Sleep tight knowing your compliance is right.

Let’s face it. Mortgage compliance is challenging, gray, and difficult for any compliance team to manage. But, it doesn’t have to be because MQMR provides deep mortgage compliance expertise and ongoing support to lenders of all sizes in developing, building, and maintaining a comprehensive compliance program to reduce compliance risk. Whether you’re in hot water with a regulator (Fannie Mae/Freddie Mac/Ginnie Mae/CFPB/etc.), or just looking for proactive compliance support, we have you covered.

  • Monthly Compliance Support and Assistance
  • Marketing Services Agreement (MSA) Review
  • CFPB Mock Audits and Preparation
  • Policies, Procedures and Manuals
  • AML Independent Testing
  • LO Comp Agreements
  • Independent QC Test
  • CMS Development
  • GSE (Fannie Mae/Freddie Mac) Applications
  • Advertising and Marketing Reviews
  • Website Reviews
  • State Examination Assistance
  • Automated Social Media Monitoring Software


MQMR performs GSE and CFPB compliant risk assessments and ongoing internal audit support to lenders of all sizes

Leverage internal audit to identify credit, regulatory, operational, financial, and reputational risks, as well as evaluate and improve the effectiveness of risk management, control activities, and governance processes within your organization. Our internal audit program is customizable and is built by mortgage bankers for mortgage bankers. Whether you need a fully outsourced solution or simply need to co-source a few audits because you have an existing team of auditors, we have you covered.



What is the difference between QC and Internal Audit?

A mortgage lender is required, for a variety of reasons, to implement a QC program that identifies credit and/or regulatory issues in either their origination or servicing functions. A QC audit looks at the end product, regardless if the process is credit or compliance focused. Generally, you find that QC audits, which are basic forms of transactional testing, are narrower in scope than Internal Audits, which tend to be broader in scope.

Internal Audits identify a variety of items such as credit, regulatory, operational, financial, and reputational risks. An Internal Auditor looks at the process itself and independently evaluates the risks and control activities within the process. When Internal Auditors test controls in a process, they are not necessarily looking at the end product like a QC audit, but rather looking at the controls within a process to ensure the end product is attained and all investor guidelines, laws and regulations and industry best practices are followed.


What are the GSEs’ requirements?

The GSEs are broad in their requirements for seller/servicers to maintain an internal audit program.  The guidelines broadly state that the seller/servicer must “have internal audit and management control processes to evaluate and monitor the overall quality of its mortgage loan production and/or servicing, which must include the following minimum requirements”:.

  • The procedures must be independent of all key functions of the loan manufacturing process and the servicing processes that they review.
  • The seller/servicer’s lines of reporting must reflect the independence of the audit process at all levels.
  • The audit function must not share any reporting lines with the functional areas that it reviews.
  • The audit function must report directly to the seller/servicer’s senior management and/or board of directors. Exceptions are permitted in situations in which the size of the seller/servicer’s organization is insufficient to support adequate resources to allow for separation of these functions.
  • The procedures must be consultative, so that they help the seller/servicer accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.


This means that ongoing audits must be performed of the seller/servicers operations and functions to ensure that loans sold to these entities meet investor requirements. Through MQMR’s review of Fannie MORA and Freddie CORE examination findings, in addition to discussions with various Fannie/Freddie representatives, we have been able to extrapolate some basic requirements and key elements that an appropriate Internal Audit program must include:

  1. The risk assessment methodology used to identify the operational areas and functions to be audited and the frequency of those audits. The Risk Assessment is generally completed on an annual basis by the Internal Audit Department to identify the scope of the review and apply risk rating to the areas to be reviewed. The Risk Assessment generally identifies the frequency of reviews based upon the risk rating applied to the areas listed.
  2. The policies and procedures implemented to govern the reporting to senior management and the remediation of findings.
  3. The departmental and functional audit schedule for a minimum 12-month period. This schedule should identify the areas subject to review during the current period and it should align with the risk assessment.


If the Seller chooses to contract with a qualified third party vendor to complete the audit process, they must provide the following to Fannie Mae:

  1. Complete copy of the executed contract, or certified statement of work, between the vendor and Seller;
  2. The contract, or certified statement of work, must include policies and procedures for auditing each function or department within the organization, and the reporting methodology and distribution;
  3. The procedures for how and when findings will be remediated and monitored; and,
  4. The departmental and functional audit schedule for the following 12-month period.


What are general terms that I should know about Internal Audit?

