Mortgage Software Solutions Blog

4 Reasons to Implement a Mortgage Business Intelligence Strategy

bim.jpgBI visuals help employees in the company get on the same page.

Business Intelligence (BI) has come a long way since its first implementation.

At its most basic, BI has always involved analyzing reports and performance information to allow companies to make decisions based on past activity.

At the complex level of present-day information gathering, BI handles large amounts of unstructured, seeming unrelated data and then makes utilitarian connections between data points.

Using modern BI, a company can turn information sets into successful business strategies that give them the edge on the market and long-term stability over their competitors. Nowadays companies even have access to industry-specific BI tools.

Can you imagine why the mortgage industry should harness this ability? Here are 4 reasons to implement a Business Intelligence Strategy in your mortgage company.

  1. Integrated BI for Complete Data

By integrating business intelligence, a mortgage company has the ability to gather data on their activity via an existing mortgage enterprise management system (EMS) and then work with that data using the BI module.

With two or more applications communicating seamlessly, administrators have all the company information at their fingertips.

Integrating BI with existing tools like EMS and CRM platforms makes the data sets more ample and complete.

  1. Improved Strategic Awareness

Integrated Mortgage BI goes beyond just connecting platforms. It develops a rich business intelligence data warehouse (BIDW) that forms the basis for future decisions.

The BI module has the capacity of building data model visuals that are easy to understand. Using the full range of information available, this feature processes information to make it actionable. Pulling information from all sources means providing the company with rich prescriptive and predictive analytics output.

The strategy of information awareness and fact-based decisions produces a positive influence on the bottom line.

  1. BI Accessibility Breeds Positive Change

It used to be that companies needed IT analysts to interface with the data and come up with insight. It was a management level activity shared between tech folks and decision makers in the company.

With an industry-specific BI strategy in place, everyday users in a mortgage company can view easy-to-understand level-specific data related to their work. Placing BI in employee dashboards empowers them to make informed decisions. It goes beyond IT data and links up with HR, employee metrics, customized dashboards, and more to give the power of data to employees at every level of the company.

Smart decisions go from being seen as top-down directives to using real information as the basis for decisions company-wide. This change in company culture has the benefit of increasing employee job satisfaction and efficiency, which also affects the bottom line.

  1. Industry-Specific Bi is Affordable

There are plenty of BI applications on the market. From Tableau to Microsoft, the tech industry has developed a plethora of BI platforms with a range of executions.

There are also visionary platforms like Salesforce that are extremely flexible but require in-house IT customization. They come with bells and whistles that aren’t meant for the mortgage industry.

Mortgage companies without the resources to create their own fit have a better option. Industry-specific software with ample performance ability is the sweet spot. A mortgage-specific BI tool like this is the most affordable choice.

Mortgage companies who implement this type of “goldilocks” platform will be able to harness the power of BI quickly and easily.

Mortgage BI, developed by the same Northern California-based company that produces the data-sharing software MortgageExchange™, is a perfect example of this type of “goldilocks” platform.

ABT’s takes Microsoft’s Power BI software and their own MortgageExchange and combines them for a leading example of how companies can harness the big-brand power of BI without being oversized or overpriced. Not too expensive, no surplus of addons, and customized to be just right for the finance industry.

BI offers huge improvements to every modern mortgage company’s business strategy. The improved strategic awareness will save your company from financial missteps and BI-generated visual representations of performance data will put employees on the same page across the company.

With BI implementation, companies can efficiently put their data to work and move forward with clear direction.

Contact ABT directly to learn about Mortgage BI business analytics for your bank, credit union, or mortgage company.


Topics: Cloud Services information security for mortgage companies data interface solution data security mortgage software integration Business Intelligence Mortgage BI security productivity mortgage business mortgage regulations mobile technology mortgage industry

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.


Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.


Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

Solid Steps to Safeguard Against Meltdown and Spectre

ghjfj.jpgTwo defects threaten computers and devices released on the market since 1995.

Meltdown and Spectre are the names given to two newly-discovered bugs terrorizing computers around the world.

At the sound of such unnerving names, it’s hard for security folks at enterprise-level companies to control the panic.

While protocols for dealing with these threats are still on the drafting board, there are solid steps that companies can take to protect themselves.

What are Meltdown and Spectre?

