The Mortgage Collaborative Releases Aggressive 2016 Growth Data, Marking $150 Billion in Origination Volume
SAN DIEGO, Calif., Dec. 20, 2016 (SEND2PRESS NEWSWIRE) — The Mortgage Collaborative, the industry’s premier mortgage cooperative, today released year-end data on its 2016 growth. “Adding 50 new lender members and 20 new Preferred Partners in 2016 met the aggressive goals established by our Board, and grew our aggregate origination volume to over $150 billion,” said David G. Kittle, CMB, the Collaborative’s President.
“In addition to these amazing gains we’ve extended our partnerships with Fannie Mae, Freddie Mac and NAHREP, and hired two experienced professionals to support Rich Swerbinsky, our EVP of National Sales. Jen Peachman and Tom Gallucci bring valuable years of customer service experience to TMC,” Kittle said.
“We also greatly expanded our educational and peer-to-peer networking platform that offered lender, networking calls on relevant and specific industry issues,” he said. “As we move into 2017 TMC will continue to expand on both our Winter and Summer conferences, both of which were resoundingly successful in 2016.”
Thank you to each of Lender Members & Preferred Partners for a wildly successful 2016! Looking forward to continued success in 2017!
Credit Plus offers a monthly edition of America's Mortgage News accessible to all through their YouTube channel. Click this link to view prior editions.
Who is Vulnerable to a Cyber Attack? Everyone. Protect your business by reviewing your processes, plans and insurance policies.
By Lee Brodsky, President, MBIG
Why Is The “We’re Not Big Enough” Defense A Fallacy?
In the past few months, the news has reported on a record-breaking breach suffered by Yahoo, the barrage of hacked emails from members of the Democratic Party and a massive cyber attack that shut down a number of major online entities, including Twitter, Amazon, Netflix and PayPal. While these attacks would seem to act as a warning sign that businesses need to better protect their data and their company from the affects of a cyber attack, many executives instead dangerously assume they’re safe. “After all,” the reasoning goes, “hackers are only interested in huge targets, such as multinational corporations and political parties. They won’t go after me. I’m too small.”
Of course, that outlook flies in the face of current statistics, which suggest that every company–no matter the size–is at risk. In its 2016 Internet Security Threat Report, Symantec noted there is plenty of hacking to go around. Of the companies in their study, small businesses (fewer than 250 employees) accounted for 43% of all attacks, medium size (250-2,500 employees) 22% and large corporations (2500+) 35%. The report also noted that there’s been a steady increase in attacks on companies with fewer than 250 employees over the last five years. In fact, attacks on those companies jumped 11% from 2014 to 2015.
One explanation for this jump in attacks on small to mid-size companies is obvious. Hackers know these companies are less likely to have a data security plan in place, making them an easier target. Even more, it’s becoming easier for them to initiate attacks through automated malicious code that gets access to your system and sends back the data. Thanks to these unmanned attacks, they don’t need to expend much energy to attack smaller companies making it more worth the effort.
Now in addition to the fact that your data may not be well protected and hacking has become easier, throw into the mix that you’re in the mortgage banking business and collect personal information from your customers, prospects and employees. Put that all together, and it’s no stretch of the imagination to see how your firm could be the perfect target for an enterprising cyber thief.
What Do Cyber Thieves Want From Your Business?
Cyber thieves want data, and the data you collect is particularly valuable to them. In 2015, according to the Symantec report, the top information exposed can all be categorized as personally identifiable information (PII):
This is a shift from previous years when financial information, such as credit cards, was the stolen data of choice, enabling hackers to ring up fraudulent purchases on someone else’s dime. But, credit card companies and users have become quicker to notice atypical purchases, limiting the usefulness of stolen credit card data to the individual hacker and the black market value if they should try to resell the data. As a result, financial info (which includes credit card details and other financial credentials) has dropped from number four in 2014 to number six on the above list.
On the other hand, personally identifiable information offers cyber thieves greater flexibility. Forget stealing one person’s credit card data. With personally identifiable info, a cyber thief can open up countless credit cards in another person’s name. That hacker can also obtain fraudulent government IDs, apply for loans, commit health insurance or Medicare fraud, file for fraudulent tax refunds, resell the data and more.
