Categories
Finance & Capital

Launching a Mortgage Lending Firm? Heed this InfoSec Advice

In the past, the mortgage lending industry was essentially controlled by a small number of banks and financial institutions with very, very deep pockets and friends in high places. However, these days — and ironically, thanks to the Great Recession — the mortgage lending marketplace is much broader, and barriers to entry and far smaller. You no longer need to have tens of millions of dollars in working capital to get in the game. As long as you have a valid mortgage license (and each state has its own requirements) and a business structure in which to legally operate (e.g. LLC, S Corp, etc.) then you’re ready to start helping individuals and businesses bridge the funding gap for the property the want. Well, actually — not quite!

Multiple InfoSec Obligations 

Yes, you’re headed in the right direction. But before you start serving clients and building your reputation for excellent, it’s important to ensure that you have all of your information security (InfoSec) boxes ticked; and there are more today than ever before. Here are some of the key obligations that need to be part of your firm now and into the future:

  • Complying with all prevailing regulations and laws that relate to InfoSec practices and policies, including (but not limited to) the Dodd-Frank Act, the Federal Truth in Lending Act, The Federal Housing Finance Regulatory Act, the Hope for Homeowners Act, and more.
  • Using enterprise-grade network and end point (e.g. desktop, laptop, tablet and smartphone) security — including corporate-supplied devices (“COPE”) and employee-supplied devices (“BYOD”).
  • Securing all confidential data at-rest and in-motion, including corporate-owned and controlled digital properties (e.g. websites, apps, etc.).
  • Ensuring that all third parties (e.g. contractors, consultants, etc.) have appropriate security controls in place.
  • Having a plan in place to deal with potential or real cyber security breaches, such as malware attacks, viruses, Trojans, ransomware, and so on.
  • Training staff on properly storing and sharing data.
  • Implementing a robust social media compliance
  • Creating an asset inventory of all hardware and software.
  • Having an appropriate disaster recovery process in place.

The Bottom Line 

The residential and commercial mortgage marketplace is growing, which is good news for entrepreneurs like you who want to apply your knowledge to help individuals and businesses bridge the real estate funding gap. However, it’s essential that you comply with all InfoSec requirements and expectations, including those that are not necessarily part of regulations or laws, but are nevertheless industry best practices. Otherwise, you could end up with lasting reputation damage that might ground your fledgling mortgage lending firm before it has a chance to really take off — and achieve its potential to be a lucrative, long-term success!