In early January of 2018, the tech world was rocked by the discovery of two colossal security flaws that affect almost every computer and smart device on the market since 1995.

First announced on January 3rd, the bugs’ initial discoveries are being attributed to Jann Horn at Project Zero, a Google-based program for security analysis.

These two separate flaws were simultaneously being probed and announced by a handful of security experts from around the globe. As bits and pieces came out about the exposures, the gravity of the situation became clearer.

Both Meltdown and Spectre exploit weakness in the CPU of most current machines and all their predecessors dating back to 1995.

Since both faults affect major brand-name processors, it means that desktops, laptops, mobile devices, and servers all contain the defects.

The spooky truth is that they affect a majority of computers in use today.

How They Work

Often linked due to the widespread nature of both flaws and the fact that they were discovered around the same time, they do not work in the same way.

The first defect, Meltdown, is named for what it does to affected devices. It sort of ‘melts’ the wall between applications and the machine’s OS and makes it a devastating entryway for hackers.

The second issue, Spectre, is a named for the process from which hackers are able to steal information—namely ‘speculative execution’.

Speculative execution is the technique whereby your device records your computer activity in an attempt to predict future actions. This process helps your device execute tasks quickly, but the records contain sensitive usage information that shouldn’t fall into the wrong hands.

The name also refers to an apparition, which is fitting since companies don’t want intruders ghosting around their private information.

Meltdown affects Intel processors while Spectre affects three kinds of CPU chip: Intel, AMD, and ARM.

Using these newly discovered gateways, popular tech forum Bleeping Computer says, “Malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.”

Vendors React

In response to the potential devastation, the tech community has seen a wave of security advisories and patches to deal with the bugs.

At the pace that vendors are trying to get information out, some have produced conflicting stories: While AMD maintains that its CPUs have a near zero risk of vulnerability, Microsoft quickly pushed out a patch for AMD devices that has caused computers to stop working.

In the haste to calm the masses, it seems some solutions come with problems of their own.

Beyond the CPU

Browsers are also vulnerable due to these glitches.

Safari came out with a patch in December of 2017 while Microsoft just released patches for IE and Edge. Microsoft announced that Windows 10 is safer to use than older versions, but did not provide further details.

After other vendors bumbled, Google reneged on a patch that was promised for January 23rd. Google’s Chrome browser and OS patch came out Friday the 2nd of February, over a week late.

Adding yet another layer to this confusing frenzy, Anti-Virus programs may be incompatible with some systems (notably Microsoft) so don’t go AV-crazy just yet.

In order to be proactive, here are three solid steps you can take to make sure your company is protected.

  1. Assess Your Risk

Guidelines for action from patches to future fixes are available at each vendor’s site. Your company can build a customized response based on vendor-specific information.

  1. Follow Instructions

Take the recommended steps to mitigate any security risks that would leave your company vulnerable.

A smorgasbord of vendors, from Amazon to Cisco, has released advisories to protect their clients and business partners from dangerous activity.

It’s up to your company’s security team to follow instructions based on the software and hardware that your system uses.

  1. Hold Out for More Information

Unfortunately, these bugs were publicly announced recently. The scramble to provide permanent answers is on.

The best thing to do after the initial patch scare is to await further details and instruction from the tech security community.

Businesses protected by ABT’s monitoring service Network Guardian receive monthly reports detailing security threats. Contact us to learn more.


Topics: mortgage documents mortgage business mortgage industry cloud-based data Mortgage Lending disaster recovery malware network intel spectre meltdown network safety

Lawmakers Crack Down on Consumer Data Breaches


New bill to increase cybersecurity oversight in the United States.

Guns are blazing in the US Congress.

In the wake of the major Equifax data breach that lasted from mid-May through July of 2017, US Senator Elizabeth Warren leads the charge in attempts to hold credit reporting agencies responsible for their own cybersecurity.

With a bill proposing to rope the Federal Trade Commission (FTC) into oversight and calling for investigation of the Equifax breach, Warren introduced the Data Breach Prevention and Compensation Act of 2018 to Congress on January 10, 2018.

What Prompted the Bill?

According to Equifax, hackers gained access to sensitive consumer data and maintained access over the course of two months in 2018.