In a January 2016 press release put out by the Identity Theft Resource Center (ITRC), which tracks breach information made publicly available, they noted that 2014 was the year of the credit card breach, citing 64.4 million debit/credit cards exposed due to breaches. In contrast, 2015 saw breaches expose only 800 thousand debit/credit cards. That significant drop is because hackers were putting their energies into stealing over 164.4 million social security numbers. Appropriately enough, ITRC dubbed 2015 the year of the social security number breach.
Of course, this personally identifiable information (along with a host of other valuable information) is the exact info you need from customers and prospects when you originate or service loans. Even more, you collect much of this same information from your own employees. This helps explain why, according to the ITRC release, the Financial/Banking/Credit industry was ranked third in number of reported breaches (behind Business/Service at number one and Healthcare at number two). This marks the first time the financial industry—your industry—has cracked the top three.
What Could The Cost Of A Data Breach Be To Someone In The Mortgage Banking Industry?
The most important factor in determining the cost of a data breach is not revenue, number of employees or even number of originated loans but rather the total number of records in your database, which can include past and present customers, prospects and employees.
In its 2016 Cost of Data Breach Study, The Ponemon Institute, an organization that conducts research on privacy, data protection and information security policy, found that the average cost per lost or stolen record for a US company in 2015 was $221. They further broke down that $221 into $76 spent on direct costs incurred to resolve the data breach, such as investments in technologies or legal fees, and $145 spent on indirect costs, which included notification efforts and customer turnover.
Even more, the average cost per lost or stolen record for a company in the financial industry was $264. This rate was greater than the average because this industry is more highly regulated (companies could face fines for their breach) and because, when breached, companies in this industry suffer a higher-than-average loss of business and customers.
So, using this average cost per record, even a database of only one thousand records could end up costing you somewhere in the neighborhood of $264,000. How many records do you have in your database? Thousands? Tens of thousands? Hundreds of thousands? The Ponemon Institute found that, of the companies they studied, the average total cost of a data breach was over $7 million. What would be the repercussions if your company suddenly had to deal with a $7 million loss?
How Can Your Firm Protect Itself From Losses Due To A Data Breach?
The first step is to review your current processes and inherent risks. Some of the main questions to ask are:
The extent and cost of a data breach can be reduced if you put into place data governance initiatives. These initiatives act as quality control protocols for how to protect, manage and use your data and should include appointing a Chief Information Security Officer (CISO), creating a business continuity management strategy that identifies your company’s risk of a breach, developing an incident response plan and training employees on proper procedures as well as making them aware of potential threats. Once the strategies are in place, you can then start looking at more tactical executions, such as installing data loss prevention software, which limits the ability of users to send sensitive information outside the corporate network, as well as encryption and endpoint security solutions, which ensures devices connected to your network follow a defined level of compliance and security standards.
While the above recommendations will take some to implement, there are other simpler solutions you can begin undertaking right away.
Use Strong Passwords
Passwords should be at least 10 characters and include a mix of lower and upper case letters, numbers and non-alphanumeric characters and symbols. Avoid using actual words since hackers can run software that checks for every word in the dictionary (and please, please, please don’t use password, password1 or admin). You can also use a password generator (to develop a password) or aggregator (to store your passwords). Just make sure that if you’re digitally saving passwords, the only way to access them is through a password that you must remember and key in–don’t store that password on your computer or device. This way you limit the damage if your computer or device is lost or stolen.
Enact Strong Password Protocols
Be smart in how you use passwords in your system. Don’t reuse passwords in multiple places (otherwise a compromise of one can give a hacker access to other systems). Instead of sharing one account and one password, give everyone unique login credentials. That way you can easily shut down and create a new account if one is compromised. Additionally, it will be easy to turn off that account once an employee is no longer with the company (and protects you in case they don’t leave on the best terms). Lastly, compartmentalize access. By only giving your employees access to the data they need and not the whole system, you’re limiting exposure should a breach occur.