While there are other requirements, the items listed above are the most common baseline findings. MQMR’s program has been developed over the years to ensure we’re meeting these requirements. While the Fannie Mae Selling Guide glossary does not provide specific definitions, these terms are referenced at various points in the guide:

Internal Audit – Fannie will require that a lender have an Internal Audit function in place which an organization and its management controls to evaluate and monitor the overall quality of its loan production. Internal Audit is not formally defined in the Selling Guide, but the definition and link from The Institute of Internal Auditors ( states that, “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Internal Control –The FHFA website provides additional guidance on Internal Controls and applies to Fannie Mae and Freddie Mac. The statement in section A1-1-01 also speaks to Management Controls, which can be used interchangeably with Internal Controls.

The Operational Risk Management program states, “Risk identification and assessment includes processes that assess both the severity and likelihood of operational events with consideration given to the quality of controls and infrastructure that are designed to prevent, avoid, or reduce the likelihood of occurrence of operational events and their impact should they occur. These internal controls should meet or surpass industry standards and be periodically reviewed as part of an effective internal risk control self-assessment (RCSA) process.”

Internal Policies – Internal Policies are simply the policies that an entity establishes to govern their various functional area activities. To put it in context; the Lender should establish Internal Policies to manage their business and ensure compliance with regulatory and investor requirements. They must establish Internal Controls to ensure that the Internal Policies are followed. And lastly, they should establish an independent Internal Audit program that evaluates the lenders compliance with their Internal Policies and the effectiveness of their Internal Controls.


Servicing. Quality Controlled.

Assisting lenders and servicers in navigating the fluid servicing oversight requirements for loan level audits. SQC creates an audit discipline that aligns with lenders and servicers’ business model and risk objectives. SQC provides clients with tools to effectively manage and protect servicing assets through constant monitoring and reporting.




Vendor Management Simplified!

Assisting lenders in assessing vendor risk and performing ongoing monitoring of their vendors, including, but not limited to, vendor risk tiering, vendor due diligence, risk assessments, performance reviews, contract reviews, policy and procedures review, document management, and guidance.




Simple. Streamlined. Proactive. Automated.

Social media compliance monitoring is the #1 problem compliance departments struggle to manage because:

  • it's so easy for loan officers to create an account,
  • it’s extremely hard for Compliance to monitor and manage,
  • it’s easy for a regulator to find -- 1. pull up Google, 2. type in mortgage company name,3. send mortgage company $100k fine.


Here's what happens today:  You may or may not be providing training to your LOs about what they can and can't do on social media.  If you are, great!  But, even if you are, we know salespeople quickly forget and often click through their online training, or they check their phone during your live presentation because they have a borrower situation or loan that has an issue.  Mission not fully accomplished. Here's the problem:  Your LO goes on Facebook and likes a post or creates their own post about how your company has the lowest rates in town, can guarantee a certain turn time, talks about down payment and a specific rate without a proper disclosure, mentions that they just closed a loan for Ima Borrower at 4%, or how much they hate/love the current administration or anything political for that matter.  This isn't something you necessarily want them to do, especially when they have your company's name next to theirs.

MQMR delivers a comprehensive Social Media Compliance Monitoring solution through our partnership with the technology platform, ActiveComply. This easy-to-use, cutting edge software was created by mortgage bankers for mortgage bankers. We provide the ability and agility to proactively manage, monitor, and extend your compliance reach.  Compliance is expensive and non-compliance can be even more expensive. Save money AND time while reining in the challenges of social media oversight. Your loan officers can safely engage with potential clients and originate more loans.

  • Discovery and Continuous Monitoring of Company and Loan Officer Social Media Accounts and Websites
  • Detection of Unauthorized Websites and Social Media Activity
  • Online Reputation Protection
  • Identification of Missing Compliance Requirements
  • Archival of Social Media and Website Content to Meet Regulatory Record Retention Requirements
  • Notifications Sent to Your Compliance Team to Review Detected Content
  • Designed to Reflect Your Company’s Social Media Policy Specifications
  • Simple User Interface and One Touch Executive Reporting Capabilities
  • Image Analysis Searching for Pre-defined Trigger Words and Objectionable Content


Audit. Comply. Fly High.

MQMR conducts thousands of operational reviews and audits on mortgage lenders and servicers of all sizes. We help our clients climb higher by bridging the gap between risk and compliance.

  • MERS audits
  • Document custodian audits
  • Subservicer audits
  • Warehouse due diligence audits
  • Compliance/CMS audits
  • Fair Lending audits
  • Independent QC test audits (Fannie Mae compliant)
  • AML audits
  • GSE (Fannie Mae/Freddie Mac) application assistance
  • Counterparty/Lender Administration approval and ongoing monitoring (for MSR buyers, TPO originators)


Contact Us