Highest standards, education help keep brokers safe, says chief risk officer
When you are trying to protect the data safety of more than 5,000 brokers and their clients across Australia and New Zealand, cybersecurity is of paramount importance.
That vital focus is not lost on LMG chief strategy and risk officer David McQueen (pictured above), who is responsible for risk, cybersecurity, regulation and compliance at Australasia’s largest broker aggregator.
He said Loan Market, and more broadly LMG, had led the way as an aggregator in the mortgage and finance industry when it came to cybersecurity.
McQueen and LMG broker advice consultant George Brandoli hosted a breakout panel session at the Loan Market Scale Up national growth conference for brokers in Adelaide last week.
Titled “How to use AI, stay cyber safe and identify fraud early”, the workshop covered useful topics including leveraging AI for compliance, cybersafety tips, ASIC’s key focuses for FY25 and fraud risk management.
Speaking to MPA during Scale Up, McQueen said LMG had adopted not just the ISO 27001 compliance standard, as many other aggregators had, but also the higher standard SOC 2 Type 2 compliance report.
“We’ve done that because we believe that to play a role in things like open banking in the future and given where consumer data is and the challenges around privacy and security, that you just have to have the highest possible standards,” said McQueen.
“It’s not an ASIC mandate but we wanted to lead the space on this.”
LMG also appointed Luke Jarmaine as chief information security officer (CISO) in June 2023. Jarmaine recently received the CISO of the Year award at the 2024 Australian Cyber Security Awards.
McQueen said Jarmaine’s focus was not just on the security of LMG’s platform but the security of the many different “ecosystems” used by 5,600 brokers across the network.
“When we talk about AI as an example, a key focus for us is how do we ensure that those brokers, whether it's within our platform or in everything that they're doing, are cyber safe? It's been a big focus of ours.”
In May, LMG hired cyber coach Laura Bennett, whose role is to train brokers on cybersecurity.
The aggregator has also rolled out password managers available to all brokers and multi-factor authentication on all platforms.
McQueen said educating broker businesses to be cybersafe included coaching them through Brokerversity on how to use AI tools such as ChatGPT effectively and safely and “not put data at risk, and in turn, their businesses at risk”.
“We’re supportive of chatbots and some of these text tools, but what we believe is that brokers need to be really educated on which tools are safer than others.”
This meant not only updating brokers on which tools to use but also identifying what was sensitive data, such as personal information that should not be included.
LMG brokers are using ChatGPT and other tools to write broker recommendations or capture information, but it cannot include customer PI, said McQueen.
“Coaching your brokers on how to use those tools to save them time but simultaneously keep them safe is really critical.”
McQueen said LMG recommended brokers take out cyber insurance and the best way to do this was to talk to an insurance broker to find the right product tailored to their business.
“We’ve had brokers that have been compromised, and if they hadn't had that cyber insurance, there would have been a lot of issues.”
Brokers also needed to be familiar with the terms and conditions of the insurance and follow them to ensure they were covered if something went wrong.
Updating brokers on compliance, cybersecurity
McQueen said LMG had an omni-channel approach to updating brokers on the latest cybersecurity threats and best practices. This included Thrive education sessions, breakout events at conferences such as Scale Up, and PD days twice a year.
Thrive compliance sessions are also held weekly and the cyber coach regularly visits broker businesses.
“We’re also the only aggregator in the country to have dedicated compliance coaches in each state,” McQueen said. For example in South Australia, George Brandoli is a dedicated compliance coach who can also teach brokers about cybersecurity.
ASIC’s focus for 2025
McQueen said ASIC’s focus next year when it came to mortgage brokers and aggregators would be operational resilience and cybersecurity.
“We don't hear much from ASIC when it comes to advice, because I think they recognise, if you look at NPS, if you look at the number of complaints, brokers do an amazing job.”
Brokers should be thinking about cybersecurity and operational resilience and how their aggregator can support them in this regard.
Digital lending
In a separate Scale Up session, McQueen also interviewed Michael Starkey, co-founder of non-bank digital lender Athena, and Athena chief marketing officer Sarah Sproule (both pictured below).
The pair spoke about Athena’s journey from start-up to digital disruptor and how brokers can work alongside digital lenders and embrace tech tools to strengthen broker-client relationships.
McQueen said there had been commentary in the Australian Financial Review that lenders were writing loans below the cost of capital and questioned whether the broker channel was genuinely making profits for the banks.
“That’s their [banks’] reason for pivoting towards digital disruptors such as CBA’s Unloan,” said McQueen.
Athena was an example of a digital lenders who was saying “yes we believe in digital, but simultaneously we also believe in the broker channel.” It had notched some impressive loan numbers working with LMG brokers, showing how a digital proposition could go hand in hand with the broker channel.
“We’re of the view that the future is about digitally enabled brokers as opposed to digital replacing brokers,” said McQueen.
“Digital will actually take out cost for lenders, take out cost for brokers and also save them time, making them more effective and efficient.”
Athena has recognised the power of advice that a broker provides to clients, he said.
The conversion rates of some digital-only lenders hovered around 5%, with narrow, ‘vanilla’ criteria. “The customers that go through, the quality of those applications is pretty average – it creates a bad consumer experience, it creates a bad commercial outcome for the lenders.”
McQueen said there were no truly end-to-end digital loans anywhere in the world. “The reality is only 5% of loans would ever fit that criteria and as soon as you fall outside of that box you need a human being to look at that loan.”
Athena had found the middle ground between those lenders that weren’t offering digital products and the digital lenders that weren’t leveraging mortgage brokers.
“With more than 74% market share, how do you not play in the broker space?”
Historically, mortgage broking had been very focused on the painstaking process side but with the introduction of best interests duty (BID) came the recognition of brokers as trusted.
“That’s what the focus should be on – let’s get the best possible advice and take away the pain on the process,” McQueen said.
He said Athena and other similar lenders ensured faster turnaround times through a seamless digital process. “That doesn’t mean we don’t need the broker – we still need the broker to provide the advice, work with the customer, ensure their needs are considered and a higher quality loan is sent over to them.”
How important is cybersecurity to your broking business? Comment below