The data that was compromised included names, Social Security numbers, birth dates, addresses, and driver’s license numbers. Victims of the data theft are US citizens as well as people in the UK and Canada. The hackers also stole credit card numbers for 209,000 people.

Though the breach is a significant blunder for the credit reporting agency, Equifax responded by suggesting that the public find out if their information was exposed and allowing victims open enrollment in one year of free credit monitoring services.

Victims and consumer protection agencies alike saw the Equifax response as lackluster and tone deaf.

With identity theft and credit scores hanging in the balance, the public was outraged.

Calling Out the Big Guns

Senator Warren responded on behalf of consumers with a flurry of letters to potential oversight agencies, the United States Government Accountability Office (GAO), and to the three major credit reporting agencies themselves.

In the letter to the GAO, Senator Warren notes that consumers have no control over how their information is collected and used by companies like Equifax. Though credit reporting agencies hold unique power over the management of consumer data, nobody is sure who oversees their mishandling of this sensitive information. Even more shocking is that Equifax seemed to experience no official repercussions due to the hack.

In the letters and the resulting bill, Warren requests clarification of supervisory bodies and demands accountability for the credit agencies in order to protect consumers from future breaches.

In her letters, Senator Warren calls on the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) to consider whether they have authority over credit agencies and could enforce stricter cybersecurity guidelines.

The bill also calls for a significant increase in oversight by the formation of a new oversight body in the FTC. An Office of Cybersecurity is proposed to establish standards for data security, supervise consumer information handling, enforce guidelines, and impose punishment against agencies that don’t comply.

At the heart of the legislation is the protection of data in an industry headed towards more computer- and web-based storage than ever before.

Real Penalties for Serious Breaches

Senator Warren is not alone. Senator Mark Warner from Virginia co-signed the resulting bill. The goal is that with official government oversight, future breaches would be avoided as a result of financial penalties.

Under the terms of the proposed bill, agencies would suffer a $100 fine for each consumer whose private information is compromised plus $50 for each secondary piece of information belonging to that person.

Equifax would have faced $1.5 billion in fines in this case.

In an industry where money talks, this kind of legislation should convince agencies who manage consumer data to get their act together preemptively before letting consumer data fall into the wrong hands.

Inadequate security and a response the equivalent of a company-wide shrug will no longer be tolerated.

Response by Financial Institutions

The push for legislation and further oversight by lawmakers means that banks, credit agencies, and other financial institutions will need to up their cybersecurity game.

To avoid getting hit with major fines and extensive media blowback, the finance industry will be forced to plan ahead and protect sensitive consumer data from hackers like the group that hit Equifax.

Has your banking institution taken steps towards increased security? Is your board of directors aware or concerned about this legislation? Is your company addressing cybersecurity weaknesses in your systems?

Reaching out to software security experts is the obvious ways to avoid getting hit with major fines or extensive media blowback. With help from tech folks, the finance industry can plan ahead and protect sensitive data from hackers like the group that hit Equifax.

 ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Topics: cyber security financial data security multi-factor authentication Business Intelligence disaster recovery

Guide to New York’s Cybersecurity Regulations

The deadline is less than a month away.

As February 15, 2018 draws near, financial institutions in the state of New York are scrambling to comply with cybersecurity regulations that are new to the industry and unprecedented in the state.

Released in early March of last year, Part 500 of Title 23 or Cybersecurity Requirements for Financial Services Companies (2017) is a 14-page document detailing how finance companies will be legally required to protect nonpublic information in their computer systems.

These regulations were implemented by the Department of Financial Services (DFS) citing security risks and the “ever-growing threat” of foreign nation-states, terrorist organizations and cybercriminals. The DFS Superintendent’s office will be overseeing compliance with the new laws aimed at safeguarding sensitive information that banks, credit unions, and mortgage companies keep on file.

As the zero hour approaches, here is a quick guide to the new DFS directives.

Cybersecurity Programs for All 

The main requirement is that all financial institutions under the regulation of the DFS are now required to create and implement a written cybersecurity program. 240_F_41316834_khRM1Linm358EZL0uiTOmQS2tyeankBN.jpg

With computer-based leaks making national headlines, New York’s banks will be held to a high standard.

The main issue of information leaks is “nonpublic information” or data gathered about customers and clients that is not meant for public knowledge. This includes business information, identifying information, account numbers, and even medical information.

