Private & confidential

by Adam Smith17 Oct 2011

Mortgage brokers handle an incredible amount of private client information, but are you taking the necessary precautions to ensure that information is safe?

The mortgage industry has changed considerably since the early 1990s. In the early days, an application was handled by the broker, then sent by courier to the lender and copies were stored in filing cabinets. Then came the fax machine, which cut out the courier, but not the filing cabinet. And more recently there is the use of email, online portals and cloud computing. Despite these technological advancements, the issue of client privacy has remained the same. Clients have always demanded security of their personal information. However, how the industry deals with these concerns and the risks associated with privacy continues to evolve.


The mortgage industry is not immune to breaches of security. In Canada, 14 data breaches occurred in the space of a few months in 2008. In each case, someone pretending to be a mortgage agent downloaded credit reports for people who hadn’t even applied for a mortgage. The personal information of thousands of clients was placed at risk. The breaches raised concerns about data security and as a result the Canadian mortgage industry underwent a nationwide audit. Despite the security scare, the audit revealed there were still concerns about data security, with haphazard storage of documents containing personal information, inadequate consent by clients and a general lack of understanding about, and accountability for, privacy issues.


But what are Australian brokers doing to make sure the same situation doesn’t occur here? According to Mortgage Choice CIO Neill Rose-Innes, the Australian mortgage industry has advanced significantly in the last 15 years. “Governance regimes have been put in place to protect those in the industry to protect everyone in the value chain – and I think that’s almost a natural consequence of a maturing industry,” he observes. “In terms of the evolution we’re not that different from any other industry.” Despite technological changes in the way brokers conduct business, brokers’ approach to client privacy should fundamentally be the same.

Rose-Innes says brokers can protect their clients and their businesses by having a clear policy and following it up with regular audits. “A lot of it comes down to the protocols and practices in place around risk management and governance against these kinds of breaches and it’s important to have clear policies and expectations around the management of personal and private details,” he says. “If you have those practices in place, it’s very important for that to be monitored and audited and checked, so that there is general and ongoing compliance in that regard.” Increasingly, brokers are using cloud computing to store client information.

While Rose-Innes is a big supporter of these types of services and solutions, he cautions brokers to perform proper and formal due diligence on service providers. Full diligence around contract provisions, the underlying technology used, the people that are involved in that business, the protocol that they have in place to protect your asset – being your client – and protect your business, is extremely important, he says.

“Quite often it’s an area that’s overlooked – particularly in the cloud world,” he remarks. “Brokers often feel they can’t influence the contractual terms of my relationship with the service provider and that’s not true. The provider is really keen on having your business, therefore there is an element of influence over that contractual outcome. So it is important to have that conversation but it needs to be a specific and focused conversation. Quite often you get a contract and people scan through it and then just sign on the dotted line, but it needs to be more diligent than that, more formal and I would suggest that it needs to be documented and recorded in some formal manner by the broker so they can evidence if something unforeseeable does happen they can go back and point out that they have followed the right protocols in order to ensure the integrity of their service.”

To spend a few dollars on some professional advice to protect and insure your organisation’s sustainability and longevity is a small price to pay, Rose-Innes adds. “Seek professional assistance, would be my clear guidance in that area.”