QUESTION
Our compliance department is being downsized. Apparently, I am one of the first to be fired–oh, excuse me, I mean downsized. Suppose I sound like I have a chip on my shoulder. In that case, I suppose I do, since this is my fourth compliance job that, through no fault of my own, is being downsized. It especially bothers me that the Chief Compliance Officer asks me, before I leave at the end of the month, to provide a list of compliance blind spots that we have encountered over the last few years.
Anyway, I have been working on the list. However, the list is only involved with our company's blind spots. How about everyone else? I want to highlight some potential blind spots that may or may not be occurring in our company, but which could happen elsewhere. Since you have many clients across the country, I wonder if you could share the types of compliance blind spots that your clients encounter.
Thank you in advance! By the way, I have read your articles for years. I will continue to subscribe wherever I go. I have my résumé out, but many companies are not hiring. So wish me well!
What are some compliance blind spots in mortgage banking?
SOLUTION
We recommend the following Compliance Tune-up®!
Compliance Management System
The Compliance Tune-up® series assesses the overall strengths and weaknesses of departments, functions, and regulatory compliance, regardless of a financial institution’s size, regulator, complexity, or risk profile.
ANSWER
I am sorry that you are being downsized or, as you put it, fired. The tendency to use terms that mask the reality of circumstances can be infuriating. To be downsized means your position is eliminated as part of your company's permanent reduction of its workforce. It usually happens to cut costs or restructure. This is a business decision, not a reflection of your performance, and can be a response to economic downturns, technological changes, mergers, or a need for greater efficiency. I wish you all the best. Wherever you go, please stay in touch!
Working with many clients provides an advantage because we can share our knowledge and experience with each client. The fact is, these days, no individual compliance department can master all the diverse issues associated with mortgage compliance. After a while, a company begins to form a rather parochial, narrow, and lopsided view of compliance challenges, as its understanding of compliance is specific to its particular experience. This model is problematic because a company faces numerous risks, and therefore, it can be blindsided by a lack of knowledge relating to compliance issues affecting other companies.
I will share some blind spots that we have come across over the years. After nearly two decades, many compliance challenges have changed. But there are some perennials. My feedback here is certainly not comprehensive. I hope it helps!
Fair Lending BLIND SPOTS
First up in blind spots is fair lending. Many compliance managers are familiar
with the basics of fair lending and rely on various types of reviews. The blind
spots become a veritable regulatory minefield if they manifest themselves. Blind
spots in areas such as prohibited practices, equal access to credit, loan
applications compliance – including advertising, inquiries, reviews, loan
disbursement, ongoing servicing, to name but a few – are areas that have
massive legal consequences. However, I think this blind spot may be boiled down
to at least these components.
·
Data Analysis Limitations
· Marketing and Outreach Bias
Marketing materials may inadvertently exclude or discourage certain demographic groups, for instance, by not featuring diverse imagery or targeting underserved communities. For example, financial institutions risk bias when renting mailing lists based on criteria that skew toward specific neighborhoods.
· Narrow Scope of Protected Classes
Many lenders
focus primarily on race and ethnicity for fair lending risk, overlooking other
protected bases like gender, age, disability, or marital status.
· Consumer Complaint Process
Failing to
integrate customer complaints into fair lending monitoring can prevent lenders
from catching potential issues early.
· Training
Relying solely on the compliance department often leads to complacency. Fair lending training should be regular, effective, and complete for all relevant staff.
LOAN ORIGINATION AND PROCESSING BLIND SPOTS
This blind spot
is so rife with compliance challenges that I hardly know where to start. Surely,
the following are likely to appear on any list of such concerns. At every stage of the loan flow process, compliance
must proactively respond to potential legal and regulatory mandates.
· Undisclosed Debt
The period
between loan origination and closing is a high-risk blind spot. Borrowers may
incur new debt during this "quiet period," which can increase their debt-to-income ratio and potentially violate ability-to-pay rules.
· Manual Processes
Financial institutions
that rely on manual processes and spreadsheets for calculations and disclosure often struggle to adapt to regulatory changes, creating errors and risks. If you
think that everyone works in an automated loan origination environment, think
again!
· Mortgage Quality Control
Failing to perform adequate mortgage quality control (QC) exposes lenders to significant risks, including severe financial penalties, loan repurchase demands from investors, legal liabilities, and regulatory enforcement actions. And, it is a breach of contractual obligations with entities like Fannie Mae, Freddie Mac, and other investors. This is a recurring issue with many mortgage originators.
· Compliance Management System (CMS)
Without a strong CMS, how do you know the answer to this question: What necessary compliance oversight requirements are being efficiently and accurately documented throughout the loan flow process? A significant blind spot is a CMS that fails to organize the various dimensions of compliance management.
THIRD PARTY AND AFFILIATE OVERSIGHT
Third-party
oversight is a key component of compliance that provides a process for monitoring and managing the risks associated with external vendors and service providers on which a company relies for its operations. What we have found in our audits are
several blind spots involving the establishment of policies, conducting due
diligence, performing ongoing monitoring, and ensuring that third parties meet
the same standards for security, compliance, and performance as the primary
organization.
· RESPA: Affiliated Business Arrangements
Lenders may not sufficiently scrutinize joint ventures or other affiliated business arrangements. Regulators watch for "sham" operations that could be a front for a kickback scheme rather than a legitimate partnership.
Data Security and technology
Generally, the
compliance requirement involves implementing practices to protect digital information from unauthorized access, corruption, or theft through the use of technologies,
strategies, and policies. In the last few years, we have seen an increase in encryption,
firewalls, and data loss prevention systems. However, the blind spots have
become more apparent over time.
· Incomplete Security Metrics
High security
scores may create a false sense of data security. Blind spots include
unprotected personal devices used for work, policy exceptions, and accounts
that lack multi-factor authentication (MFA).
· Outdated Systems
In our AML Test Audits, we have noted that outdated Anti-Money Laundering (AML) programs can be a significant blind spot, potentially leading to regulatory findings and licensing issues.
EXTERNAL FACTORS
Two huge blind
spots are climate risk and shifting regulatory scrutiny. I would describe
climate risk as the potential for financial losses resulting from climate change,
which can be categorized into two main types: physical risk (damage caused by
extreme weather events) and transition risk (economic shifts resulting from climate policy and decarbonization efforts). This risk threatens the value of properties, can
lead to higher default rates for borrowers, and disrupts the stability of
mortgage portfolios. Both of these blind spots relate directly and indirectly
to compliance management.
· Climate Risk
Financial
institutions can have blind spots regarding the potential and actual impact of
climate-related events on properties. This affects resource allocation, funding
pauses, and communication with borrowers.
· Shifting Regulatory Scrutiny
A focus on federal compliance can lead to neglect of state-level regulations. Indeed, a decrease in federal scrutiny may lead to increased oversight from state regulators and consumer groups.
_____
This article, Blind Sports in Mortgage Compliance, published on November 6, 2025, is authored by Jonathan Foxx, PhD, MBA, the Chairman & Managing Director of Lenders Compliance Group®, the first and only full-service, mortgage risk management firm in the United States, specializing exclusively in residential mortgage compliance.