A “cybersecurity event” is any action or attempt of unauthorized access to this information.

Security Measures

The new DFS regulations specifically call for annual penetration testing and bi-annual vulnerability checks of all information systems.

This includes extensive recordkeeping of system activity. Each financial institution must keep transaction records for a period of 5 years and an audit trail that records at least 3 years of activity.

The DFS further urges permissions control for all software applications.

Policy Requirements

This new cybersecurity program that every institution must implement is subject to oversight. The regulations require that all policies be recorded and approved by a senior officer or the company’s board of directors.

The guidelines state that any policies laid down must address an extensive list of 14 distinct topics ranging from data governance to disaster recovery planning.

Beyond stating the goals of these new measures, the law requires that companies designate a Chief Information Security Officer (CISO) for in-house enforcement.

This individual is required to report in writing annually about security to the company’s board and will be held responsible in the event of a breach at the agency.

Risk Assessment

Beyond coming up with a plan, the new regulations require action.

Financial institutions must run a complete risk assessment of their company. The assessment must be documented and it should include an evaluation of the adequacy of the existing access controls.

By law, this assessment must be carried out by qualified cybersecurity personnel. To avoid passing the buck, companies who hire out for the job must still exercise due diligence in evaluating the adequacy of the third party’s own security practices.

The law makes it clear that the financial institution itself will be held responsible for the integrity of their new program.

Other Regulations

There is a host of supplementary details in the document that outline currently-held security precautions across the information systems industry.

For example, multi-factor authentication for network access, a time limit on data retention, and regular cybersecurity awareness training for all personnel are all part of the regulation.

Encryption guidelines are spelled out and become subject to annual review by the CISO.


The final issue addressed by the new regulation involves communication with DFS. The superintendent’s office places a strict time cap on security breach announcements. A company has no more than 72 hours to report any event that has a “reasonable likelihood of materially harming the normal operations” of the company. 

Serious events like this have always fallen under reporting laws to local supervisory bodies. Under the new law, these events will be taken up the chain of command to the Superintendent’s office immediately.  

As of last year, New York is taking cybersecurity seriously. With such strict laws, it’s understandable that financial institutions have been slow to enact changes. After the year-long cushion, the new regulations are set to be enforced and financial institutions will be held responsible if they don’t comply.

14 pages of detailed requirements are on the books. As the transition year comes to an end, banks, mortgage companies, and credit unions are under the gun to make it happen.

Are you a CIO?

Has your institution taken the proper steps for system security?

For comprehensive compliance guidance and other cybersecurity solutions and, contact us.

Topics: DocumentGuardian cloud storage mortgage business mortgage regulations Compliance Audit Mortgage Lending DFS 23 NYCRR Part 500 NYSDFS

Cloud Storage Reduces IT Costs and Improves Scalability for Mortgage Companies

Mobile phone in hand

Those of you who've worked in the mortgage industry for the last two decades know how much has changed in just the last five years. Technologies have evolved quickly to provide more ways to accomplish tasks, including superior organization. Despite this, you've perhaps balked on finding ways to reduce your IT costs. Doing things the same way is perhaps hard to break after being in business for over 20 years.

Don't become complacent, because many IT solutions are affordable and necessary.  Security should be paramount when storing client information.  Today's software is being written to comply with the latest regulatory requirements and not all of it is expensive either.

With a rise in cloud and mobile technologies, you can do so much more while paying less. The same goes with scalability.

Using Automation to Improve Client Communication

When you look at the biggest challenges facing mortgage organizations like yours, client communication is at the top of the list. In a time when you likely have to compete with other lending agencies a short distance away, you need to keep your clients loyal.

The way forward is to use automation to gain efficiency. The older methods of reaching your clients only by phone can frequently lead to delays. Consider other communication methods, texting for example may be the best way to shorten the business cycle.    

Automating your communication will allow you to reach your clients faster and provide the ability to personalize content for more sucessful lead generation. Through affordable mobile technology and automation, you can send information at key times to your existing or prospective clients. Doing so educates them on their mortgage options.

Using the Cloud for Data Storage and Retrieval

We noted a while ago that cloud security is the future of all mortgage companies. After saying this over two years ago, it's a fact now, and a must to prepare for the unexpected.

