What Should Small Lenders Fix First? A Compliance Priority Framework (Expert Panel)

When a compliance consultant walks into a new client engagement, they rarely find a company that doesn't care. They find a company that's overwhelmed. In this episode of Risk and Roll, the panel tackles a simple but loaded question: if you had to tell a small or mid-sized lender to focus on three things, what would they be?

Watch the full episode below, or scroll for the highlights! Featured guests:

Bob Simpson — Daylight AML

Ray Snytsheuvel — Loan Risk Advisors

Dana Georgiuo — Lending Luminary

Greg Oliven — Polygon Research

Nathan Knottingham — MLO Force

TL;DR

Written policies and procedures are still missing at too many lenders HMDA data shows smaller independents are losing close to half their pipeline before closing BSA compliance is easy to fake and costly when it fails Unlicensed activity is one of the least forgiving violations regulators pursue Retention matters as much as acquisition, and most lenders ignore it

Start With What's Written Down

Dana Georgiou, joining the episode fresh in her new role as Chief Revenue Officer at private lender Dunmore, opened with the most basic question a compliance leader can ask: do you have written policies and procedures? The answer, more often than not, is some version of "we've been meaning to get to that." In private lending especially, where regulatory requirements are fewer but still real, this gap creates immediate exposure. BSA, AML, and HMDA obligations don't disappear just because a lender operates outside the conventional space.

Know What the Market Is Actually Doing

Greg Oliven pulled fresh 2025 HMDA data showing 4,754 lenders reported originations last year across nearly 12 million applications. Among independent mortgage bankers, the smaller shops are losing ground. Their borrower shopping indexes, a measure of how often an approved borrower walks before closing, run between 33% and nearly 50%. At the top of the market, Rocket and UWM sit at 14.8%. The gap is significant and largely comes down to execution and market intelligence. Greg's framework for smaller lenders: stop competing where you can't win, invest in local market knowledge, and fix the leaky pipeline before scaling anything.

BSA Compliance Is Easy to Fake and Hard to Fix Later

Bob Simpson made a point worth repeating: a lender can put together a BSA officer designation, a generic policy, and a one-page risk assessment in an afternoon and sound compliant in a conversation. The problem shows up when something actually goes wrong. An OFAC hit, an unreported suspicious activity, a missed SAR filing — these carry consequences that no policy download can protect against. The fix is substantive: make sure every party on a loan is checked against the OFAC list before closing, file SARs when fraud is present, and treat BSA as a real program rather than a documentation exercise.

Unlicensed Activity Is Not a Gray Area

Ray flagged unlicensed activity as one of the areas regulators pursue most aggressively, and one of the most common compliance problems that lenders don't realize they have. Large origination teams that funnel production through a single NMLS ID are a familiar example. When support staff cross into licensed activity, the exposure is real, and regulators are not lenient about it. Ray's broader framework for new clients: get the data right first, get policies in place second, and use the third priority as a wild card based on what the conversation reveals — marketing compliance, AML audits, or disclosure timing, depending on where the cracks are.

Training Without Accountability Is Just Theater

Nathan tied the conversation back to culture. Knowing the rules matters less than building an environment where people are trained, held accountable, and not incentivized to cut corners when production pressure rises. He also made the case for retention over acquisition — both of borrowers and staff — pointing out that the industry spends far more energy chasing the next deal than keeping the relationships that already exist.

The Common Thread

The panel came at the question from different angles, but landed in the same place. Know your numbers, document what you do, and address the biggest risks first. Compliance doesn't have to be tackled all at once, but it does have to be tackled honestly.

New episodes every two weeks.