There's no regulation that directly states that a BGC is required (unless some state passed a law about this since this request got implemented, which I think is highly unlikely). In fact, a BGC (and usually an XYZ certification) is only required for us if we want to work with certain major title companies, but they represent a major portion of the marketplace.
The requirement stems from the passing of the Gramm Leach Bliley Act (GLBA) in 1999, which includes a statement requiring financial institutions to protect consumers' data privacy. When the CFPB was established in 2011, they decided to enforce the data privacy requirements of the GLBA. Financial institutions suddenly needed a way to prove they were in compliance, but as I saw it, lenders didn't want the additional responsibility of creating a system to allow them to do so, so it got pushed downstream.
XYZ apparently saw that as an opportunity. They convinced the major title companies (who also didn't want to have to create a new system) that it was all on the notaries, and that XYZ would provide title co's (and lenders, through them) a box to check, showing that they were taking steps to ensure compliance. XYZ did so by creating the "certification" system, and *they* established the guidelines, which, as we know, only involve taking the same dumb exam annually, getting an annual BGC, and of course, paying them a fee every time. That created another stream of cash flow for XYZ, and the title and lender companies had something they could point to, saying they were achieving borrower data security. WE all ended up with additional hoops to jump through every year and an increased cost of doing business... [I'm not saying that tc's and lenders haven't also taken additional security steps, but not having worked in those environments, I don't have visibility to that.]
There are some other requirements in the GLBA which we've all pretty much become familiar with by now. Specifics can be found here: http://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act
Here's a quote from Wikipedia that does what seems to be a pretty good job of explaining the basics:
"In terms of compliance, the key rules under the Act include The Financial Privacy Rule which governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies, regardless of whether they are financial institutions, that receive such information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions – such as credit reporting agencies, appraisers, and mortgage brokers – that receive customer information from other financial institutions."
BTW, I love your idea of a reduced renewal fee, especially since they don't make any effort to update or increase the value of the certification - but XYZ has no incentive to make any changes. It's just one more example showing they're a profit-making business, NOT a non-profit organization focused on supporting notaries, as they allow people to believe, e.g. by using a '.org' URL... (They justify that because they also have a foundation that IS registered as non-profit.)
|