Considering on-site servers can easily become hacked, you need to upgrade to the cloud to keep yourself compliant with client data. While cloud pricing varies depending on needs, it still reduces cost because you're eliminating maintenance on your own servers.

During disasters, you're also preparing yourself for business continuity. You can access anything in the cloud 24/7 as long as you have an Internet connection. When a disaster strikes, you can retrieve all client information immediately to keep your lending business on its feet.

The Use of Mobile Apps to Simplify the Lending Process

Many home buyers want to simplify how they obtain a mortgage without all the protracted steps. Creating a mobile app to make the process easier helps remove complex steps otherwise increasing your operating costs.

An app gives your clients more control over the time it takes to get a loan and the terms they want. Despite apps requiring design time, they'll pay off long-term thanks by increasing business and gaining your customers' trust.

Transparency is an important aspect to lending today. Allowing this through mobile technology is essential, as long as you have quality IT management in place.

Scaling Your Mortgage Company

To keep up with demands, you can do a lot of practical things to scale your mortgage business. If you're short on clients, Zillow reminds using CRM software can often help connect better with potential customers. Also redesigning your website and starting a blog can get home buyers more interested.

During times when you just need to find room to expand data, the cloud can scale quickly for you. This eliminates having to depend on other risky storage methods. When you want to scale due to unexpected growth, you can do so with the cloud, plus still have room for further growth down the road.

At Access Business Technologies, we provide game-changing technologies and tools to help your mortgage business reduce costs while still growing. Our MortgageWorkspace product allows you to scale quickly and securely by putting your business into the cloud. It offers efficient ways to keep your data compliant using intuitive dashboards and admin tools. Learn more about how MortageWorkspace can make the mortgage process easier for your employees and customers by scheduling a call with us. 

 Schedule a Call




Topics: Compliance Cloud Mortgage Servicing Cloud Computing MortgageWorkSpace cloud storage

Cyber Security Trends Put You, Your Company, and Your Devices at Risk


Lock on keyboard

Staying on top of cyber security is one of the most critical aspects of protecting your business. That includes knowing about the latest scams and threats on the horizon. Whether you're protecting yourself, protecting your company, or protecting your devices, you need to know about the latest concerns in cyber security. 

Pop-ups and Scam Calls

Instead of sending out viruses that are likely to be caught by your firewall, many hackers are attempting to catch your team unaware. Pop-ups claiming they are able to "fix" computer problems that don't really exist are one of the most common cyber threats--and unfortunately, they're becoming increasingly savvy. Some are clones of your antivirus software, while others are specifically designed to look like Windows error messages.

Scam calls are also an increasingly common form of social engineering. In order to protect your business, your staff must have the tools to recognize scam calls and react to them appropriately. Without that knowledge, unknowing employees could accidentally release confidential client data or provide system passwords to individuals masquerading as employees. Protecting your company means ensuring that every employee is familiar with the potential for scam calls and knows how to react appropriately. 

IRS Taxpayer Scams

The recent tax season has seen a substantial rise in the number of IRS taxpayer scams. Even the most law-abiding citizen reacts to contact from the IRS with stress and tension. As a result, they're more likely to respond quickly and instinctively to threats rather than taking the time to think their responses through. Today's scammers demand information immediately, insisting that they're going to arrest the victim if they don't respond as soon as possible. They're offer refunds if the victim will simply provide them with necessary bank account information. Scammers frequently insist that payment be made immediately, rather than allowing individuals to set up payment arrangements or take the time to ensure the validity of the communication. 

Note that the IRS never contacts people over the phone. Instead, they'll use certified mail for their initial contact. They also allow citizens to take the time to ensure the validity of their claims and to set up payment arrangements for outstanding debts, rather than putting pressure on citizens for immediate payment. By remaining aware of these circumstances, you can help protect yourself and your employees against this common scam.

Petya Ransomware

Many business owners, managers, and directors are terrified by the rise of ransomware--and with good reason. Ransomware encrypts every file in your system, making it unusable until you either break the encryption and pay the ransom--and in some cases, even if you pay the ransom, hackers may not be able to deliver a "fix." The Petya ransomware attack, which is one of the latest waves of ransomware attacking businesses, encrypts the master boot records of Windows machines. This makes the machines completely unusable until the $300 ransom is paid or a solution is found.

