The Oklahoma Examination comes in two parts: 1.) A general questionnaire and 2.) an IT Security Questionnaire.
The General examination questionnaire can seem a little daunting because it addresses "covered transactions," which at first glance seem like nuanced loans that do not appear often in today's mortgage industry. However, further reading clarifies that the questionnaire applies to virtually all non-investment property loans.
1.) The General Examination is divided into "modules" to help the company focus the responses in specific areas. However, the first section—Module 1-1—literally just says, "Provide ALL policies and procedures." These policies and procedures Serve as the basis for those items requested later in the examination.
When assisting customers in the examination, we do not refer back to all policies and procedures, since the examiners make specific requests for additional policies and procedures later. To expedite the examiner's review and save effort and confusion, it is best to respond by providing the items requested in line with the request. You see that we have named the document we are providing in accordance with the examination request.
2.) The requests here pull from the 2-0 Compliance Module - simply print the respective sections from the module and name them according to the request.
3.) Module 2 deals with very narrow requests that augment the answers to the questionnaire.
- 2-1 Deals with SAFE Act Policies - Section 2-70 in the Compliance Module
- 2-A-2 Is the Compliance Manager's duties - Section 2-01 in the Compliance Module
4.) Compensation policies deal with the comp plans, but also the policies and procedures. Pull this from the 2-0 Compliance Manual, Section 2-72 Anti-Steering.
From this point, it is relatively straightforward to pull the items from the "All Policies" documents as printed PDF sections, name them according to the request, and forward them to the examiner. OK uses the "Box" platform, so you can simply drag and drop.
Information Security Assessment
A second section was added to the exam: the IT/Cyber Security Assessment.
The IT Security Questionnaire does not require the preparation of policies and procedures, however it does require that you have them, so it is important that you can source the location of those items.