There is no doubt that technological advances have made the transactions and processes involved in originating a mortgage more efficient for both lenders and consumers. However, what borrowers might assume is ease-of-use or what loan officers, real estate agents and borrowers may consider good customer service may in fact be very risky, or even illegal.
Lenders need to do something now to ensure that their policies and procedures, and the way they invite borrowers to participate in the mortgage process, are safe and secure. Data integrity is key throughout the process, and with the TILA-RESPA integrated disclosures in place, shortcuts to meet the timelines are not the answer.
According to a recent study published as the 2015 PwC Consumer Lending Experience Radar, consumer preference for completing the entire mortgage transaction online has grown very quickly. This trend is validated by Fannie Mae research released in October 2015 that shows almost one-third of recent homebuyers wish for more availability of mobile tools to use during the home-buying process. But as with the adoption of any new technology, there are growing pains on both sides. Lenders need to balance the benefits that technology and automation offer with their ability to manage increasing information security responsibilities. The same Fannie Mae research also confirmed that "The greatest concern about applying for a mortgage online is related to security." The risk of an information breach or leak is very real, and this represents yet another area of oversight for lenders and loan officers.
As more lenders adopt online and mobile capabilities, they simply cannot overlook cybersecurity. Here are three of the biggest concerns for lenders:
Confidentiality. Identity theft is on the rise. The Identity Theft Resource Center reported in 2015 that the number of U.S. data breaches tracked in 2014 reached a record high. When looking at the mortgage process, there are multiple opportunities for lax protocols to invite disaster. Text and email are two of the biggest vulnerabilities because they are easy, fast and convenient. Borrowers should be cautioned to never text or email their Social Security number, or a photo of a bank statement, or any documents containing sensitive information to their loan officer. This also includes the transmission of the loan application which contains a borrower's Social Security number and the account numbers and name of the institution where all of their assets are held. Clearly, the transmission of this type of information through an unsecure channel could lead to a disaster for a consumer as well as the lender as the lender bears much of the responsibility for a data breach.
Data protection. Lenders not only need to proactively protect data they acquire, but they are also responsible for protecting data in transit. In addition, if they employ third-party vendors that hold customer data, lenders are responsible for their data security, too. All channels through which borrowers might be providing private information must be secure. There is a wide swath of regulations in place, not the least of which is enforced by the Consumer Financial Protection Bureau, which explicitly prohibit sending documents or information via unsecured email. Other regulatory agencies specify procedures for using and protecting consumer data. In short, both the technology used and the process for accepting confidential data must be secure.
Archiving: There is no question that lenders probably aggregate and store more sensitive data than any other service provider. Consider the information required on the loan application submitted by the consumer to the lender (frequently referred to as a "1003") as just a start. Many borrowers shopping for loans complete a 1003 just to get rates. What happens to all of that information they provide to the lender? And for how long is the lender responsible or liable for it? Right now, the answer is the lender is responsible for protecting all of it, including data held by third-party vendors, for as long as there is a relationship with that consumer, and that can be a verylong time.
Protecting borrower data while meeting their ever-increasing demands for efficiency is the tightrope that lenders and loan officers are walking today. Starting 2016 with the proper oversight in place will position lenders for a more successful transition into the world of the digital mortgage.
Mike Steer is a vice president and chief operating officer at consulting firm Mortgage Quality Management & Research.