In order to protect against Petya, it's critical that your antivirus software remain updated, as many companies have already released patches that claim to protect against it. You can also protect against ransomware breaches by ensuring that your computer has been updated through at least March 2017, when a critical patch was released that defended against the EternalBlue vulnerability. Petya, in particular, will not impact your computer if you have the read-only file C:\Windows\perfc.dat installed on your computer; however, this will not prevent your computer from impacting others on the network. 

Protecting yourself, your company, and your devices is a full-time job. If you need additional help with this critical process, contact us today to learn how we can help keep your protections updated and your company safer.


Topics: ransomware Petya ransomware cybersecurity

What Your Mortage Company Needs to Know about HOEPA

Home Ownership Equity Protection Act-1.jpg

Congress passed the Home Ownership and Equity Protection Act (HOEPA) in 1994 as an amendment to the Truth in Lending Act. The legislative intent was to tackle the abuses in the mortgage refinancing industry and with respect to home equity loans that charge high interest rates or high fees. Below is some basic information about loans and required disclosures you should be familiar with as a mortgage company.

Section 32 Loans

People often refer to these loans as Section 32 loans in reference to Section 32 of Regulation Z of the Truth in Lending Act (TILA) which put the law into action. The Consumer Financial Protection Bureau issued a final Regulation Z in 2013 which was effective for loans on and after January 1, 2014.

Types of Loans Covered by Section 32

Section 32 covers a loan if the Annual Percentage Rate (APR) exceeds the average prime offer (APOR) rate for a comparable maturity loan by:

  • 6.5% for first liens
  • 8.5% for first liens less than $50,000 secured by a manufactured home, or other personal property
  • 8.5% for junior liens

Section 32 also covers loans where the total fees and points are greater than:

  • 5% of the loan amount for loans of $20,000 or more, or
  • The lesser of 8% of the total loan amount or $1,000, for loans less than $20,000 (threshold figures adjusted annually).

The law also considers a loan a "high-cost mortgage" if that loan charges prepayment penalties 36 months or more after the loan begins or the account opens, or if the prepayment penalty exceeds more than 2% of the amount being prepaid. A prepayment penalty does not include "conditionally waived" upfront good faith third-party closing costs.

Section 32 loans apply to those for refinancing, purchase-money loans, home equity loans and home equity lines of credit with high rates or high fees. The rule does not apply to loans to build a home, reverse mortgages, loans issued by HFAs, or loans under USDA's Section 502 Direct Loan program.

What Happens if a Loan Comes under Section 32?

The lender who makes a Section 32 loan must make certain disclosures to the borrower no less than three business days before the loan process completes or the account opens.

The following required disclosures are in addition to the general TILA disclosures:

  • Written notice that the borrower does not have to complete the loan even if he's already signed the application and received the disclosures (borrowers have 3 business days after receiving the Section 32 disclosures to decide if they want to sign the loan agreement)
  • Written warning that the lender will take a mortgage lien on the home, that a borrower who fails to make the required payments can lose the home and all money put into it
  • Written disclosure of the APR, the payment amount. If the borrower has a variable rate, the written notice must state that both the rate and the monthly payment amount may increase as well as the maximum monthly amount

The final regulation provides, if the information in the disclosures becomes outdated or inaccurate, the lender must provide new disclosures and start a new three-day period. Consumers may waive the three-day period for a personal emergency.

The lender may provide the new disclosures by telephone -- if the consumer initiated the change -- and if (before the parties complete the loan agreement or the account opens):

  • The lender provides the new disclosures
  • The lender and consumer sign a written agreement with respect to telephonic disclosures

Abuses Are Banned from High-Rate Loans

The law prohibits the following features in relation to high-rate Section 32 loans:

  • Balloon payments generally; (Balloon payments generally mean a loan where the borrower's regular payments do not pay off the principal and the borrower must pay a lump sum amount of principal at the term end)
  • Prepayment penalties
  • Financing points and fees
  • Late fees if they are greater than four percent of the past due amount or late fees imposed before the loan is 15 days past due
  • Lenders must provide the borrower with a payoff statement within 5 days of the borrower's request (with fees restricted)
  • Fees to modify or defer the loan
  • Lenders may not recommend or encourage default

For home equity lines of credit, the lender must assess the borrower’s ability to repay. For closed-end home equity loans, the borrower must satisfy the requirements of the 2013 Ability-to-Repay Final Rule. Congress passed the ability to pay provisions under the Dodd-Frank Wall Street Reform and Consumer Protection Act. The final Regulation Z put these rules into effect.

