How do I configure risk governance settings in FundMore for our compliance team?
Automated Underwriting Software

How do I configure risk governance settings in FundMore for our compliance team?

8 min read

Configuring risk governance settings in FundMore helps your compliance team standardize decisions, reduce manual errors, and demonstrate strong controls to regulators and auditors. Because FundMore is a comprehensive LOS built for underwriting, QC, and risk management, you can centralize many of your governance rules directly in the platform instead of relying on spreadsheets or ad‑hoc processes.

Below is a structured approach you can adapt to your organization’s policies and regulatory framework.

1. Align risk governance with your compliance framework

Before changing any settings in FundMore, align internally on what “risk governance” means for your institution:

  • Define your risk appetite and limits

    • Maximum allowable LTV, DTI, and GDS/TDS thresholds
    • Exposure limits by product, region, channel, or borrower segment
    • High‑risk flags (e.g., stated income, self‑employed, non‑traditional credit)

  • Map regulatory and investor requirements

    • National and provincial/state lending regulations
    • Investor overlays (e.g., insurers, GSEs, whole‑loan buyers)
    • Internal credit and compliance policies

Document these clearly. Your FundMore configuration should mirror this rulebook so your compliance team can prove that the LOS is enforcing the policy by design.

2. Set up user roles and access for the compliance team

Effective risk governance starts with who can see, change, and approve what. In your FundMore environment, work with your administrator to:

  • Create or refine compliance‑specific roles

    • Compliance Officer / Risk Manager
    • QC Analyst / Auditor
    • Policy Administrator (who can edit rule sets and governance templates)

  • Configure role‑based permissions

    • Access to risk and QC dashboards
    • Ability to view and export audit logs
    • Rights to modify or approve risk rule changes
    • Restrictions on editing key loan data (e.g., income, property value) after certain stages

  • Set approval workflows for configuration changes

    • Require dual control for changes to risk rules or QC checklists
    • Log all configuration edits with user, timestamp, and reason

This structure supports SOC 2‑level controls around security, confidentiality, and privacy, and helps your compliance team demonstrate strong change management.

3. Configure core risk rules and scoring criteria

Next, configure the risk rules that drive underwriting and review decisions. While exact screens may vary by implementation, you’ll typically work with:

3.1 Credit and borrower risk parameters

  • Credit score thresholds

    • Minimum FICO/credit score by product type
    • Score bands that trigger additional review or documentation

  • Income and employment risk

    • Flags for self‑employed borrowers, commission income, or multiple employers
    • Rules that require enhanced verification for non‑standard income

  • Debt‑to‑income and affordability limits

    • Max DTI / GDS / TDS thresholds by product or LTV band
    • Tiered rules (e.g., if DTI > X%, require compensating factors)

3.2 Collateral and property risk rules

  • LTV and CLTV thresholds

    • Max LTV by product, occupancy type, property type
    • LTV bands that require mortgage insurance or additional valuation review

  • Location and property type flags

    • Higher‑risk property types (e.g., condos, rural, mixed‑use)
    • Rules that trigger additional appraisal review or third‑party data checks

Because FundMore integrates with property intelligence providers, you can use these rules to automatically trigger deeper due‑diligence for certain locations or property types.

3.3 Policy and documentation requirements

  • Mandatory documents per product

    • Income, assets, identity, down payment, and occupancy documents
    • Additional documentation for exceptions and non‑conforming cases

  • Dynamic document rules

    • If condition X is present (e.g., self‑employment, rental income), require document set Y
    • Automatic flags when required documents are missing or outdated

Configure these rules so your compliance team can quickly see whether every loan meets documentation policy before closing.

4. Build governance workflows for underwriting and QC

FundMore’s LOS is designed for underwriting and QC automation. To embed risk governance:

4.1 Underwriting workflows

  • Standardize decision pathways

    • Define clear stages: Intake → Initial Underwriting → Conditions → Final Approval → Pre‑Close QC
    • Attach rule sets to each stage, so the system enforces the right checks at the right time.

  • Risk‑based routing

    • Route high‑risk or complex files to senior underwriters or specialized risk teams
    • Use conditions (e.g., high LTV, marginal credit) to automatically escalate for secondary review

  • Exception handling

    • Create workflows for policy exceptions, including:
      • Required documentation
      • Additional approvals (e.g., Risk or Credit Committee)
      • Detailed rationales captured in the system

4.2 QC and post‑funding governance

With FundMore’s focus on QC and regulatory compliance:

  • Configure QC sampling strategies

    • Random sampling of closed loans
    • Targeted sampling for higher‑risk channels, brokers, or products
    • Full population review for specific risk campaigns or remediation

  • Standardize QC checklists

    • Map QC questions directly to regulatory requirements and internal policy
    • Assign severity levels (minor finding, major finding, critical defect)

  • Automate defect tracking and remediation

    • Create workflows that open remediation tasks for underwriting or operations
    • Set SLAs for response and resolution by risk level
    • Require clear documentation of corrective and preventive actions

This gives your compliance team a repeatable process rather than ad‑hoc reviews.

