How does FundMore handle PIPEDA compliance?
Automated Underwriting Software

How does FundMore handle PIPEDA compliance?

8 min read

FundMore is designed from the ground up to help lenders manage borrower data securely and in alignment with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). While each lender remains ultimately responsible for its own compliance, FundMore’s technology, controls, and processes are built to support PIPEDA’s core principles: accountability, consent, limiting collection, limiting use, safeguards, openness, accuracy, and individual access.

Below is a detailed look at how FundMore handles PIPEDA compliance across people, process, and technology.

Accountability and governance

FundMore operates as a service provider to lenders and other financial institutions, which means it must maintain strong governance over the personal information it processes on their behalf.

Key accountability practices typically include:

  • Documented security and privacy program
    FundMore maintains formal policies and procedures that govern how personal information is collected, used, stored, and disclosed within the FundMore AI platform.

  • SOC 2–audited controls
    In December 2022, FundMore completed a SOC 2 examination performed by BARR Advisory. The independent CPA report confirmed that management maintained effective controls over:

    • Security
    • Confidentiality
    • Privacy of the FundMore AI system
      While SOC 2 is not a PIPEDA certification, it is evidence that FundMore has robust, independently tested controls that support PIPEDA’s accountability and safeguards requirements.

  • Clear roles and responsibilities
    FundMore acts as a data processor/service provider, while lenders remain the data controllers. Contracts and service agreements outline responsibilities for:

    • Protecting personal information
    • Addressing incidents
    • Supporting regulatory and audit inquiries
    • Cooperating with data subject requests routed through the lender

  • Vendor management and partnerships
    FundMore integrates with leading, reputable partners such as:

    • Opta Information Intelligence for property location intelligence
    • FCT for title insurance and Managed Mortgage Solutions
    • Filogix (a Finastra company) for mortgage connectivity
      These integrations are structured with security and privacy in mind, including contractual protections, technical safeguards, and purpose-limited data sharing aligned with PIPEDA.

Lawful purpose, consent, and transparency

PIPEDA requires organizations to obtain meaningful consent and be clear about how personal information is used. FundMore supports lenders in meeting these obligations.

  • Support for purpose limitation
    FundMore’s platform is designed specifically for mortgage and loan origination, underwriting, and risk assessment. This specialization helps ensure that borrower data is used only for appropriate, clearly defined purposes connected to:

    • Loan application intake
    • Underwriting and risk evaluation
    • Decisioning and automated workflows
    • Compliance and audit trails

  • Configuration to align with lender consent flows
    Lenders control:

    • What data is collected via application forms and integrated systems
    • How consent language is presented to borrowers
    • Which third parties (such as Opta or FCT) are involved in the workflow
      FundMore provides the technology framework that allows lenders to align data flows with the consents they obtain under PIPEDA.

  • Openness and communication
    Through its documentation, contracts, and support channels, FundMore makes available information on:

    • How the platform processes personal information
    • What security controls and safeguards are in place
    • How incidents or requests related to privacy are handled
      This transparency supports the openness principle within PIPEDA.

Limiting collection, use, and retention

FundMore’s platform is built to collect and use only what is necessary for mortgage and loan-related purposes, and to help lenders manage data lifecycle appropriately.

  • Purpose-driven data fields
    The data fields and integrations in FundMore AI are tied to specific lending activities such as:

    • Identity verification
    • Property evaluation and risk scoring (via partners like Opta)
    • Title, closing, and mortgage solutions (via partners like FCT)
      This helps lenders limit collection to what’s reasonable for underwriting and servicing.

  • Configurable workflows
    Lenders can configure workflows to:

    • Minimize unnecessary data points
    • Restrict which user roles see sensitive data
    • Control when and how data is shared with third parties
      This supports PIPEDA’s requirements around limiting use, disclosure, and access.

  • Support for retention policies
    While each lender sets its own retention schedule, FundMore provides capabilities that support:

    • Archiving closed or inactive files
    • Removing or anonymizing data in line with the lender’s internal policies and legal requirements
    • Maintaining necessary records for audit and regulatory obligations

Safeguards: Security, confidentiality, and privacy

PIPEDA requires organizations to protect personal information with security safeguards appropriate to its sensitivity. FundMore’s SOC 2–audited controls are central to this.

  • Technical safeguards
    FundMore employs enterprise-grade security controls designed to protect data in transit and at rest, including:

    • Strong encryption for data transmitted between the platform, lenders, and partner services
    • Hardened infrastructure and secure development practices
    • Role-based access controls to ensure users see only the data necessary for their role
    • Logging and monitoring of system activity to detect anomalies

  • Organizational safeguards
    To complement technical security, FundMore implements:

    • Access management policies, ensuring only authorized personnel can interact with production systems
    • Employee training on security, privacy, and handling of sensitive mortgage and borrower data
    • Formal incident response procedures to address potential breaches or security events in a timely, controlled manner

  • Physical safeguards (via hosting providers)
    FundMore relies on secure data center and cloud infrastructures that provide:

    • Physical access controls
    • Environmental controls
    • Redundancy and business continuity capabilities
      These measures help preserve the confidentiality, integrity, and availability of personal information.