Other Abusive Practices Prohibited by Section 32

Section 32 forbids lenders to engage in lending practices based on the property's collateral value without taking into account whether the borrower can repay the loan.

Home improvement loan dollars must disperse directly to the borrower (or jointly to the lender and the contractor) or to an escrow agent.


A borrower who sues the lender for violation of Section 32 may recover statutory and actual damages, court costs and attorney's fees. The borrower may also rescind the contract for up to three years.

To delve further into the details on the final rules with regard to determining interest APRs and index, determining high-cost points and fees, as well as determining interest rate thresholds under the average prime offer rate (APOR) read Recent Changes to HOEPA. 

Topics: Compliance for Mortgage Companies

Leverage Your Cloud Software for a More Efficient Workflow



Making the most of your mortgage software for an efficient workflow is an admirable goal. However, it’s not enough to have this goal; you have to know how to make it come to fruition. Read on to discover different ways to do this. But first, it’s important to understand the role of your software.

Mortgage Software

Your software should improve the borrower's experience when applying for a mortgage. It should also improve the efficacy of the your company’s internal operations.

Softwareor any tool you use—is not an added benefit to the mortgage process, however, if it adds unnecessary steps to the employee's workload and slows down the workflow.

We need it to meet the needs of lenders, including the demands imposed by the Consumer Financial Protection Board's regulatory schemes. When it is successful, mortgage software plays to the your company’s strengths. It fills in gaps where there would typically be deficiencies. And, perhaps most difficult of all, it predicts regulatory requirements.

Understanding Your Organizational Workflow

Learning how mortgage software can improve your workflow and how to select the right product requires an intense evaluation of the two processes that make up the workflow.

  • internal operations
  • borrower experience

Internal Operations

Each mortgage application has the same basic stages (although additional requirements may attach for specific loans). Organizations need to understand, by evaluating and analyzing the processes, how they operate in each of the stages described below:

  • pre-qualification
  • application
  • verification
  • processing
  • underwriting
  • closing

Managers probably have their own ideas of how their companies may improve the various stages. After all, it is not always a one-size-fits-all solution. It is important to evaluate these stages not only in terms of legacy processes but also in terms of how they might improve through the use of cloud technology.

The analysis of a workflow provides an opportunity to review compliance efforts and see where automation or cloud technology can help improve compliance. An added benfefit is that it may even save time and money.

A prime example is the three-day disclosure rule. A tool that automatically sends disclosure information within the three-day disclosure window may eliminate human errors (inconsistencies) and speed up the process at the same time. Cloud software applications may save time by verifying data provided by borrowers against aggregate databases.

Your analysis will show where you have bottlenecks, inefficiencies, and duplication of effort. When you look at the workflow priorities together with the organization's strategic goals, the type of software that works best for the organization will become apparent.

The Borrower's Experience

The digital mortgage is coming to the industry. For a business that has relied on face-to-face communication with borrowers and a significant paper trail, it may seem a difficult transition. There are, however, many ways that technology can improve the borrower experience. In fact, borrowers may move easier in that direction than lenders.

On-demand services in other consumer areas has led borrowers to expect faster service from elsewhere in their lives, including what is typically considered the largest purchase of a person’s life - home buying. The process will never match push-button, instant satisfaction like other consumer service areas, because of the compliance aspect. Technology, however, can help in two ways.

  • Transparency through on-line dashboards, mobile applications, and other self-serve features
  • Access to loan data through digitally managed and delivered documents, and a holistic view of their data helps borrowers feel they have a better handle on their loans


This powerful cloud-based portal from Access Business Technologies provides your teams the freedom from the paper chase that they want, but with the control they need over internal workflow and compliance processes. With Mortgage WorkSpace offers your company the abilities to manage documentation, software applications, devices and security all from within the portal. Additionally, it includes Office 365 Mortgage, giving you the advantages of Office 365 but built specifically for the mortgage industry.

To learn more about how cloud-based solutions can make your mortgage company more efficient, please contact us.


Topics: MortgageWorkSpace