Residential Magazine

It’s Time to Get Serious About Document Collection

Email poses too many risks when safeguarding your client’s personal information

By Owen Sorensen

Document collection is one of the most overlooked and under-resourced areas in the mortgage business today. Many banks and financial institutions still heavily rely on email and other legacy processes as their primary means of collecting mortgage documents — leaving themselves highly vulnerable to a range of issues around security and data compliance. That is before you even consider the many hours of manual work it creates.

To understand why email is so unsuited to mortgage document collection, it is worth taking a step back and looking at its origins. The first email was sent back in 1971 by computer engineer Ray Tomlinson, who sent himself an email that read, “QWERTYUIOP.” Since then, an estimated 333 billion emails are sent daily. Today — more than 50 years later — email is still a vital communications tool for companies around the world.

Email has many uses in terms of communication, but problems start to emerge when mortgage companies try to utilize email for purposes beyond what it was intended.

Problems start to emerge when mortgage companies try to utilize email for purposes beyond what it was intended. The world that Tomlinson inhabited in Cambridge, Massachusetts, in 1971 is a much different place than the one that exists today. It is worth noting that the first personal computer virus did not appear until 1986 — some 15 years after the first email was sent.
While software security must be factored into everything companies do today, in 1971 it was not a concern. Using a 50-year-old communication tool to collect mortgage documents and applicant data is borderline reckless when you consider the security risks companies face today.

Email conundrum

First, let’s consider the security issue. Research has shown that 94% of malware is delivered via email. And 84% of U.S. companies have experienced phishing or ransomware attacks in the past 12 months. The security risks that mortgage companies face are growing every year and email is the No. 1 point of attack. Email also brings with it some other risky activities.
For instance, opening an email with attachments from unknown or relatively unknown senders is a high-risk activity. There is a danger that an applicant might not be who they say they are. At other times, malicious parties could imitate an applicant and use email as their point of attack.
Document collection via email also opens the door to human error that can cause embarrassment or even legal action for mortgage companies. Email document collection is very much an ad hoc process involving steps such as uploading, downloading, verifying, resending, replying and maybe even confirming via phone. If, during any of these manual steps, documents are sent to the wrong person, mortgage companies may find themselves in a difficult situation.
There also are issues around data compliance that mortgage companies should consider. The European Union provides stringent guidelines about the ways that companies handle personal data. In the U.S., personal data compliance is a growing concern and more data privacy legislation is proposed.
Banks and financial institutions that collect documents and personal information via email are leaving themselves at risk of noncompliance. With EU laws on data privacy, for example, clients are entitled to request the type of personal data a company has on them. If personal data and documents are floating around various inboxes and email servers, this request becomes difficult to answer.
Lost productivity is another issue caused by email document collection. All of the manual tasks associated with email, such as downloading, uploading and resending attachments, and even following up via phone calls, are major productivity drains and can eat up many hours per week.
For some mortgage companies, there may be another manual step in which the team must upload documents to a central file repository or document management system. Some companies are still using paper documents, which brings its own set of productivity issues.

Forward momentum

The mortgage industry is moving into a digital future with technology at the forefront. Consumers now expect digital banking and loan application capabilities. Banks and financial Institutions are exploring ways to meet these expectations. Investments in technologies such as artificial intelligence, blockchain and machine learning continue to grow.
In general, there is a willingness to embrace new technologies, automate the consumer journey and continue to drive efficiencies in the mortgage application process. Despite this forward momentum, there is still an underbelly of legacy technology and processes that leave financial institutions exposed to growing levels of mortgage fraud. Email is at the heart of this issue.
Investments in new technologies bring their own set of risks, so it goes without saying that security must remain among the top priorities for financial institutions. Furthermore, companies investing heavily in new systems and technologies must bear in mind that any software security system is only as strong as its weakest link — and in many cases, email and its misuse is certainly the weakest link. Even financial institutions that invest in the most cutting-edge systems will find themselves exposed if the use of email for document collection is not addressed.
Financial institutions are moving toward an exciting future. The scope for major efficiency and productivity gains is huge as new technologies are used to streamline areas like compliance, approvals and applications. There are three key factors that companies must consider: the security implications of any new systems, the impact of legacy technology and the use of email for the business.
● ● ●
It is vital for mortgage companies to pay particular attention to their document collection processes and figure out a way to strengthen their weakest link. Those that don’t will be left behind. ●


  • Owen Sorensen

    Owen Sorensen is CEO of PlanetVerify, a personal data and document collection company. He is an electronic engineer with 25 years of experience working as a co-owner and executive director of an international manufacturing and retail company that employs 500 people. After experiencing a minor hacking on his personal bank account, Sorensen realized that the area of personal data and identity was essentially broken, and he founded PlanetVerify to fix it. 

You might also like...