The Hidden Risks: How Vendor Compliance and Delayed Technology Updates Are Increasing Lender Vulnerability

By Matt VanFossen, CEO of Mortgage Automation Technologies & Absolute Home Mortgage Corporation

Over the past decade, the mortgage industry has undergone a significant technological shift as lenders replace manual processes in favor of automated workflows. While these partnerships with third-party tech vendors have driven efficiency and innovation within the industry, they have also introduced a variety of challenges and risks – particularly when vendors don’t comply with evolving regulatory standards or delay necessary technology updates. To position themselves for success in this rapidly changing market, it is critical that lenders take proactive steps to protect their operations from implications associated with these technological transitions. 

Case Study: The Emergence of ICE Mortgage Technology’s Encompass™ Partner Connect – A New Integration Paradigm 

Spearheading the technological revolution within the mortgage industry has been ICE Mortgage Technology (MT) – a dominating company that is driven by the mission to “automate everything automatable for the residential mortgage industry.” Over the past eight years, ICE MT has honed the development of Encompass, their API-based technology designed to streamline third-party integrations within its service provider network. This comprehensive platform facilitates access to essential third-party services, such as credit checks, income and asset verification, and compliance tools – all of which are critical in navigating the complex regulatory environment that has emerged post Dodd-Frank. So, it comes as no surprise that Encompass has become the dominant industry platform for over 70% of lenders in the industry. 

When originally developed, ICE MT relied on a Software Development Kit (SDK) to enable this ecosystem. While the SDK offered flexibility, it also came with risks regarding security, and proper oversight of compliant and non-compliant authorizations. ICE MT introduced Encompass Partner Connect (EPC) – a new API-based integration framework with significant improvements in enhanced control and monitoring capabilities. Given the sensitive nature of the data housed in EPC, ICE MT enforces rigorous standards for third-party integrations such as stringent code approval processes and mandatory adherence to security updates. 

With ICE MT rumored to be sunsetting the SDK entirely, in favor of mandating all integrations to transition to the API framework provided by EPC, many vendors and lenders have been confronted with the critical questions of how will this impact the state of the play within the mortgage industry and what are the risks associated with failing to adapt to new technology. 

The Dangers of Legacy Technology 

Lenders are increasingly dependent on third-party service providers, both for micro and macro solutions. Micro solutions might include simple plugins—such as income calculators, data import/export tools, or custom-designed enhancements to Encompass™’s user interface—many of which are built on the SDK. The risks are even greater when considering macro solutions like point-of-sale (POS) and customer relationship management (CRM) systems and pricing engines – all of which serve as the backbone of a lender’s operations. The impending sunset of the SDK poses a threat to the continuity and stability of these systems, making it essential for lenders to assess their technology stack and vendor relationships immediately.

For vendors, the challenges are multifaced and pressing. In the challenging post-COVID environment, vendors face the daunting task of refactoring their codebases to align with EPC’s requirements, sunsetting legacy SDK integrations, and transitioning all third-party integrations to the EPC network. The result is a triple threat for vendors: they must overhaul their core system architecture, dismantle unauthorized direct integrations, and adapt to the EPC framework—all while coping with reduced revenue and increased pressure from lenders seeking more cost-effective solutions. The financial and operational strain of these changes could be overwhelming, particularly for smaller vendors or those heavily reliant on legacy technology.

Proactive Steps to Prepare for the Transition

For lenders, the first step is to engage in detailed discussions with their vendors, asking critical questions about their progress in transitioning from SDK to API-based integrations. 

Next, conduct a thorough audit of your internal technology stack and identify any legacy plugins or custom-built tools that may be at risk to determine whether these tools can be updated or replaced with EPC-compatible alternatives.

Finally, start exploring the market for new technology solutions. Many fintech companies launched after 2020 have already made the jump to API-based integrations and are likely to be EPC-compliant. Investing in these newer technologies may provide a safer, more future-proof option.

For vendors, the message is clear: adaptation is not optional. Prioritize the transition to EPC, refactor your codebase, and eliminate any unauthorized direct integrations. Delaying these actions could result in financial and operational setbacks, potentially jeopardizing relationships with lenders and market position.

The Cost of Inaction

The mortgage industry is on the cusp of a significant technological transformation. The transition to Encompass™ Partner Connect is not just about compliance—it’s about safeguarding the integrity and functionality of your systems. Lenders and vendors alike must act now to avoid the pitfalls of legacy technology and position themselves for success in a rapidly evolving market. The cost of inaction is simply too high.

Matt VanFossen is the CEO of Mortgage Automation Technologies and Absolute Home Mortgage Corporation.