Compliance Mistakes That Can Cost You

Have you heard about the steep fines brokers are paying for failing to adhere to compliance laws? Chances are, you may be putting yourself at risk and could be the next one to pay up or go to jail. With the proliferation of the mortgage regulatory environment and increased government monitoring, keeping compliant is paramount. New laws not only carry huge fines, but some brokers are doing jail time as well.

It may come as a surprise, but your current loan origination system might actually be the main culprit that’s making you vulnerable to violating compliance issues. Are you nervous yet? However, staying one step ahead of the game doesn’t require a full-time, in-house compliance department. It may just be a matter of leveraging technology that’s at your fingertips: ensuring that your system is compliance savvy.

For many years the loan origination system has moved to become the system of record, and as such, anything that goes through it should go through compliance checks and be properly safeguarded. To do so, some loan origination systems automate compliance and shield companies from fraud. Think of it as Kevlar for loan files.

In the current environment, there are certain safeguards that should be native within the origination platform, which serve to protect both originators and borrowers. Specifically, originators seeking to avoid fines and protect their borrowers should make sure their loan origination system has the following features:

  1. Secure document delivery
  2. Automated forms updates
  3. Encryption
  4. Centralized data storage
  5. Centralized quality control
  6. Selective data access
  7. License checks

Secure Document Delivery
These days it seems that everything is e-mailed back and forth. E-mail is the new fax. However, most originators are unaware that e-mail is not a secure way to transfer data from one source to another. Not only is it not secure, it can also be illegal to transfer unencrypted loan data through e-mail.

The biggest culprits are loan origination systems that don’t encrypt the loan files stored on your hard drive nor provide a secure delivery system for your staff. Here’s an example. Without giving it a second thought, your loan officers or processors attach un-encrypted loan files to e-mail messages and send them to a lender or appraiser. This common practice compromises the privacy of the borrower by sending un-encrypted borrower data along the Internet. Because standard e-mail is vulnerable to hacking and misdirection and misappropriation of sensitive information, it is therefore critical to be sure that your loan origination system has the following capabilities: it has easy-to-use file encryption capability for both stored and transmitted files and it has a secure information transmission capability that avoids the security weaknesses of standard e-mail.

The best option is to use secure document delivery, which is included in some of today’s loan origination systems. This technology empowers originators to electronically send and receive loan files securely to intended recipients without using e-mail. It also prevents the possibility of borrower data being intercepted over the Internet.

Automated Forms Updates
With the increase in new loan products as well as changing product guidelines, there are new forms continually being introduced into the market. Each form is loan-product specific, so it’s important that the user have access to the most current and accurate form. How do originators do this? To ensure compliance and accuracy, mortgage professionals must use origination systems that automatically update forms. Using systems that count on updates to be manually downloaded and installed by staff can cause serious repercussions. With this method, users must know how to download these updates and must remember to do so every time an update is available. This reliance on human intervention puts companies at risk of human error and resulting compliance concerns.

In contrast, advanced loan origination systems eliminate the forms “game” completely and update forms automatically—like virus software that automatically downloads the latest virus updates. When users log in, the system automatically updates itself necessary. No need to worry about forms being compliant.

In a speech delivered at the National Association of Mortgage Brokers 2005 Annual Convention earlier this year, Federal Bureau of Investigation officials stated that computer hacking amounts to between $65 and $70 million in lost revenue in the financial sector. That tally did not include the loss associated with any legal recourse taken as a result.

Much to the surprise of many, one of the most popular loan origination systems used by brokers stores loan files in a non-secured format. How are the files not secure? These loan files can be opened using Windows Notepad–the simple text editor that comes with Microsoft Windows. Un-encrypted borrower files sitting on laptops expose companies to all kinds of security issues.

The good news is that advanced loan origination systems encrypt almost all files. Using these systems enables originators to evade hackers, or more likely, they simply protect companies and their customers from a simple laptop theft.

Centralized Data Storage
Loan files need protection, too. When storing loan data, the user should make sure that the environment is secure. Some of the most used loan origination platforms store loan files in non-secured environments where users can easily save them on a CD-ROM and take them away. This makes it easier for disgruntled employees to steal crucial loan data, and for companies to get into costly legal trouble.

Today’s forward-looking loan origination programs have a simple solution to this vexing problem. They store all crucial loan files on a central, secured server, which can only be accessed by the company’s authorized personnel. Companies don’t have to worry about employees running off with their loan files if it they’re all centralized and only select employees have access. Companies must also be able to report on all loan files to satisfy regulatory requirements. If loans are not centrally managed, loan data must be gathered from many different sources leading to the risk of non-comprehensive regulatory reporting.

It’s also important to back up the system regularly. The FBI recommends that back-ups be done twice a day. When back-ups are done regularly, it is easier to get the mortgage institution up and running again if a hacker has found a way to infiltrate the system.

Centralized Quality Control
Companies must ensure that loans are completed correctly to meet regulatory requirements. Quality control is a key component of this process. The origination system needs to facilitate quality control, not inhibit it.

For example, there are many origination systems that don’t provide visibility into loans since they operate in decentralized environments where loans are stored locally on the desktops of different computers. A decentralized environment inhibits quality control. On the other end of the spectrum, loan origination systems that leverage a centralized database enable mortgage companies to easily ensure the quality of all loans processed.

Selective Data Access
Many loan origination systems provide users access to too much information—information that is not relevant to their job functions. For instance, a processor may be able to view the entire company pipeline. This kind of open access to data leaves companies open to illegal activities. In contrast, other systems ensure that employees only have access to the tools and data that they need in order to do their job. Systems that don’t offer varying visibility levels native within the origination system leave the company at risk.

License Checks
To meet local regulations, loan officers must be licensed in order to originate loans in a given state. However, when volume is up, it is sometimes difficult to keep a close handle on where the loan is being originated, especially if the organization has several branches nationwide. Some origination systems don’t have safeguards in place to check up on licensing, whereas other newer systems can automate the process. Intelligent triggers will come up when a loan officer is originating a loan in a state that he/she is not licensed in, and will not let the originator proceed.

Compliance should be a huge concern for mortgage originators, and technology that enables compliance is essential for those who wish to avoid fines and long-term repercussions. Your system should make it easy to legally deliver documents electronically, evade hackers, use the most current forms, and enable company-wide visibility.

By David Lewis