhat related issue, Scott Olson, Executive Director of the Community Home Lenders Association, commented on some investors accepting, or denying, loans originated by MLOs through transitional licensing. “Great article about the SAFE Act. CHLA was instrumental in the process of enacting transitional licensing legislation, working closely with SAFE Act author Spencer Bachus (R-AL) on his introduction of the first transitional licensing bill six years ago, which was the template for the enacted bill that your article discusses.

“But that is just a first step. Your article alludes to the significant discrepancies in consumer protection licensing requirements between bank and non-bank LOs. For many years CHLA has pushed for a simple requirement that all LOs, including those working for banks, have to pass the SAFE Act test. CHLA believes it is not fair to consumers that thousands of bank LOs that failed the SAFE Act test are registered and authorized as mortgage loan originators, making mortgage loan origination really the only mortgage/real estate profession that does not have a uniform mandatory testing requirement.”

Cybersecurity & insurance

I realize that many people’s eyes glaze over when this topic comes up. Sometimes those same people are the ones with their passwords on a yellow sticky note inside their drawer so that, if they’re out of the office, a co-worker can have access to their computer. But with lenders, banks, and title companies having so much money flow through their hands every day, they are a common source of hacking.

The “smartest guys in the room” certainly aren’t immune. For example, here’s how hackers tricked a venture capital firm into sending them $1 million dollars. Yes, a Chinese VC firm and an Israeli startup had the money stolen right out from under their noses thanks to spoofed emails and bogus domains.

The Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement to describe matters that financial institutions should consider if they are determining whether to use cyber insurance as a component of their risk management programs. For a more philosophical discussion, here’s a publication that asks, “Will Tech Companies Ever Take Ethics Seriously?”

Switching gears (ha ha) slightly, not only can hackers hack into your car, but did you know that your driving data is being collected? “There are no federal laws regulating what carmakers can collect or do with our driving data. And carmakers lag in taking steps to protect us and draw lines in the sand. Most hide what they’re collecting and sharing behind privacy policies written in the kind of language only a lawyer’s mother could love. Our privacy experiment found that automakers collect data through hundreds of sensors and an always-on Internet connection.

Driving surveillance is becoming hard to avoid. What does your car know about you? We hacked a Chevy to find out.

“Behind the wheel, it’s nothing but you, the open road, and your car quietly recording your every move. On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection.

“Cars have become the most sophisticated computers many of us own, filled with hundreds of sensors. Even older models know an awful lot about you. Many copy over personal data as soon as you plug in a smartphone. But for the thousands you spend to buy a car, the data it produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.”

(Speaking of cars, what does it take to drive coast to coast in less than 28 hours? Here you go.)

Every person needs to be aware of not only how to navigate online, but more importantly how to protect sensitive information from those who would steal or exploit it. (Of course this reaches far beyond mortgage banking. Politicians should be concerned about cybersecurity policy decisions or laws. The healthcare industry is focused on storing a patient’s medical records with no chance of a cybersecurity attack.)

Keep your system up to date: Don’t wait to click on that “update” button. Use a password manager, and don’t use the same password for all your online accounts. Some recommend LastPass for storing passwords or helping you come up with more secure password options. Avoid using short, common dictionary words as passwords. Use the lock screen on your phone and computer so that it locks when not in use for a certain period of time. Watch out for spam. The IRS doesn’t send out typo-ridden emails. Be suspicious of any unexpected request for your private information or unknown links. Watch for the lock icon in the address bar in your web browser as it indicates a site that has been verified secure by a reputable third-party source. Wherever possible, use two-factor authentication that require a second proof of identity besides a password. For example, receiving a code via text message when you login to your email.

Steve Brown with PCBB (Pacific Coast Bankers Bank) advised, “Here are three cybersecurity trends to be aware of for 2020. First, pay attention to mobile app and web-based security risks. As cash usage is diminishing, there are an increasing number of customers turning to mobile and web-based applications. This shift is only likely to accelerate, giving community financial institutions (CFIs) ample incentive to vigorously protect applications from cyber-thieves. The security of your online and mobile channels will be even more critical for customer data protection.

“Second, watch those third parties. We’re all for collaboration, but banking regulators have made it abundantly clear that CFIs cannot outsource their responsibility and accountability for outsourced services. A good course of action is to proactively ensure your management of third-party vendors is tip-top, and that you are taking an active role in due diligence and engaging in ongoing monitoring, among other best practices. If you are lax with third-party management, you could find yourself in regulatory hot water, not to mention the adverse impact on your customers.

“Third, beware of targeted ransomware. Symantec says ransomware groups are all around you and more have emerged in the past few years. They warn that means more organizations are being hit with attacks. Still other cybersecurity players expect criminals to focus on institutions because they have deeper pockets to make payments and may also threaten to publish sensitive corporate data that has been stolen. Still another approach that one criminal ring has tried is publicly naming on a website the businesses that refused to concede to demands, according to Krebs on Security.

“No matter what, be sure not to make the mistake of thinking your institution is immune from risk. Certainly, cyber-criminals have been known to target institutions when they find cyber-defenses that are less robust than at other institutions. So, make sure you use cybersecurity tools such as those available on the Financial Crimes Enforcement Network (FinCEN) site as you stay up to date on the latest threats.”

An elderly couple had dinner at another couple’s house, and after eating, the wives left the table and went into the kitchen.

The two gentlemen were talking, and one said, “Last night we went out to a new restaurant and it was really great. I would recommend it very highly.”

The other man asked, “What is the name of the restaurant?”

The first man thought and thought and finally said, “What is the name of that flower you give to someone you love? You know, the one that’s red and has thorns.”

“Do you mean a rose?”

“Yes, that’s the one,” replied the man. He then turned towards the kitchen and yelled, “Rose, what’s the name of that restaurant we went to last night?”

Visit www.robchrisman.com for more information on our industry partners, access archived commentaries, or to subscribe to the Daily Mortgage News and Commentary. If you’re interested, visit my periodic blog at the STRATMOR Group web site. The current blog is, “Home Ownership is Still Part of the American Dream” If you have the inclination, make a comment on what I have written, or on other comments so that folks can learn what’s going on out there from the other readers.


(Market data provided in partnership with MBS Live. For free job postings and to view candidate resumes visit LenderNews. Currently there are hundreds of mortgage professionals looking for operations, secondary and management roles. For up-to-date mortgage news visit Mortgage News Daily. For archived commentaries, or to subscribe, go to www.robchrisman.com. Copyright 2020 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)


Rob Chrisman