Keep the software, browsers and applications on your computers, phones, etc. up to date. Old software can have vulnerabilities that hackers can exploit.
Back Up Regularly, Have A Plan To Restore Data
If data is corrupted, locked up in a ransomware scheme or undergoes some other emergency, you want to be able to restore the backup quickly to minimize downtime.
Educate Your Team
Many breaches occur because employees just aren’t aware of the cyber threats, especially how thieves might try to deceive them through email, websites and now social media. Train them on how to protect their passwords and properly react to attachments, links and information requests sent to them in emails (by both trusted and unknown senders) and to let the proper team members know if they notice anything suspicious. Ultimately, encouraging awareness and good habits among your team can positively affect your data security.
Why Do You Need Cyber Liability Insurance?
Good procedures will greatly limit the chance that you could suffer a data breach. But, human error, the speed with which new technologies are introduced and the tenacity of cyber thieves means there’s no 100% solution. So, should a breach actually occur, Cyber Liability Insurance can then be the second line of defense, protecting your company from the immense expenses that you would otherwise have to pay out of pocket.
Most Cyber Liability Policies will cover the costs of reasonable expenses that are the necessary in response to a breach and therefore may include:
As an added bonus, many Cyber Liability insurance products include a risk management component, which can include sample policies, recommended procedures and other best practices that give your company a framework to follow in developing a plan for managing cyber risk.
When seeking out Cyber Liability coverage, work with a qualified insurance agent or broker who has experience working with companies in the mortgage banking industry so that the coverage, limits and other elements are written to the needs of your specific company. You will need to make sure that the policy covers your major areas of exposure and that the limit is high enough to protect you from your potential loss. Here’s where looking at your total data records multiplied by the average cost per record of lost or stolen data is key.
While premiums have been increasing for this coverage as of late, they’re still quite reasonable, especially when comparing policy limits to the potential out-of-pocket risk.
Ultimately, What’s The Biggest Threat To Your Business?
Inaction. You need to acknowledge that a cyber attack against your business is a possibility (maybe even an inevitability) and make a conscious decision to take action and protect your data, customers, business and bottom line.
Nonetheless, despite all the warning signs, many are still not motivated to act, letting the supposed cost, time and labor of enacting proper protocols or purchasing insurance outweigh the very real and much higher cost they’d incur if their system was breached.
Consider CFO Magazine’s 2016 survey of 233 CFOs:
Given the number of past attacks and the respondents concern about future attacks, it’s actually startling to see how few CFOs in the survey are estimating the potential expense of an attack AND how few are seeking out insurance (only slightly more than the number that have been the victim of an attack).
Data breaches are a part of business now. Like Property and Casualty or Workers’ Comp, you need to treat the cyber threat like any other risk to your business and purchase the appropriate coverage. While it’s true, you may have to spend thousands or even tens of thousands now to enact a cyber plan that puts into place safe protocols and includes Cyber Liability Insurance. Keep in mind that the average cost in 2015 for a data breach was over $7 million. Investing now can save your company millions in the future.
* * *
Lee Brodsky has specialized in insurance for the mortgage banking and financial services industry for more than 30 years. In May 2004, he established Mortgage Banking Insurance Group at JMB Insurance. As an independent brokerage, his group helps mortgage bankers and brokers procure various insurance coverages that meet client goals and satisfy investor, GSE or warehouse lender requirements.
Seroka & NAHREP Consulting Form a Professional Alliance Focused on Cultural Diversity & Inclusion Services
Seroka has established a professional alliance with NAHREP Consulting Services (NCS), the consulting arm of the National Association of Hispanic Real Estate Professionals, to help our clients and the entire mortgage industry more effectively reach Hispanics, the country’s largest demographic of new homeowners.
Consider this: Last year Hispanics accounted for 69 percent of the total net growth in U.S. homeownership, and they were the only major racial group to increase their homeownership rate in 2015.
