In July of this year, Fannie Mae announced an update to the Agency’s Seller and Servicer Guidelines to include requirements that mortgage loan sellers and servicers comply with state address confidentiality programs (ADCONs), and to enter coding for borrowers who identify themselves as participants in such programs (SEL-2022-06; SVC-2022-05). Fannie Mae’s announcement followed a similar announcement by Freddie Mac in December 2021 (Bulletin 2021-29).

What are ADCONs, and what do banks, lenders, and servicers need to know about them?

ADCONs are state-sponsored programs designed to protect certain crime victims “participants”) by keeping participants’ home, work, and/or school addresses (“shielded information”) confidential. All states and the District of Columbia have some form of ADCON law, except for Alaska, Utah, South Carolina, South Dakota, and Wyoming. There are a variety of types of ADCONs, but all programs operate by providing a participant with an alternative address (a “designated address”) to use in place of the participant’s physical home address (or “actual address”). Each ADCON has a state-level administrator who processes applications to participate in the ADCON, forwards mail received at the designated address, and accepts service of process for participants. 

As originally promulgated, ADCON obligations applied only to government agencies such as state DMVs or county registrars. In recent years, however, 21 states have enacted ADCONs that explicitly extend these obligations to private entities. Five states require private entities such as financial services companies to use the designated address in correspondence, and to not disclose the participant’s shielded information. These five mandatory states are Indiana, Iowa, Maryland, Minnesota, and Wisconsin. Two other states, Michigan and Ohio, prohibit financial services companies from disclosing the shielded information of employees who are participants. In other states, financial services companies are prohibited from obtaining an individual’s actual address if the company is aware the individual is a participant.

Even if an ADCON law does not explicitly require private companies to comply, all state administrators encourage voluntary compliance by private companies. See, for example, the Montana Safe at Home training video for private businesses (note that various states refer to ADCONs as “Safe at Home” programs).

What do Fannie Mae and Freddie Mac want sellers and servicers to do?

First, the agencies want sellers and servicers to notify them if a borrower is a participant.  That means sellers and servicers must enter a unique code for existing loans and future transferred loans, flagging the borrower as an ADCON participant. Freddie Mac also requires sellers to inform it of the designated address for participants.

Second, Fannie Mae also wants sellers and servicers to comply with the state laws. This means that servicers should send borrower statements and other correspondence to the designated address; not disclose the actual address without a participant’s specific consent; and, where applicable, not seek the actual address from public records for known participants. Notably, even though the agencies’ announcements brought ADCON laws to the surface, these obligations existed prior to the agencies’ announcements.

The deadline for Fannie Mae compliance was September 21, 2022, and the deadline for Freddie Mac compliance was December 1, 2021.

How can financial services companies comply with ADCONs?

Most financial institutions and servicers face two basic challenges regarding ADCON compliance. First, they may not have processes in place to flag participants in account opening or loan onboarding and, as a result, they may not know about existing participant accounts currently in their portfolio. Second, in loan origination and account opening, they may not have processes, policies, and procedures in place to identify participants and handle participants’ accounts once they are opened. This same problem may exist for active loan servicing.

Bradley is advising several financial services clients as they build their ADCON compliance programs. We also are a sponsor of the National Association of Confidential Address Providers (NACAP), a formal membership program of ADCON administrators, and we recently presented mortgage-specific issues at the 2022 NACAP Annual Conference.

To assist our clients, Bradley has prepared a nationwide survey (including all 50 states and the District of Columbia) of state ADCON laws. The survey includes potential legal risks in ambiguous laws, and information about pending legislation.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Leah M. Campbell Leah M. Campbell

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers…

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers on FDCPA claims, loan finance companies on UDAAP claims, and banks on OFAC- related issues.

In addition, Leah has provided intellectual property guidance in M&A and corporate structuring matters and advised on GDPR implementation and cross-border encryption issues.

Photo of Christy W. Hancock Christy W. Hancock

Christy Hancock’s practice is dedicated to financial services regulatory compliance and litigation. Her work with mortgage servicing and financial institution clients has given her a broad base of knowledge regarding laws affecting the mortgage servicing business, including bankruptcy and foreclosure best practices, payment…

Christy Hancock’s practice is dedicated to financial services regulatory compliance and litigation. Her work with mortgage servicing and financial institution clients has given her a broad base of knowledge regarding laws affecting the mortgage servicing business, including bankruptcy and foreclosure best practices, payment application, correspondence requirements, allowable fees, loan modifications, escrow requirements, and property preservation. In recent years, the majority of her practice has focused on advising large financial institutions on bankruptcy-related regulatory matters and large-scale remediation projects.

Photo of Erin Jane Illman Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly…

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

Photo of Rachel M. LaBruyere Rachel M. LaBruyere

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in…

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in the Office of the General Counsel at the Equal Employment Opportunity Commission. Prior to law school, Rachel spent more than five years managing digital strategy for technology companies.