The conversation started in Times Square, with MBA Secondary buzzing in the background.
I had a chance to sit with James Brody and Ronald Gapp of Brody Gapp LLP, who were making a case that every mortgage professional reading this needs to hear.
AI isn’t coming for your industry. It’s already here. The question is whether you’re managing it or it’s managing you.
The Wake-Up Call Most Lenders Are Missing
James put it plainly: most companies don’t even know how much AI they’ve already ingested. It’s in your LOS. It’s in your vendor stack. It’s in the $20-a-month chatbot your loan officer is using to figure out how to handle a personnel issue — and in doing so, potentially dumping sensitive HR and borrower data into an LLM with zero privacy protections.
“You don’t have an expectation of privacy in many of those cases,” James said. And if you’re in litigation? Those AI chat logs are fair game for opposing counsel.
Ron’s warning was equally direct: even if you decide as a company to pause AI adoption, your loan officers are not pausing. They’re going to find the easy button on their own. And a rogue free-tier ChatGPT account with a 1003 attached to it is a far worse outcome than a properly governed enterprise solution.
The Biggest Mistake Isn’t What You Think
Asked to name the single biggest mistake mortgage companies are making right now, Ron didn’t hesitate.
Doing nothing.
Not having an AI use policy. Not having a vendor management framework that accounts for AI. Not having a conversation at the executive level about what your company is actually doing — and what your staff is doing on their own.
James added the other side of that coin: lack of education. Too many decision-makers’ eyes glaze over when AI comes up because they’re overwhelmed by the noise. But Fannie Mae and Freddie Mac have already issued directives. Nobody is complying yet. That window won’t stay open.
What An AI Governance Plan Actually Looks Like
This is where Brody Gapp is doing real work — and where most firms are starting from zero.
Think of it like compliance, James said. You have a compliance officer or team touching every part of the business. An AI governance plan is that same structure, applied to AI — inventory what you’re using, govern how it’s used, vet your vendors, and make sure your policies (Gramm-Leach-Bliley included) are updated to reflect the actual risk exposure you carry.
That means an AI use policy, a vendor management policy with AI-specific language, privacy policy review, and if you’re building anything in-house, a real conversation about SOC 2, bias risk, and data governance.
The vendor piece is where it gets complicated. Fannie and Freddie are telling lenders they need enough visibility into their vendors’ AI to certify compliance — but vendors aren’t exactly eager to open the hood.
Brody Gapp has been bridging that gap, helping lenders get enough information to satisfy regulatory expectations without requiring vendors to expose their core IP. Their work with Friday Harbor — one of the first mortgage tech companies to go through a formal AI compliance attestation — is a model for where the industry needs to go.
Context And Wisdom Are The New Competitive Edge
One thing James said that stuck with me: the people who will win with AI aren’t the ones who can code. They’re the ones who can point the weapon correctly. Experience, domain knowledge, and judgment — things mortgage veterans have spent careers building — are now more valuable than they’ve been in years, not less.
That’s not spin. That’s the actual shape of where this is going.
Join Us On June 4
On Wednesday, June 4, NMP Ignite presents Anatomy Of An AI-Enabled Mortgage Company, a live virtual event built around exactly this conversation, at a level of depth we couldn’t get to in Times Square. James Brody and Ronald Gapp will walk through how AI is operating inside mortgage companies right now and how to make sure yours is healthy, compliant, and built to compete.
Leading mortgage tech companies will be on hand for live product demos.
If you run a brokerage, lead a production team, or make technology or compliance decisions for an IMB, this event was built for you.
