- DSNews - https://dsnews.com -

Breached: How the Mortgage Industry Can Implement Stronger Cybersecurity

As President of SLK Global Solutions, America [1], Alok Datta is responsible for the creation and execution of the overall revenue generation strategy for the business process management services area of SLK Global. Datta has over 20 years’ experience in the banking and financial services industry and business consulting. He has managed large operations across banking, mortgage lending, title insurance, and other sectors within the financial services industry, including as head of mortgage operations at a leading US Bank.

He recently spoke to DS News about the technology and market trends that are defining the market space and the steps that lenders can take to make their data more secure.

How can lenders and servicers work to ensure their customers’ data remains protected from cybersecurity breaches?

We have had many cyber security regulations in place in recent times in the compliance space especially if you look at the General Data Protection Regulations or those put in place by the New York State Department of Financial Services. The challenge though is around adoption of these regulations by lenders and service providers because they must determine whether they pay now or later in terms of having a comprehensive information security protocol and then, adopting that in terms of understanding their network and server securities or vice-versa. If you were to look at a mortgage transaction, it's a highly inclusive one from a borrower standpoint and rightly so because a lender has to make decisions. There's a lot of information that is expected to be shared. Then, there are multiple parties associated with that data, like appraisal or title companies who see it because of the outsourcing aspect of the transaction. It therefore becomes imperative for a lender or servicer to ensure that they do the right due diligence to secure the borrowers’ data through a comprehensive network and server security system and their third-party partners as well as thorough compliance training and understanding for their employees. They must also ensure a robust vulnerability testing and penetration testing for their networks to maintain the security of borrower data.

It is this comprehensive approach to information and data security which the industry hasn’t embraced as well as it should have.

Some of the recent data breaches should come as a wakeup call for the industry. We have seen in the past that when the industry hasn't self-regulated, there's been far more compliance from governing bodies. The industry doesn’t want more of that. Today, there are talks of states having their own regulations and legislation around personal information security and it’s time for lenders and service providers to create industry forums to clearly articulate what should an information security policy for a lender or service provider look like. That starts with a documented framework and then, adherence to that framework in terms of how they engage those who need access to that information. Awareness around phishing emails, and hacking software that exists out there is as important as the accessibility of information for various stakeholders. Not every information should be there with every employee.

If you look at some of the recent breaches have also been the result of human error. How do lenders ensure that everybody within the organization understands the criticality of some of these data pieces? Who do they engage with? These questions become even more important as compliance costs increase in a high-pressure origination environment. There is always that desire to reduce cost by compromising on some of these intense compliance related procedures and policies. Unfortunately, what that does is expose a lender’s customer base and potentially the lender or service provider to reputational risk or penalties and fines. It's time we all internalize that aspect, embrace it, and make those investments in secure systems, protocols, and the right third-partyengagements to ensure that they adhere to the same sets of systems and protocols.

Apart from data breaches, what are some of the other technology-related risks that the mortgage industry is facing today and how can they be addressed?

It's an interesting time for the mortgage industry right now. There's always been talk of technology in this space, but if you look at the last three to four years, there's been far more intense technology intervention. Historically, the mortgage process has been paper intensive. But today, the technology can enable a completely digital experience. That allows that much more probability or propensity of data being accessible, either through a breach in network or through a breach in the cloud because most of this data is residing in an image form on an internal or external network.

There is a drive for self-service portals. If you look at the documents that lenders used to collect, there used to be W2s and income documents. Now, we’re looking at a stage, where the customer or is letting the lenders directly go into a bank fetch all this information. While that's great from an experience standpoint, it also opens up potential exposure for a borrower if the lender is not ensuring encryption of that data as it's coming in or securitizing it through the right means and measures.

Using technology to improve user experience is great, but in the absence of a holistic framework of ensuring the security of that information, it can be a bane as well.

Which technologies will define 2019 for the mortgage industry?

We’re already seeing intense technology intervention to interface with customers through applications like mobile-enabled customer interface, which allow borrowers to send in information directly through their phone. That space will continue to evolve, whereby more and more document gathering or customer information or updates going back to customers will be pretty much online and mostly over mobile phones. Wherever possible, the industry will see self-service modules for a borrower to engage with and even beyond, such as technology where a lender may not even get information directly from a borrower, but get their sign-off and say for income calculation, fetches directly from the bank.

We are seeing a lot of technology interventions through the lifecycle of a process, but the overall loan origination system hasn't necessarily evolved over the last couple of years and in certain cases, over decades as well. There will be a push on workflow solutions, to ensure faster time to fund and increased throughput. While eSigning is already available with most lenders, eAttorney and eNotarization are also getting popular.

The next two years will see more adoption of these technologies especially as millennials start embracing that a lot more over the next year or so.

What trends will define the next three quarters for the mortgage industry?

Lenders’ business will be challenging from a volume standpoint. While interest rates have declined at present they are likely to rise further which might put pressure on the purchase market as well. We will see more and more of a buyers’ market over the next couple of quarters on the origination side and the smart lenders will take heed of these trends to become more agile and efficient. The industry will also head towards more automation and digitization in mortgage processes, not necessarily through huge investment in technology but through providers who can supply a SaaS kind of a model because not many lenders might want to invest significant dollars in a market, which is already pressed for margins.

The key differentiator would be the customer experience. We are already seeing some of the top lenders coming up with a 15-day time to close kind of proposition. On the servicing side, again the margins would be under pressure. Compliance will be a key on the servicing side.

In fact, compliance tools would be embraced far more by servicers, to help them make some margins because in the recent years, the quality of the collateral has been pretty good. I don't see defaults necessarily going up anytime soon, but you may start seeing some pressure on defaults towards the end of the year because of the probability of propensity for the borrowers to pay. Lenders and servicers who have the right intent, and have made the right investments in cyber security or their technology solutions will continue to prosper.