No matter what the business cycle, the mortgage industry will encounter compliance concerns and challenges. Firstline Compliance President Joshua Weinberg joins National Mortgage News in our Leaders forum to discuss the role technology plays today in helping lenders find solutions to their compliance concerns.
Transcription:
Transcripts are generated using a combination of speech recognition software and human transcribers, and may contain errors. Please check the corresponding audio for the authoritative record.
Spencer Lee (00:10):
Hello and welcome to Leaders. My name is Spencer Lee, technology reporter at National Mortgage News. We're here at Digital Mortgage 2025, our conference in San Diego. I want to thank you for joining us today, and if you couldn't make it out to San Diego this year, well don't have fomo. This event happens every year. We hope you'll join us 2026 Digital Mortgage 2026. That'll be coming up next fall before you know it, but today we have a conversation all about compliance, namely the role of technology, the role technology plays, and the role of technology should play in compliance matters at mortgage lenders. With me, I have Josh Weinberg, the co-founder and president of First Line Compliance. Before I introduce him, let me tell you a little bit about the company. First Line is a risk and compliance advisory firm serving companies of all types in primarily mortgage related compliance matters.
(01:07):
And those companies can include anything from banks to fintechs to of course, independent mortgage bankers. Mr. Weinberg is also was also helped lead compliance at in-house, at Mortgage loan Rate and also first Choice loan services. He also has, in his past career, he served as a loan originator, so a lot of experience to draw from there. He also, last but not least, is the co-founder of Documents, a technology firm that provides translations of mortgage documents, all compliant to borrowers with limited English proficiency. So let's get started. First of all, welcome Josh, and thank you for joining us today. Spencer,
Joshua Weinberg (01:49):
Thanks so much for having me. It's a pleasure to here. Thank
Spencer Lee (01:51):
You. My first question before I jump into my first question, I want to pull up a little bit of data. This is data provided by Horizon, which is the parent company of National Mortgage News, and this summer they conducted a survey. They asked, one of the questions they asked of mortgage professionals was, what does their technology strategy revolve around? And almost three quarters, or I think it was 73%, said, keeping up with regulatory compliance, keeping up with all the guidelines and such, and that really formed their technology strategy and that sort of was the base, the basis of this conversation. So I guess my first question today is sort of a broad one, but in this regard, if companies are not already invested in technology when it comes to compliance, why should they be?
Joshua Weinberg (02:46):
It's a good question and really the answer in a word is scale. I think if we go 50,000 foot, if we go a little higher, why is compliance important? Compliance is important not just because a regulators behind your back telling you you have to be compliant, but it lays the foundation of how you develop a good business strategy process, consistency. Those all become programming elements that become embedded into technology. So clients we work with, I found that the lenders who have optimized or gained the most efficiencies are those who have been able to embed their procedures into their technology systems. So they're able to develop system controls, systemic ways of operating that enable them to have a process that works, whether it's 10 MLO or a thousand MLO or a hundred loans or 10,000 loans, the process is the same. You slightly tweak the technology in the process.
Spencer Lee (03:48):
I mean, you just sort of explained it, but how does it work? Can you give a sort of a brief example or,
Joshua Weinberg (03:56):
Yeah, so without going too deep into the compliance geek weeds, there are regulations that are fundamental to how mortgage lenders work Equal Credit Opportunity Act, eCOA, home Mortgage Disclosure Act, hamda, those rules require companies to first develop a policy around how you comply with those regulations. Part and parcel is how do you define a complete application? Once you've defined a complete application that usually consists of data points, those data points now get programmed into the loan origination system or the operating technology for the lender so that the system now determines when do you have an application and when do you not. It is now a bright line, clear separation that has no subjectivity. It also embeds that consistency of operation. So just one very specific example of looking through a policy, defining what works for a company and then taking that decision or that procedure and using that to build business rules, system controls into the way that we operate.
Spencer Lee (05:03):
Now, is this different, I'm sure it's very different from just a few years ago, but how far has it advanced in, let's just say five years? Is this something that could be done five years ago to this scale,
Joshua Weinberg (05:16):
What I just explained? Yes.
