As published in California Mortgage Finance News, Winter 2018
Financial institutions are turning to digital processes to serve consumer demand for ease of access to their products, including mortgage loans. To keep pace, mortgage lenders of all sizes are utilizing new technologies to optimize lead generation and facilitate application submission, loan processing, underwriting, electronic signatures, closing, and as many other steps as possible in the loan origination process. Digitization increases efficiency leading to lower costs, which both allows lenders to offer lower rates and a better experience to customers while improving their profitability. Today’s homebuyers are using online channels through mobile phones, tablets and computers to shop and apply for a mortgage loan. With the many fintech solutions available, lenders must carefully choose the right partner. Challenges include ensuring the technology integrates seamlessly and efficiently with the loan origination system (LOS), ensuring the technology works as promised and is easily adapted to accommodate changes in the business or regulatory requirements, all without creating unexpected risks.
As lenders review the options for fintech partners, a rigorous vetting process will help ensure the fintech partner delivers what is expected. As with any technology relationship, integration with current systems is rarely without some challenge. In addition to system functionality and performance, common considerations include the level of lender N I W resources required to customize the software, monitor performance, and ensure compliance controls are operating properly. Because these systems are consumer facing, lenders must classify them as critical vendors and perform deeper initial and ongoing reviews to ensure they are properly evaluating operational and compliance risks. Critical areas that lenders should evaluate when selecting a fintech partner include:
- Data Security: A cybersecurity breach is one of the largest risks a lender faces. The chief information officer should be comfortable that customer information is safeguarded, and the controls are in place to prevent and detect a breach. Determine who will be hosting the application and the data that is collected. Does the fintech partner have the certifications your company requires? Do they fully understand state privacy requirements and the Graham Leach Bliley Act? Is adequate cybersecurity insurance coverage in place and how does it interrelate with the lender’s coverage?
- Reputation of the Fintech Company: Evaluate the stability and longevity of the fintech company to look for a good cultural fit between you and the technology company. Many are young and may only have a few mortgage clients so far, but with good success. Others may be affiliated with your LOS provider and benefit from their longer-term industry reputation. Evaluate the company’s financial condition and ability to endure industry cycles. Speak with their existing clients about security, integration process, adaptability, compliance, responsiveness, etc. Look for a track record that meets your company’s strategic objectives.
- Industry expertise: Fintech companies rightfully focus on the systems and may have varying levels of industry and regulatory compliance expertise. Do your homework on the leaders of the company and project team. Look for specific expertise with your type of business (retail versus wholesale, for example) and knowledge of industry vernacular, regulatory, and secondary market requirements to ensure the quality of loans and avert the risk of repurchases. They should have a deep understanding of the mortgage lending process, the unique products and services the lender offers, and the borrower impacts as they interface with the system.
- Compliance expertise: Mortgage lenders understand the importance of regulatory compliance in the lending process. Their third-party partners should also have a deep understanding of the applicable regulations and associated risks. Depending on the functionality of the tool, the fintech company should have reviewed their product for compliance with the Equal Credit Opportunity Act (ECOA); the Truth in Lending Act (TILA); the Real Estate Settlement Procedures Act (RESPA); Unfair, Deceptive or Abusive Acts and Practices W (UDAAP), in addition to other applicable consumer regulations. A robust third-party due diligence process is imperative and making sure compliance requirements are addressed and controls are in place to monitor performance to those requirements is a must. Lenders should involve compliance personnel early in the vendor selection process. The chief compliance officer should be able to readily assess the fintech f irm’s commitment to a culture of compliance. Some lenders learn about the lack of a strong compliance management system (CMS) too late and find themselves in the position of having to implement workarounds to comply with the regulations or drafting language and/or disclosures outside the system. Avoid this situation by asking for evidence of a strong CMS including the compliance program document, compliance policies and procedures, the content and evidence of compliance training, compliance monitoring procedures, and how they track compliance impacts related to system changes. Through the lender’s vendor management process, perform ongoing assessments of compliance to ensure the CMS is operating as intended. After all, the fintech company’s compliance errors are essentially the lender’s errors in the eyes of consumers, secondary market investors, and regulators.
- Integration and adaptability: Does the fintech company have experience working with your LOS? How easily can changes be made T N I to accommodate your business or new regulations? Are strong change management processes in place to confirm systems updates or changes are properly implemented? Are service level agreements being met? All technology companies should have a defined process for receiving, analyzing, and processing regulatory updates impacting the software; be sure your contract is clear on who is responsible and the service level response time.
- Contract provisions: Technology contracts should be reviewed by a lawyer with expertise in such contracts to address licensing, liability, indemnification, insurance and breach notice requirements, termination provisions, etc. Having or engaging counsel with technology contract expertise is ideal for both sides, especially when considering the risks. The lender and fintech company should both clarify where their liability in the process begins and ends.
Improving the consumer experience when applying for a mortgage loan by providing easy, clear, and efficient steps along the way through digital technology is a goal that many mortgage lenders are achieving today. To remain competitive and to grow market share in the future requires digital solutions. Finding the right fintech solution partner and implementing compliance protocols and best practices to mitigate risks along the way, is a win-win for consumers, lenders, technology innovators, investors, and the industry as a whole.