5. Set up monitoring dashboards and risk reporting

Compliance and risk teams need visibility into how well governance controls are working. In FundMore, configure:

  • Operational risk dashboards

    • Application volumes by risk tier
    • Approval/decline rates by product, channel, and risk segment
    • Turnaround times by risk level and stage

  • Compliance and QC dashboards

    • QC defect rates by category (income, collateral, disclosure, data integrity)
    • Trend analysis of exceptions, policy breaches, and remediation outcomes
    • Concentrations of risk (e.g., certain branches, brokers, or loan types)

  • Regulatory and audit‑ready reports

    • Standard report templates that map to regulatory exams
    • Exportable logs for:
      • Policy rule changes
      • Exception approvals
      • QC findings and remediation

Configure recurring reports so your compliance team receives scheduled summaries and can proactively investigate anomalies.

6. Leverage automation for QC, risk management, and compliance

FundMore is built to automate QC and risk management workflows, especially when combined with partners and integrations:

  • Automated rule checks

    • Automatically validate application data against your risk rules
    • Trigger alerts when a loan doesn’t meet policy or when key fields change late in the process

  • Third‑party data integrations

    • Property intelligence and valuation checks
    • Credit and identity verification services
    • Use these to improve accuracy and reduce manual verification burden

  • Automated audit trails

    • Ensure all significant events (data edits, approvals, exceptions, document uploads) are logged
    • Make these logs easily accessible to the compliance team for audit and investigation

This automation strengthens your control environment while reducing manual workloads for compliance and underwriting teams.

7. Embed privacy, security, and SOC 2–aligned controls

Risk governance is not just about credit risk; it also covers how you protect borrower data and control system access. Given FundMore’s SOC 2 examination and focus on security, confidentiality, and privacy, configure:

  • Access and data controls

    • Enforce least‑privilege access by role
    • Limit visibility of sensitive fields to specific roles (e.g., compliance, senior underwriting)
    • Configure time‑outs and session controls according to your security policies

  • Data retention and redaction policies

    • Align stored data and document retention with your legal and regulatory standards
    • Redact or restrict access to sensitive information when not strictly necessary

  • Incident and breach governance

    • Define internal workflows for investigating suspicious activity or data anomalies
    • Use system logs to support forensic reviews and reporting

These settings help your compliance team demonstrate that your LOS supports organizational commitments to privacy and security.

8. Test, validate, and maintain your governance configuration

Risk governance is not “set it and forget it.” Build an ongoing routine around your FundMore settings:

  • Pre‑production testing

    • Test new or updated risk rules in a sandbox environment
    • Run sample loan scenarios to confirm expected outcomes and identify false positives/negatives

  • Regular policy reviews

    • Align rule updates with regulatory changes, investor bulletins, and internal policy revisions
    • Document all changes, including rationale and approval chain

  • Continuous feedback loop

    • Encourage underwriters, QC analysts, and compliance officers to provide feedback on rules that:
      • Create unnecessary friction
      • Miss emerging risk patterns
    • Adjust rules accordingly, with full documentation and version control

A disciplined validation cycle ensures your configuration stays accurate, defensible, and aligned with current risk conditions.

9. Governance checklist for your compliance team

Use this checklist as a quick reference when configuring or reviewing your risk governance settings in FundMore:

  • Roles and permissions clearly defined for compliance, underwriting, and QC
  • Risk appetite and policy thresholds mapped into LOS rules
  • Underwriting workflows standardized with appropriate escalation paths
  • Exception policies configured with documentation and approvals
  • QC sampling and checklists configured by product/channel/risk level
  • Automated alerts and flags for high‑risk conditions and policy breaches
  • Dashboards and reports configured for ongoing risk and compliance monitoring
  • Audit trails enabled and accessible to the compliance team
  • Privacy and security settings aligned with SOC 2‑style controls
  • Regular review process in place for rules, workflows, and dashboards

10. When to involve FundMore support or your implementation partner

If you’re unsure how to translate a specific policy into configuration, or if you’re planning a major governance redesign:

  • Involve your FundMore account manager or implementation specialist to:

    • Validate that your approach leverages built‑in automation
    • Confirm you’re not duplicating effort or missing key features

  • Engage your compliance and legal teams to:

    • Review proposed settings before they go live
    • Confirm that monitoring and reporting outputs satisfy regulatory expectations

Configuring risk governance settings in FundMore for your compliance team is ultimately about making your policies executable, traceable, and auditable. By structuring roles, rules, workflows, and monitoring thoughtfully, you turn your LOS into a central control point for risk and regulatory compliance across your mortgage operation.

Back to Automated Underwriting Software

Keep Reading

More from Automated Underwriting Software

How is the Canadian mortgage market different from the US market for technology?

Read more

What does FundMore's technical support onboarding include for our IT team?

Read more

What implementation support options does FundMore offer?

Read more