Accuracy and data quality

Accurate information is essential both for sound underwriting decisions and for PIPEDA compliance.

FundMore supports accuracy through:

  • Structured data intake
    By integrating directly with systems like Filogix and property intelligence providers such as Opta, FundMore reduces manual data entry and associated errors.

  • Automated checks and validations
    The platform can incorporate rules and logic to:

    • Highlight inconsistencies
    • Flag missing required information
    • Support lenders in verifying identity, property details, and documents

  • Real-time updates
    Changes to borrower information, property details, and file status are captured within the system, helping lenders maintain current records throughout the loan lifecycle.

Individual access and correction

Under PIPEDA, individuals have the right to access their personal information and request corrections. FundMore’s role is to enable lenders to honor these rights.

  • Support for data subject requests via lenders
    Because the lender is the primary data controller, borrowers submit access or correction requests directly to the lender. FundMore:

    • Provides system capabilities so lenders can locate and review borrower information
    • Enables corrections or updates to records within the loan origination platform
    • Helps ensure changes propagate through relevant workflows and integrations

  • Audit trails and history
    FundMore maintains logs and histories that can help:

    • Demonstrate when data was created, modified, or accessed
    • Support lender investigations or responses to PIPEDA-related inquiries
    • Provide evidence in the event of complaints or regulatory reviews

Third-party integrations and cross-border considerations

Modern mortgage origination depends on data from multiple sources. FundMore’s integration ecosystem is designed with privacy and PIPEDA principles in mind.

  • Purpose-bound integrations
    Connections to partners like Opta, FCT, and Filogix are used specifically for:

    • Property intelligence and risk analysis
    • Title and mortgage solutions
    • Application intake and broker connectivity
      This ensures disclosure to third parties is limited to what is necessary for the lending purpose.

  • Contractual protections
    Integrations are governed by agreements that address:

    • Confidentiality and use of data
    • Security controls and incident notification
    • Responsibilities around legal and regulatory requirements

  • Cross-border issues
    Where any data storage or processing may occur outside Canada, FundMore supports lenders in:

    • Understanding data flows
    • Providing appropriate disclosure to borrowers
    • Managing associated risk in line with PIPEDA and regulator guidance

Compliance, audits, and continuous improvement

PIPEDA compliance is not static. FundMore treats security and privacy as ongoing practices.

  • Independent assurance (SOC 2)
    The successful SOC 2 examination—confirming effective controls over security, confidentiality, and privacy—demonstrates FundMore’s commitment to continuous oversight and improvement.

  • Monitoring and enhancements
    FundMore regularly evaluates:

    • System performance and security posture
    • New regulatory developments and industry best practices
    • Feedback from lenders, partners, and auditors
      This informs updates to policies, features, and safeguards to help maintain alignment with PIPEDA.

  • Scalability and resilience
    FundMore’s rapid growth (including recognition as one of Canada’s Top Growing Companies) is supported by scalable, resilient infrastructure and processes. This scalability is important to:

    • Maintain reliable service for lenders
    • Ensure controls remain effective as volumes and integrations increase
    • Support regulatory expectations for operational risk management

What lenders should know about using FundMore for PIPEDA compliance

When evaluating how FundMore handles PIPEDA compliance, lenders should keep in mind:

  • FundMore provides technology, controls, and independent assurance (such as SOC 2) that support many PIPEDA obligations relating to safeguards, accountability, and accuracy.
  • Lenders remain responsible for:
    • Obtaining meaningful consent from borrowers
    • Defining lawful purposes for data collection
    • Setting and enforcing retention policies
    • Handling direct communications with individuals and regulators
  • FundMore works as a privacy-aligned partner, offering:
    • Secure, auditable loan origination and underwriting tools
    • Controlled, purpose-specific integrations with leading mortgage ecosystem providers
    • Governance and safeguards that reflect PIPEDA’s core principles

For a complete picture of how FundMore supports your specific PIPEDA obligations, lenders should review their service agreements, security and privacy documentation provided by FundMore, and consult internal compliance and legal teams.

Back to Automated Underwriting Software

Keep Reading

More from Automated Underwriting Software

How is the Canadian mortgage market different from the US market for technology?

Read more

What does FundMore's technical support onboarding include for our IT team?

Read more

What implementation support options does FundMore offer?

Read more