Solutions
I AM A
I NEED
Company
Indecomm’s QC and Tech Leaders Weigh In
For lenders evaluating mortgage QC software or reconsidering their approach to outsourced mortgage QC services, the stakes have never been higher. Mortgage compliance is no longer a back-office function, it’s a frontline risk management discipline, and the gap between lenders who treat it that way and those who don’t is widening fast. Effective loan quality management requires more than a checklist and a monthly report. It requires technology built specifically for mortgage, services teams who understand agency expectations, and a feedback loop that turns findings into action. We sat down with Rachael Harris, EVP of Product Management, and Brian Margulies, SVP of Operations, Lending and QC Solutions at Indecomm, to get both the technology and operations perspective on the topics that matter most to QC leaders today – from AI mortgage fraud and Fannie Mae QC requirements for 2026, to calibration, defect taxonomy, and what defensible governance actually looks like.
Rachael Harris (RH) leads AuditGenius product development at Indecomm, focused on AI, automation, and intelligent workflows that reduce loan quality problems.
Brian Margulies (BM) oversees Indecomm’s lending and QC solutions operations, the team of auditors, underwriters, and compliance specialists who deliver QC reviews on behalf of lenders across the country.
Rachael:
The core problem is that QC has historically been a reactive function. Most lenders are still running audits in a way that was designed for a different era, relying on manual checklists, siloed systems, and findings that surface too late in the cycle to be cost-effective to fix. By the time a defect is caught post-close or at secondary market review, it can cost ten times more to remediate than if it had been caught at intake.
The other issue is fragmentation. QC teams are logging into multiple systems to complete a single audit. There is one system for prefund, another for post-close, another for servicing. That creates data gaps, reporting blind spots, and a lot of wasted time just navigating tools. Effective loan quality management requires a single source of truth – one system that connects prefund through post-close and gives QC leaders a consistent view of risk across the entire origination cycle.
Brian:
I’ll add to that on the QC services front. We recently hosted a webinar on QC as an Early Warning System, and one theme that came through clearly is that the lack of a risk-aware culture can really set a mortgage lender back when it comes to staying ahead of trends. A lender who’s genuinely using QC as an early warning system has a QC manager who’s driving it into the organization’s DNA: it touches production, underwriting, closing, and servicing, and findings are validated and turned into action. Training gets updated. Underwriting guidelines get adjusted. Vendor management decisions get informed by what QC is surfacing.
The box-checking version looks fine on paper. The defect rates are calculated and the reports are filed, but the findings aren’t looping back to change anything. The same defect types show up quarter after quarter because there’s no feedback mechanism. The question to ask is: when was the last time a QC finding changed how your team does something? If the answer is ‘I’m not sure,’ that’s the gap.
That’s exactly why having a platform like AuditGenius underneath the services operation matters. When the technology is surfacing findings consistently and the reporting is structured to show trends over time, it’s much easier to have that culture conversation with a client. The data makes the case.
Rachael:
Intelligent mortgage QC means smart SaaS workflow and automation doing the heavy lifting on the things that don’t require human judgment, such as data and document comparison, compliance testing, flagging missing information, and guiding teams through the reporting process. This frees auditors to focus on the findings that actually require expertise and decision-making.
With AuditGenius, we’ve built what we call a three-pillar tech stack: SourceConnect for bi-directional LOS integration, an Intelligent Data Extractor (IDX) that pulls from 5,400+ data points across 1,200+ mortgage document types, and a Business Rules Engine that maps compliance and investor requirements directly to data and documents. The result is a comprehensive, purpose-built mortgage audit platform combining AI-powered document and data intelligence, automated checklists, and a credit comparison tool that together reduce review time by 30 to 50 percent. One platform, one audit trail. Fully defensible when it counts.
For lenders evaluating mortgage QC software, the distinction to look for is whether the platform was purpose-built for mortgage or adapted from a general-purpose tool – that difference shows up immediately in the workflow, the document library, and the compliance coverage. What I’d add from the technology side is that the platform architecture matters as much as the features. When everything runs under one login and every action leaves a traceable record, you eliminate a whole category of risk that comes from fragmented systems. It also makes it much easier for the services team to identify where things are breaking down, because the data is consistent across every review type.
