top of page

The Science of compliance...

The Interagency Guidelines Establishing Standards for Safeguarding Customer Information published February 1, 2001 and revised March 29, 2005, state that each financial institution has an obligation to ensure that each of its service providers has established a security program that is consistent with the Interagency Guidelines and guidelines set forth in the FACT Act of 2003. In addition The Consumer Financial Protection Bureau (CFPB), FHFA, HUD and other agencies have established that lenders/brokers are accountable for vendor compliance with consumer protection laws and federal regulations related to mortgage lending. The policy sets forth minimum standards for lenders/brokers to manage the risks inherent in third-party relationships. The CFPB, empowered by Dodd-Frank as well as the Federal Trade Commission under the Gramm-Leach-Bliley Act (GLBA), call for immediate compliance with these regulations through effective vendor management of third-party relationships.

In a nutshell: Lenders and AMC's are now accountable for vendor compliance. For Appraisers that means you! This type of regulatory environment is enough to give any compliance manager nightmares. Given the nature of our client base and business model, compliance with the various layers of state and federal laws is mandatory. We adhere to a strict set of protocol regarding data security, transmission and storage. To that end the CompFlo Application meets or exceeds the regulatory requirements for:


  • Gramm-Leach-Bliley Act

  • Dodd-Frank Act

  • Consumer Financial Protection Bureau

  • Appraiser Independence Requirements.


​The CompFlo platform is specifically designed to allow appraisers to contribute thier NON-confidential data with confidence that even the most particular clients  will be satisified that confidentialty has been observed.  This is how we do it.

As per USPAP 2014-2016, "When all confidential elements of confidential information and assignment results are removed through redaction or the process of aggregation, client authorization is not required for the disclosure of the remaining information, as modified". (*See Below for USPAP guidance of "Confidentiality".) To that end we designed our submission process to automate the process of "redaction" and "aggregation". Our extraction technology allows for a painless and compliant, yet transparent process to ensure that confidentiality is observed.   

Confidentiality concerns are enforced with extreme prejudice and guaranteed by the CompFlo "Confidentiality Agreement" that defines confidentiality and exactly what our obligations to our clients are. All clients must read and accept this agreement prior to any extraction. Some of the more notable confidential items that must be protected include:  


  • Client information

  • Contractual Information

  • Effective date

  • Adjustments

  • Borrower

  • Name

  • Pricing information

  • Opinions and Conclusions developed specific to the assignment

Well, it's actually confidentiality deletion. When developing our data submission process we engaged the Georgia Real Estate Appraisers Board (GREAB), GREAB Investigators, local USPAP instructors, members of the Appraisal Institute and (of course) our legal team. The CompFlo "Extraction" Process is an automated extraction of NON-Confidential Data as defined by USPAP from the files submitted by our clients. Any confidential data that is identified by the extractor application (based on its location with the submitted document) is deleted immediately and prior to any exposure to our personnel or database. The original file is purged 7 days after extraction. The NON-confidential data is available for immediate review by the contributing user.


Since "Due Dilligence" is now the responsibility of the our Clients Client, we've ensured that ours is completely transparent.


  • Policy: Legal obligations are detailed within the policies and procedures set forth in the CompFlo "Vendor Due Dilligence Report". This report is available to any lender upon request


  • Training: Every employee is required to undergo due dilligence training to ensure the implementaion of policy.


  • Testing: Infrastrucures and policies are subjected to annual testing to ensure compliance and business continuity in the event of a disaster.

*Confidentiality As per USPAP 2014-2016 ©The Appraisal Foundation




An appraiser must protect the confidential nature of the appraiser-client relationship.


An appraiser must act in good faith with regard to the legitimate interests of the client in the use of confidential information and in the communication of assignment results.


An appraiser must be aware of, and comply with, all confidentiality and privacy laws and regulations applicable in an assignment.


An appraiser must not disclose: (1) confidential information; or (2) assignment results to anyone other than:


  • the client;

  • persons specifically authorized by the client;

  • state appraiser regulatory agencies;

  • third parties as may be authorized by due process of law; or

  • a duly authorized professional peer review committee except when such disclosure to a committee would violate applicable law or regulation.


A member of a duly authorized professional peer review committee must not disclose confidential information presented to the committee.


Comment: When all confidential elements of confidential information and assignment results are removed through redaction or the process of aggregation, client authorization is not required for the disclosure of the remaining information, as modified.


*USPAP Q&A 2013


2013-08: ETHICS RULE – Confidentiality “Subject Property Data and Confidentiality


”Question: I recently heard that all information I collect regarding a subject property is part of my assignment results and therefore subject to the requirements in the Confidentiality section of the ETHICS RULE. Is this true?


Response: No. The Confidentiality section of the ETHICS RULE prohibits disclosure of confidential information and assignment results (both, as defined in USPAP) to parties other than the client, or parties authorized by the client (there are specified exceptions to this). Factual information regarding the subject property is not confidential information unless it is identified as confidential by the client and not available from any other source. Assignment results include only the appraiser’s opinions and conclusions developed specific to an assignment. Therefore, data (but not opinions) regarding the characteristics of the subject property may be disclosed to other parties unless it has been identified by the client as confidential and it is not available from another source. (Bold added for emphasis.)

bottom of page