The federal law putting into place education, registration and — for non-depository originators — licensing requirements, applies only to human beings. Yet, don't count on an all-automated loan happening anytime soon.
The conclusion comes from a new Mortgage Bankers Association white paper, written by the law firm of Orrick, Herrington & Sutcliffe, titled Examining AI-powered mortgage through the lens of federal law.
The concern, the organization said, is that without the creation of an industry-developed shared framework for AI use, not just in originations but other areas of the business as well, federal and state regulators are likely to step into the void and pass their own rules. The upshot is "50 different states will regulate us 50 different ways," the MBA paper quoted one of its members as saying.
PennyMac Financial Services is one of several companies leaning heavily into AI; it just appointed
"As the regulatory landscape shifts and states begin constructing their own AI governance guardrails, the mortgage industry cannot afford a patchwork of conflicting rules," said Isaac Boltansky, head of public policy at Pennymac in an emailed statement. "We will continue to collaborate with policymakers to establish a unified, principles-based risk framework that fosters technological innovation while preserving absolute consumer protections."
The argument for AI regulation
The
Admittedly, when the SAFE Act was passed, the idea of AI was not even a concept. As such, the statutory language of the SAFE Act would need a legislative amendment to require AI systems or models involved in dealing with consumers much in the same way as humans do to have their own registration or licensing, the MBA said.
An industry compliance attorney issued a more direct argument. "There will need to be a natural person that is licensed somewhere in the process," said Hadyn Richards Jr., a partner at the Bradley law firm. "We will not be in a position where we can have a mortgage company that has zero mortgage loan originators."
The key to remember is licensing and registration came about as a means of consumer protection following the bad actors, who caused the Great Financial Crisis.
"What the regulators are going to expect, even as AI is fully deployed, is that if there is a need for a consumer to be able to speak to someone, there needs to be someone that they can reach out to and ask questions and interact with," Richards said.
He believes AI will create incredible advances in customer service and decisioning, but the expectations on the regulatory side will be for consumers to have an actual appropriately licensed or registered person to speak with.
What regulators and examiners will ultimately be looking for is if something goes wrong, does someone at the lender have responsibility, Richards said.
More than half of prospective homebuyers claimed they would be comfortable
But it doesn't mean originators can go all-in on high tech and avoid licensing and registration requirements.
Other federal laws remain on the books and come into play. Because consumer credit transactions are also covered by
"While there is no express federal mandate that a human MLO must participate in the mortgage origination process, TILA and Regulation Z effectively impose this requirement through disclosure mandates," the white paper said.
"Ultimately, mortgage companies should assess their own risk tolerances when determining the extent of human MLO involvement in the mortgage loan application and origination process," the paper said. Merely disclosing a consumer is dealing with an AI system may not be sufficient to relieve Reg Z compliance obligations or even fully mitigate
How regulators think about AI
AI compliance and risk management is a big topic, with a couple of ways to think about it, said Kyle Thomas, Conference of State Bank Supervisors senior advisor for policy and innovation.
First, is the consumer protection aspect.
Consumer protection laws and regulations, such as UDAP and TILA, are outcomes-based, meaning if the consumer is harmed, then the company or individuals are responsible, Thomas said. AI doesn't change it.
Second, what is new is the risk management discipline around AI, and how financial services industry participants and regulators properly handle this. The risk comes from not only consumer protection, but cybersecurity and model governance as well.
When new laws, innovations or even fraud risk came up in the past, the regulators set forth principles-based guidelines, and then supervisors developed work programs to support them. Those work programs were shared and used by both the industry and regulators. That's what state regulators are doing — on a coordinated basis — to account for AI from a supervision standpoint, Thomas said.
One day after the paper came out, the
It was developed in collaboration with the AI Community of Practice and came about from a MBA Residential Board of Governors proposal.
FRAME includes a governance policy template, AI system inventory and related risk assessment. It also provides implementation guidance and a Getting Started Guide.
"As AI adoption expands throughout the mortgage ecosystem, it is important that we engage with regulators, GSEs, investors and other stakeholders," said Brian Vieaux, MISMO president in a press release. "The feedback we receive from these organizations will help us continue to refine and strengthen FRAME over time. Our goal is to create a practical framework that lenders can use today while helping build broader understanding and acceptance across the industry."
The goal of FRAME is not to create any new regulation, but to help mortgage companies understand where AI is being used, how to assess the risks, document decision-making and establish a repeatable governance process, said Rick Hill, MBA's vice president of industry technology.
"Organizations cannot manage risk they cannot see, and FRAME provides a practical path to identifying, understanding and managing AI risk across the enterprise," Hill said.
