by Matthew Stoehr
As is true for many businesses, cybersecurity has become an area of focus for commercial real estate lenders. A once slow adopter of technology and automation, the real estate finance industry has modernized over the past several years and, because of that, must take measures to prevent security breaches and protect customer data.
In a recent report on cybersecurity, McKinsey & Company identified three current security-related trends which directly impact businesses and must be addressed to ensure borrower data is protected: 1) growing on-demand access to ubiquitous data and information platforms, 2) increased use by attackers of sophisticated tools like artificial intelligence, machine learning and automation to launch advanced offensives, and 3) the ever-growing regulatory landscape and the gaps in resources, knowledge and talent that are outpacing cybersecurity.[i] All three increase the likelihood that a lender may experience a breach, making cybersecurity crucial.
Fannie Mae and Freddie Mac have begun to address lending security concerns in a multitude of ways through data control, compliance management, SOC-2 compliance, appraisal processes, apps, and other means. Lender partners, including Sabal Capital Partners and Regions Bank, are required by the agencies to meet their cybersecurity mandates. Non-agency lenders face similar cybersecurity challenges and must find their own paths to addressing them.
One security concern for all lenders is the systems provided by third-party vendors which help power the technology behind their lending and servicing platforms. In order to optimize security, a lender must make sure all vendors are also compliant with security mandates. The management of vendors, no matter how paramount to overall security, can however become an administrative challenge.
SOC 2 compliance is another area of focus. Essentially an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients, SOC 2 certification is issued by outside auditors. The process is costly but provides essential peace-of-mind to both lender and agency.
Because data for rent rolls and other critical information is pulled during the appraisals process, this is another security focus. Like lending data, appraisals data must be secured with similar controls. A borrower’s data is ultimately only as secure as its weakest link.
Costs run high with all of these measures and established lenders are better able to absorb them than others who may find them too prohibitive to bear. Regardless, the answer to addressing many security concerns is automation. By its nature, automation must be thoroughly tested and it thus brings controls and efficiencies into the lending process. A manual environment without controls is one ripe for inconsistencies. Automation also provides reporting and monitoring functions, facilitating successful interaction between auditor and lender, and reducing costs. Automation leveraged well within security systems will also detect, notify and remediate any security breaches.
All of this may seem just a concern for lenders, but a borrower should care about the security measures employed by their lender. The more invested a lender is in terms of security, the more peace-of-mind to borrower. No borrower wants their private data concerning real estate holdings, guarantors, property, appraisals or loan transactions being accessed by hackers. Additionally, the more secure a lender is, the more time it will have to focus on the business of servicing its customers and their loans.
Matthew Stoehr is Chief Technology Officer of Sabal Capital Partners, LLLC, a wholly-owned subsidiary of Regions Bank. Contact Stoehr at Matthew.Stoehr@Sabal.com, visit www.Sabal.com.
[i] McKinsey & Company, Cybersecurity Trends: Looking Over the Horizon, March 10, 2022, https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/cybersecurity/cybersecurity-trends-looking-over-the-horizon