Spencer Lee (05:18):
Okay.
Joshua Weinberg (05:19):
What I think has evolved is lenders have spent, the mortgage industry has spent billions investing on technology, has not entirely received the ROI for those investments yet I think having this technology and needing to do something with it is part of the impetus that has allowed the increase or the pace of the increase to get faster. And so there are definitely fundamental changes and there are two words or two letters that I know we can't escape in this conversation. AI, and I know we'll talk about that probably more in depth. AI has accelerated, but I think the comfort and the adoption of technology in general has accelerated some of the foundational pieces. I was explaining, having a policy defining application that's good compliance practice that should have existed. More and more lenders leveraging technology to build that systemization into their process. That's become more commonplace certainly over the last five years.
Spencer Lee (06:22):
Now with the lenders you work with, whether or not they're experienced in technology or not, what questions are they asking? Do you find common themes? Do they have common concerns? And this can be, like I mentioned, you work with companies of all types, all sizes.
Joshua Weinberg (06:38):
I think probably one of the first questions we get is, what is ai? How do I use it? Can we use it? What are the guardrails? Again, I don't, I want to save time for the AI piece and not take it here. We also hear how does it work? How do we get it to work better? So most systems have the ability to be configured. Again, that investment in the technology to buy it has not always been met with the full execution of implementation. And so how do we implement it or more and more particularly in the mortgage compliance space around things like tri, how do I measure for tolerance cures? How do I stop what in business we would call leakage? How do I keep money from walking out the door? I'm making money on a loan, but I'm losing all my revenue because of these tolerance cures. How do I capture that? How do I ensure the consistency and accuracy of fees? How do I change or track when there's a change circumstance that requires a reddis? When do I have to disclose and when don't I? A lot of those questions,
Spencer Lee (07:45):
I guess, how do you promote your services or how can vendors promote their services? Do lenders today, do they seem less hesitant than they used to be, but do you encounter any bit of apprehension, technology, scary can be scary?
Joshua Weinberg (08:02):
I think that's a good question and I probably have to give two answers core to how FirstLine operates to our philosophy around compliance are our core values, our core values drive what we do and how we do things, relationship, no assholes, excellence, always learning ownership. Those are our core values and that drives how we deliver service, and I think it's been part of our success. The majority of our business comes from referrals, from existing clients, expanding projects for existing clients or our clients telling their friends and others, Hey, this is where you should go, because they've been effective for us or industry partners that we work with in other areas, law firms, accountants, other partners, technology firms. I will say technology firms have been good referral partners for us because we've proven we understand both that compliance side as well as the technology side, and that gives us a good opportunity to be able to help implement
Spencer Lee (09:04):
Aside from speed, which hopefully allows 'em to scale and hopefully that's an obvious benefit. But what else? When you explain technology and a lot of motivational lenders out there are still kind of novices at technology, what else can they expect? What do you tell them to expect when they want to, when they come to you, maybe they come to you, maybe you sell your services to them, but what do you tell them?
Joshua Weinberg (09:29):
I'll answer that again. Two ways. First, crawl, walk, run.
(09:33):
You don't want to go from zero to a hundred. You want to learn from experience and iterate as you go. Beta test, AB test. Start with a pilot group, whether it's a new product or a new technology or a new point of sale or a new LOS, the more critical the system, the longer to test and the broader group to test with. If it's just a new marketing strategy, sure, try that with a couple of smaller people or a new point of sale. Try that in a beta, very isolated environment that gives you opportunity to bring tighter controls. The other though, I think is get comfortable and understand and know what it is you have so you know how to use it.
Spencer Lee (10:14):
Now, are there any specific tools that you recommend that they use or that you see lenders using to try and meet their compliance needs?
