How often do MLOs get audited?

Frequency varies by state and company size. State regulators typically examine mortgage companies on a 2-5 year cycle, but complaints or red flags can trigger examinations sooner. CFPB examinations target larger servicers and lenders more frequently.

What happens if an MLO fails a compliance audit?

Consequences range from corrective action plans and fines to license suspension or revocation. Most first-time findings result in a required corrective action plan with a timeline for remediation. Repeat violations carry significantly harsher penalties.

Can individual MLOs be examined separately from their company?

State regulators primarily examine the company, but individual MLO files are reviewed during company examinations. If issues are found with a specific MLO's practices, individual enforcement action is possible, including fines and license suspension.

How to Prepare for an MLO Compliance Audit | Real Estate License Guides

A compliance audit shouldn’t feel like a surprise exam. Yet most MLOs treat it that way, scrambling to organize files only when they hear examiners are coming. State regulators, the CFPB, and your own company’s compliance team all conduct examinations, and the MLOs who stay prepared year-round handle them with minimal stress. Here’s what examiners actually look for and how to stay ready.

What triggers a mortgage compliance audit?

Not every audit means you did something wrong. Examinations happen for several reasons:

Routine cycle: State regulators examine licensees on a regular schedule (typically every 2-5 years)
Complaint-driven: Consumer complaints filed with the state or CFPB
Risk-based: High loan volume, rapid growth, or concentration in certain loan types
Targeted: Industry-wide sweeps focusing on specific practices (like RESPA compliance or fair lending)

The CSBS (Conference of State Bank Supervisors) coordinates multi-state examinations through the NMLS, so one exam can cover your activities across several states simultaneously.

What do examiners actually review?

Examiners dig into specific areas. Knowing these categories lets you organize proactively:

Examination Area	What They Review	Common Findings
Licensing	NMLS records, employment history, CE completion	Lapsed CE, inaccurate NMLS records
Advertising	All marketing materials, social media, websites	Missing NMLS ID, misleading rate claims
Loan Files	Sample of originated loans	Missing disclosures, timing violations
Fair Lending	Approval/denial patterns across demographics	Disparate impact, pricing disparities
RESPA	Referral relationships, fee arrangements	Kickbacks, unearned fees
Privacy	Data handling, Safeguards Rule compliance	Inadequate security measures
Complaints	Consumer complaint log and resolution	Unresolved or poorly documented complaints

How should you organize your loan files?

Clean loan files are your best defense. Every file should contain, in order:

Initial contact documentation: How the borrower found you, initial conversation notes
Application (1003): Complete, accurate, signed
Disclosures: Loan Estimate delivered within 3 business days of application
Supporting documentation: Income, assets, credit authorization
Communication log: All borrower communications, especially rate lock discussions
Closing documents: Final Closing Disclosure, proof of delivery timing
Compliance notes: Any exception approvals, deviation explanations

The caveat: Your company’s LOS (loan origination system) should handle most of this digitally. But “the system tracks it” isn’t a great answer when an examiner asks to see your documentation process. Know where everything lives in your LOS and how to pull it quickly.

What advertising rules trip up MLOs?

Advertising violations are the most common findings in state examinations, according to CSBS examination reports. The rules aren’t complicated, but they’re easy to forget, especially on social media.

Every advertisement must include:

Your NMLS unique identifier
Your company’s NMLS unique identifier
Company name as registered with NMLS

You cannot:

Advertise rates without including APR and all terms (Regulation Z)
Use terms like “government-approved” or “guaranteed” for FHA/VA loans
Make claims about rates being “the lowest” without substantiation
Use bait-and-switch tactics with teaser rates

Social media posts count as advertisements. Yes, even that Instagram story about rates. The FTC and state regulators have been increasingly focused on social media compliance since 2024.

How do you prepare for a specific examination?

When you get notice that an examination is coming (usually 2-4 weeks ahead), here’s your preparation checklist:

Week 1: Gather and organize

Pull all loan files from the examination period (they’ll specify the timeframe)
Verify your NMLS record is current and accurate
Compile all advertising materials used during the period
Review your CE completion records to confirm everything is current

Week 2: Self-audit

Review a sample of your loan files using the same criteria examiners use
Check disclosure timing on every file (Loan Estimate within 3 business days, Closing Disclosure 3 days before closing)
Verify your rate lock documentation is complete
Review your referral relationships for RESPA compliance

Week 3: Address gaps

Fix any issues you find in your self-audit
Document any corrections you’ve made (examiners view self-correction favorably)
Prepare a list of your referral partners and the basis for each relationship
Brief your team on what to expect during the examination

Week 4: Logistics

Confirm examiner access to your workspace and systems
Prepare a clean workspace for examiners
Have your compliance officer or manager available during the examination
Gather all policies and procedures manuals

What are the most common examination findings?

Based on CSBS and state regulatory reports, these issues come up repeatedly:

Disclosure timing violations (35% of findings): Loan Estimates or Closing Disclosures delivered late
Advertising deficiencies (25%): Missing NMLS IDs, incomplete rate disclosures
NMLS record inaccuracies (15%): Outdated employment info, missing branches
BSA/AML weaknesses (10%): Inadequate suspicious activity monitoring
Fair lending concerns (10%): Pricing inconsistencies across borrower demographics
RESPA violations (5%): Improper referral fee arrangements

How do you stay audit-ready year-round?

The best approach is making compliance part of your daily workflow, not a periodic fire drill.

Monthly habits:

Review your NMLS record for accuracy
Check that all current advertising includes required disclosures
Audit 2-3 of your own loan files for completeness
Log any consumer complaints and document resolutions

Quarterly habits:

Review your referral relationships and marketing agreements
Update your policies and procedures if practices have changed
Complete any available compliance training
Review fair lending data if your company provides it

Annual habits:

Complete all continuing education requirements early (don’t wait until December)
Review and update your written supervisory procedures
Conduct a comprehensive self-audit of loan files
Update your data security practices per the FTC Safeguards Rule

What happens during the actual examination?

Examiners typically follow this process:

Opening conference: They explain scope, timeline, and what they need
Document review: They examine loan files, advertising, policies
Interviews: They may ask you questions about your processes
Preliminary findings: They share initial observations
Exit conference: They discuss findings and next steps
Written report: You receive formal findings, usually within 30-60 days

During the examination: Be honest, be responsive, and don’t volunteer information that wasn’t asked for. If you don’t know the answer to a question, say so and offer to find out. Trying to bluff through an answer is far worse than admitting you need to check.

What if you receive findings?

Most findings result in a corrective action plan, not license revocation. Here’s how to respond:

Acknowledge the finding: Don’t argue unless it’s factually incorrect
Create a remediation plan: Specific steps, responsible parties, and deadlines
Implement changes: Actually fix the issue, don’t just write a plan
Document everything: Show your work to demonstrate good faith
Follow up: Respond to regulators by their deadline, every time

If you’re working on your NMLS registration or are new to the industry, building good compliance habits from day one is vastly easier than trying to retrofit them later. For a broader understanding of MLO requirements, review our guide to becoming an MLO.

Compliance isn’t the most exciting part of being an MLO. But the loan officers who treat it as a core professional skill rather than an inconvenience are the ones who build long, stable careers. An audit shouldn’t be something you fear. It should be a routine part of doing business well.