The role of compliance in digital mortgages

Here are some key steps to consider when addressing regulatory requirements

compliance HW+

Imagine wanting to build software in the mortgage industry. You spend your time visualizing the problem your technology plans to solve, but after researching the industry, you realize that when it comes to building mortgage technology, you’re not just building an application. You actually have to take the proper steps to make sure it gets built correctly, and from a compliance standpoint.

If you don’t come from a software or a mortgage background, it will be a long journey. The good news is that there are some key measures that you can follow for how to best navigate building digital mortgage software with compliance in mind.

Digital compliance in the ever-evolving mortgage industry

The mortgage industry continues to evolve with new technology coming in to better serve mortgage lenders, real estate agents, service providers, appraisal management companies and others, so taking compliance into consideration is key.

Whether you’re new to the industry or a seasoned individual coming in to disrupt the mortgage industry with your new technology innovation, you have to consider whether you understand how to address regulatory requirements in the mortgage industry.

For example, a marketing platform needs to track marketing campaigns because compliance officers need to review those campaigns to make sure they don’t violate RESPA (8). If you’re not sure what this means, it’s best to do your research on this topic to ensure your software is compliant.

Validation of your product

When we first started building our mortgage point-of-sale platform, we needed validation of what we had created. With so many data points to validate, you have to go through a rigorous process to make sure everything is compliant according to the laws and regulations. Again, this is not something that just gets developed. It is something that is planned, developed and then validated. There are more than 300 rules that affect the mortgage industry, and when building software, you have to think about those rules and how to build your software around them.

If you’re a lender, compliance is a top concern because you have your compliance officer reviewing everything from marketing to disclosures — basically, what we call alphabet soup. Then on top of that, you have to do quality control audits.

Lenders not only have to worry about making sure that they are in compliance when doing business, but now they also have to worry about the Fintech mortgage lenders entering and competing in the market. As digital mortgage software providers rise, many lenders may find themselves overwhelmed with all the drastic changes happening in the industry. So, whether you’re building your own software or vetting a software provider to be part of your tech stack today, here are some key points you should be diving into.

Which regulations does this software touch?

Federal and state governments set rules that mortgage lenders must follow. When your software is being designed, you have to review the government rules and then the state rules to ensure you’re making a product that is going to be up to date with those regulations. When vetting or building your software, these are the sort of things you have to consider, as time and money can be wasted when not addressing this early on.

How is data handled?

So many new digital mortgage companies — often bootstrapped or lightly funded — pose an inherent risk, handling data properly. For example, security is difficult to do right, and to do it in a SOC II Type II manner. The point is that the risk is greater now than ever.

But it isn’t just about how data is secured, it’s also the story it tells. How did the loan data change over time, starting from initial point of contact, or both the consumer and user behavior? The story that data tells helps people understand what is really happening. The days of being able to physically see and monitor the process is difficult and declining.

Being able to analyze the data in a sophisticated manner, and to understand how the data is flowing, is important to be able to see unauthorized access and other anomalies that can corrupt the data.

Identity verification (IDV) and authentication

IDV comes in different forms, such as out-of- wallet questions or a fraud scorecard. Identifying not only fraudsters attempting to steal millions of dollars, but also spammers, hackers and bots wasting your time creating fake accounts and trying to steal your data is important. IDV not only protects you, but it streamlines your data operations.

While your identity is real and legitimate, you need to make sure it is really them on the other end of the digital device. Best practices are out there, such as multi-factor authentication and time-based one-time password.

In today’s digital world, the rise of identity fraud is real, especially since the start of the COVID-19 crisis. For example, today’s banks have to worry more about synthetic identity, where fraudsters create “fake” identities with perfect credit scores. Those identities are then used to apply for credit, and because those identities have actual credit, banks lend to them. They don’t find out that the identity was fake until they stop paying.

Change management

It’s important to properly monitor mortgage regulation changes ahead of time, not only for your people and processes, but also for your technology stack. Software development is time consuming and costly, and it introduces risk. Therefore, it needs to be planned in advance, with padding. If you are using a third-party software vendor, you should be able to rely on them for monitoring and execution. But of course, regularly inspect what you expect.

There will be common change requests from different departments that may conflict with each other. Proper alignment of people, process and policy will be crucial to prevent serious pitfalls, such as putting the organization at compliance risk.


Any language or visual that a consumer sees introduces risk. If you don’t say the right things or disclose details completely, it could become an issue. Language must be configurable and adaptable. By doing so, you guard against compliance risk and have the added benefit of being nimble and using A/B split testing to maximize conversion.

Many vendors will preach integrations, automation or their secret sauce, but sometimes it is as simple as saying the right things at the right time. This also includes proper disclosures, such as the CHARM booklet or eSign/eConsent.

Social selling

As the world becomes more accustomed to selling socially, you will need a tool that automatically tracks the conversations between a loan officer and a borrower. Again, this is another check on your compliance list that you must address, if your software offers this.

Compliance team

The deeper you go into the mortgage process, the more likely you will need a compliance team. Mortgage lenders employ and spend thousands of dollars on compliance labor. On top of that, some lenders use actual software that monitors their compliance. So, if you are building a deep mortgage product, then it’s likely you will need a compliance officer.

In closing

In this article, we mentioned a few areas that must be considered when building digital mortgage software. Keep in mind, we haven’t covered other areas, such as PCI SSC compliance or ISO standards.

As you can see, building digital mortgage software with compliance in mind is crucial in the mortgage industry. So, whether you are thinking about building something from scratch or implementing a vendor solution for your mortgage lender, think about how you will plan, develop and validate.

This article was pulled from the HousingWire Magazine May issue. To read the rest of the issue, go here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular Articles

3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please