Joshua Weinberg (10:24):
I think there are a couple. I would say critical vendor systems, and this changes somewhat on the type of lender or industry participant. So the needs of a mortgage broker versus a depository bank, very different even between a independent mortgage bank who is only originator versus an originator and a third party originator, a wholesale or a servicer. Those technology requirements are varied. Starting let's say with probably the biggest group, which are most independent mortgage banks, of course the starting point is usually point of sale. What is that first interaction or touch point with the consumer? And to me, making sure there's a system that is friendly. We've talked a lot about digital mortgage, about the customer experience. Having a process with as little friction to engage with the consumer and receive upfront information starts usually in the point of sale that goes directly into the loan origination system.
(11:21):
If the LOS is not also the POS, the development, the amount of configuration, the bumper lanes for the bowling alleys, as I was explaining from the procedures into the technology, that is a really fundamental critical compliance management step. To be able to do that is part of what allows the compliance team to get the data and information they need to perform oversight and monitoring, but be able to instruct los, these are the 10 things I need you to do every time. I do fundamentally believe the majority of los in the industry want to do the right thing and do it the right way. Expecting them to know what that is without clear direction is a company's mistake. So laying out this clear process from policy into your LOS implementation, you give the steps, the LO takes, and the system becomes again, the reinforcement that things are being done the right way.
(12:18):
The technology that generates loan disclosures fundamentally important. The automated compliance testing engine, fundamentally important. The mechanism you use or the technology you use for pre-funding and post-closing quality control, fundamentally important, and I keep using that word fundamentally because those systems not only are critical to the day-to-day operations, but they contain the treasure trove of data that lenders can use to evaluate and monitor both are they succeeding to their business goals? Are they meeting their compliance obligations? What things should they continue doing and do more of? What things should they stop doing? The amount of data that lenders are able to collect and obtain from these technology systems when utilized, become incredibly helpful or instructive about the direction or strategy that a business might want to consider.
Spencer Lee (13:09):
And how fast can it come up with some of these outcomes or I don't want to say decisions, but these solutions to
Joshua Weinberg (13:16):
Data?
Spencer Lee (13:16):
Yeah, yeah.
Joshua Weinberg (13:18):
Again, I think that varies on the shop. So the larger the shop, the more data we need. If we're talking about an independent mortgage bank who's doing 200 loans a year, you don't need very much data to be predictive as to what will happen If we're talking about 20,000 loans a year or 200,000 loans a year to be statistically significant, we just need a bigger sample of data.
Spencer Lee (13:40):
I see. Now you brought up some of the different types of companies you work with, and I wanted to ask a little bit about size matters. Just when it comes to technology, just in the research I've done, the bigger the giants, they're well capitalized, they have the money to invest in technology, and we see them going all in. Meanwhile, the smaller companies, just in anecdotally, I've seen they're more reluctant. They don't have the funding to put a lot of money into technology, but compliance is important. So I guess how do you see that? Do you see the difference, the different approaches?
Joshua Weinberg (14:19):
Yeah, I think there are certainly benefits or disadvantages maybe, or challenges is a better word for both big and small, and being next door to the Naval Air Force base here in Coronado, it's kind of like the aircraft carrier and the nimble Navy destroyer, the largest aircraft carrier, probably has some of the most sophisticated technology in the world, doesn't move around or pivot very quickly. The amount of checks and balances and approvals and sign-offs and vetting and verifications that are required are thorough at a large or the largest institutions, whereas the smaller, not that they're lacking in technology or not that they're lacking in oversight or control or needing approvals, it's just smaller and more nimble and can pivot more quickly. I think that's one of the major differences. Again, challenges, strengths when it comes to just the cost of technology. Absolutely, and I think that goes both to required technologies and what types of systems are used as well as what might be optional systems or technologies, so things like marketing platforms and CRMs. Some of the vendors we see here, the approval process for a top 10 lender versus a nimble IMB, very different and there are opportunities to leverage those vendors for different opportunities are going to be different. I'll also say there are, to your point, size matters. Almost every vendor contract has a volume consideration, so the largest lenders are going to be able to at a per seat or per user level, have a lower cost of operation, but their monthly spend is whales compared to tunas.
