Michael Kolbrener, CEO of PromonTech

Q&A: Navigating Lending Tech Compliantly and Profitably



Banks today are under significant pressure due to declining mortgage origination volume, historically high costs, increasing competition from FinTech entrants, and consumers demanding a more user-friendly, digital experience. New and emerging technologies are transforming the financial services industry, and banks are turning to tech to meet customer expectations, reduce cost, and drive growth.

The right technology can enhance borrower experience, deliver perfected data, and provide a detailed audit trail for a compliant lending journey. But, adopt the wrong technology solution or implement it incorrectly, and banks risk automating repeatable defects, which can be costly and time consuming to correct.

At last week’s American Bankers Association Regulatory Compliance Conference, I sat down with Dan Smith, SVP of Government Relations at ComplianceEase, and Colgate Selden, Head of Regulation and Compliance at Promontory MortgagePath to discuss what bankers should be thinking about to ensure they’re employing the right lending tech to remain competitive, profitable and compliant.

Michael Kolbrener: RegTech has gained enormous momentum. Across industries, we are seeing an emphasis on compliance and a shift in where it enters the process. And with that, we’re seeing RegTech being implemented and starting to change the way we think about business overall. Dan, can you set us up by quickly explaining what RegTech is?

Dan Smith: RegTech – short for Regulatory Technology – is often referred to as FinTech’s sibling, but it can expand beyond financial services; other heavily-regulated industries, like healthcare, energy and pharmaceuticals, are utilizing RegTech to drive efficiency and consistency. Simply, RegTech offers innovative, tech-driven techniques to improve how regulatory compliance and its related challenges are managed.

MK: How has the RegTech momentum impacted banking and residential lending?

DS: A recent study by Research and Markets predicts investments in RegTech will more-than double over the next five years. Banks and other financial services institutions are leveraging RegTech to solve for a wide range of issues and processes, from identity management to preventing money laundering, dealing with specific regulations like GDPR and helping with data or records management. The emergence of RegTech and FinTech have started facilitating the shift from compartmentalized compliance to compliance being woven throughout the entire process – from a reaction to being proactively ingrained in processes and company culture.

MK: Ten years ago, developers would build and complete projects and then engage compliance. Now, we’re seeing compliance and tech teams working together as allies to address organizational pain points and risks. Colgate, how are these integrated teams leveraging technology to address emerging compliance risks and streamline the origination process?

Colgate Selden: Financial institutions are facing an increasingly complicated regulatory environment with elevated reporting demands and data privacy concerns. When coupled with heightened customer demands, traditional processes are no longer sufficient – or cost-effective. Many are turning to tech for the transparency and flexibility necessary to manage these demands. The good news is, when this tech is built with compliance at its foundation, financial institutions can tackle both challenges simultaneously. Point-of-Sale [(POS)] platforms for residential lending can provide a secure portal to share documents and [Personally Identifiable Information] PII, while generating a more detailed audit trail than a manual process is capable of.

MK: The right RegTech and FinTech partners have the potential to facilitate a more-compliant lending journey, but can adding technology to the lending process create new risks? How does compliance change in a digital process? What should lenders be considering with digital transactions that they didn’t need to consider in shoulder-to-shoulder interactions?

CS: There are a few things that come to mind. Certainly consumer identity is significant – is the person applying online actually who [s/he] claims to be? Being able to identify the consumer through multi-factor identification is becoming critical. Then there are significant data and information considerations. What data types are being cataloged and how are they being used? There are new state privacy laws, such as the California Consumer Privacy Act, which create new requirements for certain types of data; and there is also a large carve out for some information collected pursuant to Regulation P – certain cookies or data acting as consumer identifiers need to be uniquely managed. The Americans with Disabilities Act [(ADA)] is another newer consideration for technology with a consumer interface. Consumer-facing tech introduces ADA compliance and accessibility factors that didn’t need to be considered previously.

MK: If you're going to make a note about anything today, make it about ADA compliance and your websites. Because lawyers have identified it as a soft spot across all industries and are targeting websites over ADA-compliance violations.

CS: Another issue we could spend all day on is [Unfair, Deceptive, or Abusive Acts or Practices] UDAAP. For example, what do consumers think they're actually doing when they're accessing your portal on their device? Do they think they're applying for a loan when they actually are not because they’re missing a piece of information?

MK: When a consumer engages with a loan officer in person, the loan officer takes some information manually and sits with it before starting the disclosure clock. When this process is moved online, you have to be very clear about what data is collected and what taking a full application means.

MK: And, now we've started to talk about data and data collection. Dan, what are the impacts of data at various points in the process? Can you talk a little bit about the importance of data for a compliant loan process?

DS: Data is the nexus of customer experience and compliance. To create a compliant process, data quality has to be ensured as early as possible. And, that includes what and how information is being collected from the applicant. Digital solutions allow you to clearly define what you're asking for and create consistent, repeatable processes to bring in data. When you can verify it and extract it throughout the process, you're improving customer experience and compliance. You're positioning yourself for transparency and explainability to the regulators.

