State exams are becoming a revenue exercise

A familiar scene for many independent mortgage banks: an exam turns up issues, you coordinate with state regulators or the Multistate Mortgage Committee (MMC), and what starts as remediation becomes chaotic, especially in multistate reviews, where some states may proceed independently. Suddenly you are managing dozens of parallel negotiations, and the discussion shifts from fixes to fines. The line between supervision and enforcement, particularly at the state level, has blurred.

The next step is a public fine from a single state—sometimes in the millions—with little advance warning or clear methodology beyond "large enough to sound serious." Other states then anchor to that number. Penalties start to matter more than identifying and fixing issues, and what might have been minor, correctable problems can become a financially significant event.

This is not how supervision is supposed to work. At CFPB, supervision historically served as a nonpublic way to identify and fix problems quickly; enforcement and fines were reserved for severe or persistent issues or uncooperative entities. As the CFPB has become less active, states are doing more exams, and some treat mistakes as revenue opportunities. Zero-tolerance compliance discourages cooperation and increases cost without improving consumer outcomes.

RELATED STORY: RESPA cases are rising as states fill CFPB void

Supervision vs. enforcement

Mortgage regulators generally use two tools: supervision and enforcement. Supervision is an ongoing, typically confidential process built around exams, data collection, and follow-up to identify and correct problems and prevent consumer harm. Supervisors may use complaint trends to flag risk, even though complaints alone are not proof of violations.

Exams often produce findings or "Matters Requiring Attention" that require remediation and evidence—sometimes through a follow-up exam—that the issue was fixed. In any complex business, mistakes happen and are usually not intentional. The point of supervision is to ensure controls and procedures exist and work: identify root cause, make affected consumers whole, and add controls to prevent recurrence.

Because regulators cannot examine every activity at thousands of mortgage companies, the cornerstone of compliance is the company's own Compliance Management System (CMS). Exams should primarily assess the strength of that CMS as a core consumer-protection control.

RELATED STORY: States lay groundwork for post-CFPB oversight

Sometimes an exam will uncover bigger problems, intentional violations or reckless disregard for the rules. Or a company may not be able to adequately address an issue, resulting in repeat offenses of the same problem. These are the cases where enforcement may be the preferred tool.

Enforcement is typically slower and more expensive, often involving investigations, outside counsel, and protracted negotiation. Outcomes are usually litigation or settlement—and many settlements reflect the cost of fighting as much as the merits.

The concern today is that supervision is becoming enforcement, particularly at the state level. Even when a company responds promptly, fixes the issue, and provides restitution, some regulators still seek substantial penalties. In multistate exams, the number may be driven by what satisfies all participating states. The theory may be that such fines discourage errors; but given remediation cost, restitution, private litigation risk, and reputational harm, companies already have strong incentives to prevent issues when possible.

The way forward

If supervision becomes enforcement, the regulator–entity relationship changes in ways that help no one. Companies will dispute more findings, regulators will spend more time negotiating scope and penalties, and consumers will wait longer for fixes. Supervision can become a revenue exercise, and companies may respond by avoiding certain states or charging more to cover regulatory cost.

One path forward is a clearer escalation model: remediation first, penalties when supervision fails to fix issues. An external appeals process could help resolve disputes over findings. Multistate exams also need guardrails so "one company, one exam" does not devolve into a hydra and many separate negotiations—for instance, limits on states dropping out midstream, a designated lead state to negotiate on behalf of participants, and a rule that prevents reopening the same scope as separate standalone exams once an MMC exam reaches an agreed stage.

If reform is not possible, regulated entities may need to reassess their footprint in high-cost states (including states with long foreclosure timelines that create liquidity risk for IMBs) and consider overlays or pricing to reflect that tail risk. That may mean conceding share in a handful of states to compete more effectively elsewhere.

Some bad actors warrant large penalties. If a company willfully disregards the law, is uncooperative, or cannot fix recurring issues, monetary penalties, license actions, and other tools should remain available. But the current approach can treat well-intentioned companies as criminals. Zero-tolerance compliance reduces willingness to provide needed services — as seen in large banks' pullback from parts of the mortgage ecosystem. If the goal is a competitive market with strong consumer protection, the system needs recalibration.