(16:06):
I do think though, even the smaller lenders should consider and should negotiate and should go back and should make sure that they're considering the options that are available. And I do think back to what's changed over the last five years. There are newer entrants, not per se new, but those who have come online in the last five years who have challenged or rethought many of the historical largest vendors or challenged their role in the market. So I think for the smaller, more nimble providers where they have fewer approval processes, they're able to adopt newer technologies more quickly, which may also spur an advantage. The older legacy systems, just like the aircraft carriers and the customers that are using them are going to be slower to pivot and change or adopt, and so I think that that speed to market, that speed to change, the degree of review and approval and vetting are both advantages and challenges at the same time,
Spencer Lee (17:04):
And that's something that we regularly keep an eye on, just the growth of the new fintechs, the growth of new technology and how they might provide cost savings that maybe will benefit the smaller companies. I wanted. We talked about this earlier and of course you can't avoid the topic. We need to talk about ai. How has that changed compliance technology and the approach that companies take?
Joshua Weinberg (17:30):
When I've been talking about AI lately, the main thing I'm saying is we've moved past talking about it, we're now doing it. AI is being used, AI is in conversation. What I think is important is we haven't totally defined what AI is is, and those definitions are so important from a regulatory perspective. Colorado was the first state in the nation. They said in the world to pass an AI legislative bill. It was passed a little over a year ago signed by the governor because the governor said, there'll be enough time to fix this and get it right before I have to sign it. That's coming up pretty soon. That time to get it right is shrinking other states. Even on some of the federal side, we've started to see definitions of what AI is and what it is and what it is not is fundamentally going to shape the conversation and the direction.
(18:25):
As examples. We have a client who on their website, touted the speed of approvals or the reduced amount of closing time through leveraging ai. They had a state exam from across the country. The state examiner seeing that, decided to make it an onsite review and said, we want to see how this works. Show us. Fortunately the lender was able to do that, showed that, well, actually what we said was our reduced closing time was longer than what it was. We just wanted to be conservative, so they passed that exam really well. Other examiners are asking questions around, are you using ai? How are you using ai? That's a big question. So lenders, mortgage industry should at minimum have a policy around acceptable use of ai.
(19:14):
I don't want to jump too far away, but if you do business in California, your loan originators are speaking Spanish. If you do business, if your loan originators are doing business today, they are using AI to put our head in the sand and say neither of those things are happening is not the strongest compliance posture. So to have a policy around using this for that is permissible. Using this for that is not is instructive and really helpful for a lender to put in place. Finally, the different types of AI or uses decisioning AI or I think the phrase we're going to hear a lot more is agentic ai. AI that is learning and adapting is going to have higher scrutiny, I think should have higher scrutiny to the extent it potentially has the opportunity to embed bias. More importantly, to the extent that it's going to be providing credit decisioning or determining whether someone is able to get credit or not or what considers qualifying or what conditions or satisfactory or not standardization. There is going to be really important. Last piece on that, similar to the first, the regulators are moving on this state regulators are meeting and taking AI trainings. The questions are showing me up in exams, and so back to that first point, we're not just talking about it anymore, it's here, so what do we do with it?
Spencer Lee (20:42):
Yeah. Regulators are still paying attention despite some of the changes in Washington. Compliance concerns aren't going away, so they need to,
Joshua Weinberg (20:51):
There are 51 plus state regulators, attorneys general who care very much about compliance and the way business is done in their states.
Spencer Lee (21:00):
Now, we talked about how AI and technology in general can really help companies scale, but do you hear from lenders that Yes, do they fear using AI because even though it helps their business, it might be noncompliant? Do they bring that up? How aware are they of potential risks?
Joshua Weinberg (21:24):
I've used this phrase a lot over the years and I'm hoping that I'll eventually be wrong. Unfortunately, I still think it's largely true that the mortgage industry tends to lag behind the rest of the world from a technology perspective by about a decade. Mortgage regulators tend to lag behind industry by about a decade, so the rest of the world has put something out 10 years later, the mortgage industry adopts it and 10 years later the regulators understand it. I don't mean that to be disparaging regulators, it's just the resources and tools that they're given often lag behind what industry has at its disposal. But I mentioned that because we have not fully utilized what's available in the market, what's cutting and breaking edge in the AI space has not hit mortgage in the full way, and I don't think it should yet. I'm probably going to get some at about that, but I think we need to be cautious.