MK: Applicant data collection should be a collaborative online experience where lenders are able to validate shared data as it’s coming in. That's why you're seeing companies like [Promontory Fulfillment Services] PFS import source data for income and assets directly rather than having customers tell us about their assets. How can we work together to make sure the accurate, accessible data creating a compliant lending journey is also keeping the applicant informed?

The loan process is still opaque for the average person. I frequently hear people say they are surprised when they’re approved and relieved when they close. There’s still so much uncertainty in the process; if we can create more transparency through data acquisition, data sharing, and data reporting then, naturally, the applicant will feel more informed and confident and have an improved experience. And, the loan officer will, too. Everyone in the process is a customer of the process.

MK: Technology solutions, like those offered by ComplianceEase, can be used to improve overall process, reduce cost and ensure compliance. But let’s take a step back: Even before these technologies are implemented, how can lenders be sure partners have compliance-driven cultures and processes reflecting their own policies and organizational values? Colgate, how important is a partner’s compliance culture and how should it be evaluated?

CS: With any third-party partner, a compliance-driven culture should be heavily ingrained and immediately evident. Your vendor-management practices should extend beyond establishing that they have the policies and procedures – they should confirm consistent adherence to those policies and procedures. And, almost as critical is understanding fourth-party risk. Who are your partner’s providers and what due-diligence and vendor-management practices do they employ? Do they engage in continuous monitoring and ongoing due diligence through a relationship’s lifecycle, and will they share those materials?

Then there’s data security or data compliance. How do they store data? What controls do they have around it? Is it encrypted while it’s in state or in transit or all the time except for when it’s used by the solution? Do they have a SOC2 certification or equivalent? Do they do regular penetration testing?

Ultimately, you want to evaluate compliance operations, culture and data – not only during tech development but during implementation and throughout the entire partnership.

MK: FinTech vendors often say, “We have an open compliance platform, and you can set the compliance dial to meet your institution’s needs.” We should be collaborating very closely to ensure compliance requirements are met, and it shouldn’t be a “dial.” When talking to potential partners, lenders should set the expectation that they should be prepared for bank-level audits in the same way the lenders are prepared. If a vendor can’t meet that requirement, don’t work with them.

DS: I would also argue there’s a correlation: If a vendor can’t stand up to your questions about their structure – what compliance controls they’ve built in, their requirements adherence – then that calls into question the effort they put into the product, as well. In my role, I work closely with regulators, and there are just no shortcuts on the day-to-day integrity of vendor processes. It’s reasonable – in fact it’s required – to ask how this vendor is going to fit into or enhance your compliant processes.

On the point of data: when building or evaluating existing processes, there should be emphasis on data security. But, to satisfy regulator requirements, you also need to be certain extraneous data and information are being captured to explain how and why decisions were made.

MK: Lenders should be strongly vetting vendor data practices. When it comes to data – yours and your customers’ – technology providers traditionally have not made it easy for you to access your own data. Many are starting to evolve, but you should absolutely be asking potential partners about data access. You should have 100% access to all of your data at any time, in near-real time.

MK: We’re confronting the highest mortgage origination costs in history and significantly reduced margins. In ABA’s 2018 Residential Real Estate Survey Report, 96% of surveyed banks indicated they’d experienced higher mortgage-specific compliance costs in light of the recent regulatory reforms. In addition to creating a more-compliant loan process, can proven tech solutions also help reduce regulatory burden and compliance-related costs?

DS: To a certain extent, two different responses followed the financial crisis:
  1. Additional regulations, driving up costs
  2. Strict credit standards, driving down volumes
Lenders are facing rising regulatory costs and declining opportunities to generate product, so margins have shrunk significantly. With changing consumer demographics, FinTech’s allure for many institutions is with POS solutions – how do we get volumes back up? But many lenders have struggled and are still struggling with the dynamic data-gathering requirements and disclosures associated with regulatory changes. Technology can be deployed to help address the challenges impeding efficient operations, such as unscalable processes, fragmented reporting, insufficient or inadequate data and segmented operations.


MK: Regulators are obviously comfortable with tech – many have adopted and have been using RegTech for awhile. Do the authoritative bodies approach regulation differently for lenders employing technology, and have they given any hints as to how they’ll adapt their approach as more and more human tasks are automated?

CS: Regulators are looking for data – all different types and from all organizations: Financial institutions, Fannie [Mae] and Freddie [Mac], the new [Home Mortgage Disclosure Act] HMDA expanded data set. They’re seeking ways to automate data for rule-making, research and day-to-day advisory. At the CFPB, for example, there was quite a discussion around prohibiting anyone from filling out a TRID closing disclosure by hand. The focus was on crisis prevention, technology, disclosure accuracy, and real-time data collection.

DS: Colgate makes a great point about the regulators and their interests. The regulators are thinking, “We just underwent the worst crisis since the Great Depression. We have to approach things differently. Let’s use technology.” While much of the lender FinTech investment thus far has been on the sales side, regulators are focusing on leveraging data to prevent another crisis. While regulators would agree you have to invest on the sales side, you also have to ensure the RegTech piece keeps up.

READY TO SEE US IN ACTION?