These statistics, in combination with the mortgage industry’s minority requirements, inspired us to equip our clients with strategies that will improve their business results through a meaningful connection with the Hispanic consumer. To that end, NCS complements our brand development, PR, marketing communications and digital service offering with two unique programs:
SimpleNexus Successfully Completes SOC2 Attestation Engagement to Convey the Design & Effectiveness of Its Internal Security Controls
SimpleNexus is the leader in private-labeled mobile technology for the residential mortgage industry. Independent mortgage lenders, banks and credit unions rely on SimpleNexus to stay competitive, close loans faster, and remain compliantly convenient for their sales teams. Founded in 2011, SimpleNexus is the trusted fintech provider who has kept up with the strict regulatory environment in the mortgage space. SimpleNexus supports more than 10,000 active loan originators, has been used for more than 2.5 million calculations, and their mortgage apps have been opened more than 4.5 million times.
On December 7th, SimpleNexus announced receipt of its Service Organization Control [SOC] 2 Type II attestation engagement report, providing independent validation that the company's internal security controls are in accordance with the American Institute of Certified Public Accountants' applicable Trust Services Principles and Criteria.
The report, prepared by the auditing firm The Owen Group, evaluated SimpleNexus' mobile mortgage services, mortgage software integrations, and relationship based marketing systems, focusing on organizational and operational safeguards against unauthorized access, both logical and physical. The key criteria analyzed included policies, communications, procedures and monitoring.
The review process confirmed SimpleNexus' adherence to the AICPA's Trust Principles related to security controls. The AICPA created the SOC guidelines to provide an authoritative benchmark for service organizations to demonstrate implementation of proper control procedures and practices. Type II reports include detailed testing of the operational effectiveness of the described systems' security controls.
"The SOC 2 attestation engagement report clearly illustrates that security is of paramount importance to SimpleNexus," said Matt Hansen, the company's CEO. "SimpleNexus undergoes independent audits annually, for certification as a fintech vendor in the mortgage space.
"Public and private companies rely on SimpleNexus to drive new business as well as close loans more efficiently. Today's announcement provides assurance that we have the systems and control procedures in place to safeguard clients' sensitive information. It is one more reason why SimpleNexus is recognized as the mortgage industry's gold standard in mobile mortgage solutions."
Learn more at SimpleNexus.com and the SimpleNexus blog; follow updates on Twitter: @simplenexus or on Facebook.
Automated quality management improves customer service and increases investor confidence.
How the regulatory environment may change given the recent election results remains to be seen, but regulatory implementation will continue to test lenders in 2017. Be it TRID, HMDA or URLA, lenders will need a continued focus on quality loan manufacturing, compliance, customer service and reducing the cost and time it takes to originate, process and close a loan.
This is why LoanLogics is continually investing in research and development to help lenders synchronize and streamline the manufacturing and quality control process. In-line, real-time quality control and quality manufacturing assurance will enable them to drive costs down and significantly decrease the time it takes to originate a loan.
Embedded rules and workflow automation will replace the current practice of finding defects after the fact, eliminating costly re-work and quickly finding the sources and causes of defects to prevent proliferation across loan production.
“Lenders and the industry can no longer accept after-the-fact quality control processes which have proven to provide little to no value. Without real-time, in-line quality control, costs will continue to rise and lenders will struggle to serve the changing digital dynamics of the industry and consumers it serves,” said Brian Fitzpatrick, LoanLogics’ president and CEO.
The impact of in-line, automated quality management and loan manufacturing goes beyond cost reduction and extends to significantly improving customer service and increasing investor confidence. Lenders can improve borrower satisfaction by reducing delays, closing loans faster and providing more competitive pricing, all the while assuring investors of the quality of the assets that are produced.
In 2017, lenders need to work on automated workflow driven process, embedded quality and manufacturing rules and key changes in data acquisition, validation and verification to drive costs down. Aligned with that, LoanLogics will continue to accelerate investments in new capabilities that empower lenders to take back control of their business through ease of configuration and reduced dependence on their technology providers to meet dynamic business needs. Business agility will be the key to success for mortgage lenders.
As part of its roadmap, LoanLogics will enhance its cloud-based platform and services to transform the mortgage industry with an unprecedented level of automation. Expansion of its robust rules engine and automated workflow will provide structure for the evaluation of compliance during the manufacturing process, addressing the pages and pages of regulations from the CFPB, GSEs and HUD, as well as the requirements of investors to whom they deliver loans.