(22:15):
We need to proceed carefully, particularly in the realm of compliance. What I caution our clients about is you cannot trust chat GPT to give you compliance advice. You can use chat GPT to say, give me a reg site for what the requirements are for a change circumstance in issuing a revised loan estimate, and it will very confidently give you a regulatory citation that may or may not be accurate. If it's not accurate and you're relying on that, it may not even be a citation that exists. So trusting that and the way it says it is so confident, it's believable. We need, I think at this point, the conversations I've had with really, really smart AI people is the person in the middle or the person behind the machine, so you're leveraging a lot of the task management, a lot of the speed, a lot of the scale, the repetitive task tracking, but you have someone verifying that it's being done correctly and I think that's where we are, probably where we be for at least the next foreseeable future. The human in the loop, the human in the loop, absolutely.
Spencer Lee (23:26):
Now, I want to talk a little bit about the vendor's role, so the one supplying the technology to lenders. I guess what is their responsibility in helping their clients maintain compliance? They're using their technology. I think clients are probably expecting them to provide guidance, but can you touch on that a little?
Joshua Weinberg (23:50):
Yeah. First, philosophically, I feel like the role of the vendor has had to pivot.
(23:58):
If you're just a vendor, you're not important to the client. You need to be a partner. The relationships we have with clients are driven on relationship and delivering value. That's a partnership. The business deals we arrange are mutually beneficial, not one-sided. Those are relationships that last in are durable. I think that's just a first formative step. I think particularly as you have new entrants, as you have more PE and VC that have come into the market to fuel newer entrants or new and niches, knowing that they're going to be there six months a year from now is really important. Knowing that the more critically you embed them into your processes, the more their resilience matters. So first, just being upfront and transparent about the scenario about the product, doing demos with actual products, not PowerPoints in the lender seat. I saw a lot of those. That sounds so great, and then you get to actually use the product and it's not there yet.
(25:03):
So for my people, for my vendors, develop those relationships as critical partners. That's what's necessary. That also means understanding what our roles are from a compliance perspective and what they're not, and then clearly communicating that. So if I'm a CRM and I'm leveraging the ability to do automated dialing, I have an obligation to make sure my system complies with the TCPA and the California Consumer Protection Act and the Florida requirements and the new Texas requirements, and if I don't to at least flag that so the lenders and the people using it know you may need to do something else so that you're not putting yourself at undue risk. Those are, I don't feel that every vendor needs to solve each lender's compliance problem, but they need to be responsible for their house and know what's in their house so that they can clearly communicate what they have and what they don't.
(26:00):
And then finally, part of that partnership to me is providing value even though it may not be part of the core service. So a lot of LOS providers spend a ton of time providing compliance advice. It is not compliance advice, it's advice on how they use their system. It just has to be very instructive on how their system leverages the compliance rules. I think that builds relationship. Not to tell a client what is your definition of application for eCOA or hamda, but once you've defined that definition of application, how do you program that as data points in a business rule? They're happy to walk you through that. That's the type of partnership.
Spencer Lee (26:38):
Now, do you think lenders, just building off that, do you think some lenders maybe in your experience, maybe even your clients, is there an over-reliance on the vendor to protect them to put up the guardrails? I mean, how much is on them to remain compliant and what do you emphasize to them?
Joshua Weinberg (26:55):
Yeah, this is not always an easy conversation because as the market is stressed and as there are fewer people doing more things, tasks like vendor management often don't get the attention or the prioritization that maybe they need, and that's really where this falls under is vendor management, knowing what's in your contract, working with your vendors to resolve questions in contracts. Sometimes there are larger issues, sometimes they're smaller and easier issues. One very specific example, almost every credit report provider or credit report provider, yeah, sorry, lemme try that again. Just about every credit report provider offers a service that along with the credit report, they will send the notice to home loan applicant, credit score information disclosure. Maybe it costs an extra 50 cents or a dollar to the cost of the credit report. That is worth doing because now every time you've ordered a credit report, the required disclosure goes to the consumer. Even if you never disclose the low and when that credit report comes back into the LOS, you get a copy of that disclosure. That is one very simple way where a vendor can help support the lender, but the lender needs to know to ask for that or the vendor needs to be forthcoming to say, Hey, this might be something that's helpful for you. Do you want us to turn it on?
