A Slowdown In Compliance? Don’t Believe It!

There’s a narrative making the rounds in certain mortgage lending circles. Some are suggesting that with the Consumer Financial Protection Bureau seemingly scaling back certain activities, compliance pressures may soon be easing. The current federal government shutdown seems to add credence to this story.

Is it possible that after years of struggling through the downturn with compliance costs always on the rise, the industry may finally be able to catch its breath?

This is a comfortable fiction. But it’s not the truth. If you believe it, you’re missing a significant part of the story.

While attention has focused on changes at the federal level, state regulatory agencies have been quietly, and not so quietly, ramping up their examination capabilities.

Reports from recent industry conferences indicate that many former CFPB staff members have found new homes at state agencies, bringing their expertise and institutional knowledge with them. This will ramp up capabilities at the state level, though it’s not yet clear how the states will use this new power.

What is certain is that state examination teams are growing larger and more sophisticated. They’re not just filling gaps left by federal pullbacks; they’re proactively building capacity to address lending practices within their jurisdictions.

For lenders operating across multiple states, this shift creates a more complex compliance landscape, not a simpler one.

Instead of dealing with one federal agency’s interpretation of regulations, you may find yourself navigating dozens of state-specific examinations, each with its own priorities and focus areas.

As my team tracks compliance requirements across the country, it’s not an easing of requirements we’re seeing. It’s quite the opposite. While the CFPB still maintains authority over the major rules governing our industry, it could be the states that actually spend more time examining and enforcing those rules.

We don’t yet know how the various states will set their priorities, but one likelihood, at least, seems extremely likely. Artificial intelligence is on everyone’s radar, and so we’re watching developments in that area very closely.

AI changes everything

Perhaps the most significant development in the regulatory space isn’t about staffing levels or agency restructuring. It’s about the technology available to these agencies and how it is likely to be used.

State examiners are being trained extensively on artificial intelligence (AI). They’re learning how AI works, but also how to evaluate its use in lending operations. This represents a fundamental expansion in examination methodology.

With AI-powered tools, examiners can analyze loan files, identify patterns, and flag potential issues at a scale and speed that was impossible just a few years ago.

A manual review that might have covered a sample of a few hundred loans can now analyze thousands. Questions that took days to formulate can be generated in minutes.

If lenders think they’ll face fewer examination inquiries because of reduced federal oversight, they may be in for a surprise. AI could dramatically increase the volume and specificity of examiner questions, requiring more detailed responses and documentation. This will require more preparation on the part of the lender and likely ramp up compliance costs.

The shadow AI problem

Regulators aren’t wrong about looking at the way lenders and their originators are utilizing AI. Here’s the uncomfortable truth that most lenders aren’t addressing yet: your employees are already using AI, even if your leadership team hasn’t put guardrails in place yet.

Many lenders have adopted a wait-and-see approach, deferring decisions about official AI tools and policies until the regulatory landscape becomes clearer. Meanwhile, the cutting-edge firms and those with dedicated technology divisions are actively embracing AI and building governance frameworks around it.

But even organizations without official AI strategies need to wake up to reality. Employees aren’t waiting for permission. They’re using ChatGPT, Claude, and other publicly available AI tools right now, whether their employers know it or not.

The question isn’t whether your team is using AI. The question is: do you have any oversight of how they’re using it?

What gets pasted into the void

Consider a common scenario. A loan officer needs to respond to a borrower’s question. They’ve drafted a response but want to make the wording clearer or more professional. So, they paste their draft into ChatGPT with a prompt: “Make this sound better.”

It seems harmless enough. They’re not making underwriting decisions or sharing Social Security numbers. It’s just language refinement, right?

But what happens to that text once it’s entered a public AI system? What data is being captured? How is it being used to train future models? If that response included borrower information, even seemingly innocuous details like loan amounts, property addresses, or employment information, where does it go?

Most employees aren’t thinking about these questions. They’re focused on efficiency and getting their work done. That’s not a criticism, it’s just human nature. But it creates real compliance and data security risks that lenders must address.

The policy gap

Whether your organization feels ready for AI or not, you need a policy. Now. That policy doesn’t have to be perfect, but it does have to cover your customers’ privacy. It needs to exist, and employees need to know it exists.

At a minimum, your AI policy should address which AI tools, if any, are approved for business use, what types of information can never be entered into public AI systems, how to handle borrower data and personally identifiable information, consequences for policy violations, and a process for requesting approval to use new AI tools.

The longer lenders wait to establish these guardrails, the more exposure they’re creating, not just from a compliance standpoint, but from a data security and reputational risk perspective as well.

The idea that compliance pressures are easing is wishful thinking. Between state agencies building capacity, examiners leveraging AI for more thorough reviews, and the proliferation of unsupervised AI use within lending organizations, the compliance landscape is becoming more complex, not less.

Smart lenders recognize this reality and are preparing accordingly. They’re establishing AI governance frameworks, training their teams on appropriate use cases, and getting ahead of regulatory expectations before they become formal requirements.

Because we cannot know for sure what the future looks like for mortgage compliance, our team will continue to monitor the changes and work with our lender partners to formulate appropriate responses. As we do so, we won’t just be looking at federal regulators, but at the agencies working to protect borrowers in every state.

At Mortgage Cadence, we’re helping lenders navigate this evolving environment by building better technology and staying ahead of regulatory trends. Because in a world where compliance never really slows down, the winners are those who prepare proactively rather than react defensively.

Melissa Kozicki is the Director of Compliance at Mortgage Cadence.
This column does not necessarily reflect the opinion of HousingWire’s editorial department and its owners. To contact the editor responsible for this piece: zeb@hwmedia.com.