LoanLogics’ technology will continue to challenge conventional methods by enabling clients with capabilities that disrupt the normal pattern of doing things while delivering measurable return on investment. The company has invested in industry expertise that includes a mix of technology, mortgage risk, compliance and regulatory specialists with knowledge that fuels content-rich technology development, reducing the cost of regulatory compliance for clients.
It also works with top lenders and investors, following a customer-centric approach for the development of technology innovation and enabling them to more closely align capabilities with market need.
LoanLogics’ most recent innovation, LoanHD Investor Module for Correspondent Loan Acquisition, tackles a technology gap that existed for correspondent investors and highlights its customer-centric approach to product development. The platform automates up to 80% of the processes typically performed manually, including loan pricing, the creation and management of commitments through locking and hedging, loan document classification and data extraction, management of both delegated and non-delegated underwriting business models, and loan funding and onboarding.
“Our partnership with our clients is driving significant growth in the firm and helping to move the industry toward an automated mortgage business that increases transparency, ensures compliance, cuts costs and eliminates material defects in mortgage loan files,” said Fitzpatrick. “Costs must come down, quality must improve and service to consumers must be completely redefined.”
LoanLogics’ brand slogan is “The game has changed, play different.” Fitzpatrick said the company embraces the changing mortgage landscape — including regulation — and believes there is no better time to transform our industry through innovative thinking, technology and lenders who are willing to eliminate the status quo. “We all have to continue to play different, we all have to think different, we must innovate every single day.”
“The game has changed and we’ll see even more change in the foreseeable future, creating an absolute imperative for lenders to play different in order to remain competitive and viable as an entity,” Fitzpatrick said. “We see the frustration lenders deal with on a regular basis. Their honest, open feedback, coupled with our strong desire for continued technology innovation, will keep us all on top of our game.”
Seroka Launches New Division that Specializes in the Next Generation of Digital Communications for the Mortgage Industry.
Seroka, the premier provider of brand development, marketing, and strategic communication services to the mortgage industry since 1987, announced it has launched a new division, Seroka Digital. The division will focus on serving the mortgage industry's need for true digital communications leadership.
The dedicated digital division expands upon Seroka's current, core digital services and will complement the firm's well-established certified brand development and strategic communications divisions. Seroka Digital will assist its clients with the effective utilization of these demanded marketing tools as they increasingly target and engage with Millenials.
The services offered through Seroka Digital include:
Dave Perry has been retained to lead this division. Dave has more than 10 years of strategic social media and digital efforts for companies such as CITGO, Dell, Harley Davidson, HP & Firestone. Additionally, he has built the digital divisions at several global advertising agencies.
This past week has been a record setting one for our cooperative network, as eight new Lender Members joined The Mortgage Collaborative! With the addition of these new member companies, TMC has now added 20 outstanding new originating Lender Members to our network over the past 80 days.
One of the things we love most is seeing new Lender Members experiencing their first TMC Conference, and we’re going to be lucky to have many new members in Arizona in early March! Please note that while we have the entire resort to ourselves in Scottsdale, it absolutely will sell out. So to avoid having to stay at another property, please take some time to register for conference before the holidays hit.
2016 has really been an exciting one for The Collaborative. It's been so rewarding to see so many lenders embrace a simple principle: We are stronger together than we are on our own. The sharing of resources and ideas allows people to perform better on an individual basis. You are able to get something you need from someone else, and they are able to get something they need from you. Therefore, each of you is made better.
It’s been a year that has seen us more than double our number of Lender Members. One that has seen us add more than 20 best-in-class Preferred Partner companies to our network, many of them leaders in the technology and innovation space in our industry. We’ve added new members to our team, appointed David Kittle to President, executed two phenomenal member conferences in Tucson and Denver, and significantly expanded our educational and peer-to-peer networking platform.
We're driven by always searching for new ways that we can help positively impact the many wonderful companies across America that we’re lucky to call members. Thank you for being one of them.
TMC - Chief Operating Officer