Spencer Lee (28:18):
I also wanted to address misconceptions. When you're working with your clients, do you ever encounter any, maybe misconceptions is the wrong word, but misunderstandings about what they need to do?
Joshua Weinberg (28:30):
Yes, and I think there's twofolds one kind of piggybacking on the vendor question before, a lot of vendors will provide things like reps and warrants. I think it's really important to read what is being rep and warranted. There are often exclusions or limitations, compliance engines or documentation disclosure engines often rep and warrant that they're going to be compliant and accurate, but those are often limited to the specific use of a form, not per se, the data that goes in the form, and so I think that sometimes is a over-reliance or a misunderstanding of how that might protect or apply. I also think there are sometimes just misunderstandings of the way the rules operate or function, and so that's really important I think, to make sure that we're continually evaluating our compliance management systems, the actions we take, the procedures that we've built, the decisions on when we send a reddis or when we allow a fee to increase or when we're required to issue a cure or whether we're not, or whether a particular change in a loan applies a different waiting period.
(29:48):
Whether a company lists its business hours as open for business on a Saturday or not, and whether they're actually open for business on a Saturday. These are just fundamental compliance determinations that often get kind of set and forget, but then are really important to make sure that we still know how they function. One other, just kind of quick example, anti-money laundering programs. This is something that many states look for either at the time of application or in their examinations that's required for a one person mortgage broker, it's required for independent mortgage banks, it's required for the largest lenders, a process to protect against money laundering. I think everyone can agree is a good thing. Performing the independent review every 12 to 18 months is often forgotten.
Spencer Lee (30:38):
There's a lot to stay on top of. I hope we haven't scared our viewers away.
Joshua Weinberg (30:43):
This was a conversation about compliance, so
Spencer Lee (30:47):
Yes. Now maybe for our final question, I just want to ask, is there anything like for people approaching compliance, especially when applying new technologies, any words of advice for companies embarking on that?
Joshua Weinberg (31:03):
I will say two, bring compliance in early, allow compliance a seat at the table. When I was a chief compliance officer at the bank, I used to always say, bring me in early. I can almost always get you to yes, wait until the end and almost the only way out is expensive. Allowing the opportunity to be inclusive and collective looking at compliance as allies, not adversaries is incredibly helpful to allow businesses to make informed and good business decisions. I philosophically say that I see the role of compliance as twofold. First, our job is to identify and articulate what a risk is to the business leaders to allow them to make the best business decisions possible. Once that business decision is made, our role pivots to building the strongest defensible position behind that business decision or being honest that there isn't one in that regard. Compliance is not standing in the way of business.
(32:02):
It's supporting business that also allows business to bring compliance to the table and not be afraid that it's going to be the department of no. So allowing that additional involvement early will come up with a better product and allow it to be done more quickly and less expensively. I'll also say, I think one of the other areas is that we should not be afraid to try new things. The technology that's coming out, the efficiencies that are being brought, the evolution that the industry is making should be embraced and adopted. I unfortunately know having been in this industry for a while, we are often resistant to change, and even though we know change may be better for us, we often don't unless we have to. This is a time when the have to, I think is mostly being driven by bottom lines, and so that need to be compliant, that need to reduce the per loan expense or increase the per loan revenue is going to drive lenders to find efficiency, and we're not going to find that efficiency without technology.
Spencer Lee (33:11):
Those excellent points and some very, very good insights today and that about does it for us. I want to thank you very much for all the information you provided. Josh, Josh Weinberg, the president of FirstLine Compliance. Thank you very much.
Joshua Weinberg (33:25):
Thanks so much venture
Spencer Lee (33:27):
And thank you. Thank you. The viewers out there for attending this leader session. Have a good day.
