December 6, 2022

Volume XII, Number 340


December 05, 2022

Subscribe to Latest Legal News and Analysis

Have You Heard of ADCONs? How to Get Ready for Fannie Mae and Freddie Mac’s New Address Confidentiality Program Requirements

In July of this year, Fannie Mae announced an update to the Agency’s Seller and Servicer Guidelines to include requirements that mortgage loan sellers and servicers comply with state address confidentiality programs (ADCONs), and to enter coding for borrowers who identify themselves as participants in such programs (SEL-2022-06SVC-2022-05). Fannie Mae’s announcement followed a similar announcement by Freddie Mac in December 2021 (Bulletin 2021-29).

What are ADCONs, and what do banks, lenders, and servicers need to know about them?

ADCONs are state-sponsored programs designed to protect certain crime victims “participants”) by keeping participants’ home, work, and/or school addresses (“shielded information”) confidential. All states and the District of Columbia have some form of ADCON law, except for Alaska, Utah, South Carolina, South Dakota, and Wyoming. There are a variety of types of ADCONs, but all programs operate by providing a participant with an alternative address (a “designated address”) to use in place of the participant’s physical home address (or “actual address”). Each ADCON has a state-level administrator who processes applications to participate in the ADCON, forwards mail received at the designated address, and accepts service of process for participants. 

As originally promulgated, ADCON obligations applied only to government agencies such as state DMVs or county registrars. In recent years, however, 21 states have enacted ADCONs that explicitly extend these obligations to private entities. Five states require private entities such as financial services companies to use the designated address in correspondence, and to not disclose the participant’s shielded information. These five mandatory states are Indiana, Iowa, Maryland, Minnesota, and Wisconsin. Two other states, Michigan and Ohio, prohibit financial services companies from disclosing the shielded information of employees who are participants. In other states, financial services companies are prohibited from obtaining an individual’s actual address if the company is aware the individual is a participant.

Even if an ADCON law does not explicitly require private companies to comply, all state administrators encourage voluntary compliance by private companies. See, for example, the Montana Safe at Home training video for private businesses (note that various states refer to ADCONs as “Safe at Home” programs).

What do Fannie Mae and Freddie Mac want sellers and servicers to do?

First, the agencies want sellers and servicers to notify them if a borrower is a participant.  That means sellers and servicers must enter a unique code for existing loans and future transferred loans, flagging the borrower as an ADCON participant. Freddie Mac also requires sellers to inform it of the designated address for participants.

Second, Fannie Mae also wants sellers and servicers to comply with the state laws. This means that servicers should send borrower statements and other correspondence to the designated address; not disclose the actual address without a participant’s specific consent; and, where applicable, not seek the actual address from public records for known participants. Notably, even though the agencies’ announcements brought ADCON laws to the surface, these obligations existed prior to the agencies’ announcements.

The deadline for Fannie Mae compliance was September 21, 2022, and the deadline for Freddie Mac compliance was December 1, 2021.

How can financial services companies comply with ADCONs?

Most financial institutions and servicers face two basic challenges regarding ADCON compliance. First, they may not have processes in place to flag participants in account opening or loan onboarding and, as a result, they may not know about existing participant accounts currently in their portfolio. Second, in loan origination and account opening, they may not have processes, policies, and procedures in place to identify participants and handle participants’ accounts once they are opened. This same problem may exist for active loan servicing.

© 2022 Bradley Arant Boult Cummings LLPNational Law Review, Volume XII, Number 266

About this Author

Leah M. Campbell Attorney Banking Financial Services Bradley Arant Boult Cummings Charlotte
Senior Attorney

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers on FDCPA claims, loan finance companies on UDAAP claims, and banks on OFAC- related issues. 

In addition, Leah has provided intellectual property guidance in M&A and corporate structuring matters and advised on GDPR implementation and cross-border...

Christy Hancock Financial Services Lawyer Bradley

Christy Hancock’s practice is dedicated to financial services regulatory compliance and litigation. Her work with mortgage servicing and financial institution clients has given her a broad base of knowledge regarding laws affecting the mortgage servicing business, including bankruptcy and foreclosure best practices, payment application, correspondence requirements, allowable fees, loan modifications, escrow requirements, and property preservation. In recent years, the majority of her practice has focused on advising large financial institutions on bankruptcy-related...

Erin Illman Charlotte Privacy Security Data Technology Attorney Bradley Arant Boult Cummings LLP

Recognized as a Board Certified Specialist in Privacy and Information Security Law by the State of North Carolina, Erin is an experienced thought leader in privacy, data security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and Privacy Practice Group and leads the firm’s Fintech team.

Erin is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/...

Rachel M. LaBruyere Litigation Attorney Bradley Arant Boult Cummings Charlotte

Rachel LaBruyere joined the firm in Fall 2019 as an associate in the Litigation Practice Group.

While in law school, Rachel gained a breadth of litigation experience working for the ACLU of North Carolina, the U.S. Attorney for the Eastern District of North Carolina, and the Equal Employment Opportunity Commission’s trial and appellate practices.

Rachel received her J.D. from the University of North Carolina School of Law, where she was inducted into the James E. and Carolyn B. Davis Society, recognizing third-year law...