Rachael:
Lenders are under real regulatory pressure right now, and they need vendors who understand that pressure and are actively working to make mortgage compliance easier, not vendors who wait to be told what’s changing. That’s the standard we hold ourselves to at Indecomm.
When Fannie Mae’s Selling Guide Part D updates took effect in September 2025, our Compliance and QA teams had already implemented the changes before the deadline. Clients didn’t have to chase us down or manage the transition. It was done.
Looking ahead, lenders trying to stay current on Fannie Mae QC requirements heading into 2026 should pay particular attention to the AI monitoring provisions, which will require ongoing demonstration of tool accuracy and bias controls – not just a one-time implementation check. Fannie Mae’s 2026 guidance introduces AI monitoring requirements that will apply to both lenders and their vendors, meaning lenders will need to demonstrate not just that they’re using AI tools, but that those tools are being monitored for accuracy, bias, and performance on an ongoing basis. That’s a significant operational and compliance lift, and it’s exactly the kind of requirement where having the right QC partner matters. We’re already building our approach to AI monitoring into how AuditGenius operates, so when those requirements land, our clients won’t be starting from scratch.
Compliance is core to how we operate, not a feature request in a product backlog. Lenders should expect that from every vendor they work with and hold them accountable when they fall short.
Rachael:
Sampling is one of the most consequential decisions a QC team makes, and it’s often not given enough strategic thought. If your sample isn’t representative, your findings aren’t either, and you can’t see defect patterns you’re not sampling for.
Indecomm supports all core sampling approaches: straight random, stratified random, statistical sampling calibrated to a 95% confidence level with no more than 2% margin of error, and discretionary or client-directed selections. Fannie Mae’s updated D1-2-01 guidelines gave lenders more flexibility in how they calculate their prefunding QC sample size, and AuditGenius surfaces those percentages in real time so teams can calibrate throughout the month, not just scramble at month-end.
AuditGenius covers the key sampling methodologies required by Fannie Mae and Freddie Mac, but lenders who are exceptionally thorough can also choose to sample at greater volumes beyond the traditional 10 percent. This gives them deeper insight into their operations for improved feedback loops and course correction.
Brian:
Calibration is how you turn findings into governance. It’s not just reviewing the defect rate. It’s asking what the data is signaling, validating root cause, and documenting what you did about it. Agencies and investors have shifted their expectations significantly here. Gross defects are the new defect rate. Regulators want to see evidence of a thoughtful response: what was the finding, how was the root cause validated, what remediation was implemented, and how are you testing its effectiveness.
Practically, that means structured internal calibration meetings at multiple levels where defect trends are reviewed with the right people in the room, decisions are documented, action items are assigned with owners, and follow-up testing is scheduled. A defect without a documented response is incomplete governance. That’s not us saying it. That’s the agencies.
Rachael:
Calibration is no longer optional. It’s an agency expectation, and lenders need to be able to demonstrate it. AuditGenius has a dedicated Fannie Mae Dashboard built specifically for this, ready on Day 1 with no custom build required. It gives QC teams a real-time view of their prefunding sample as a percentage of the prior month’s post-close volume, so they can calibrate throughout the month rather than scrambling at month-end to confirm they’ve met the 10 percent threshold.
Beyond sample tracking, the dashboard supports the full calibration reporting picture Fannie Mae now requires: defect rates and trends, corrective action summaries, review rationales, results summaries, reverification success rates by category, self-reported loan counts by investor, and 10 percent vendor review results. You can also filter by channel, review type, and down to individual TPOs. Calibration shouldn’t require a separate reporting exercise. It should be a live view your team is working from every day.
Brian:
Reverification is a great example of where the bar has moved. Lenders are getting written up right now, not because they didn’t attempt reverifications, but because they didn’t document the attempts. Getting the correct 4506, pulling transcripts, and logging every attempt – that documentation is what agencies want to see. The attempt alone isn’t enough.
On the occupancy side, the same evolution has happened. We’ve moved well beyond certified letters. The standard now involves bank VOD with automated occupancy reports cross-referencing utilities and tax records. Tracking reverification pull-through rates, meaning how many you ordered versus how many you actually received back broken out by category, is something lenders need real visibility into. AuditGenius surfaces that at the category level specifically because it’s become an area of agency focus.
Brian:
The numbers are significant. According to Deloitte’s research, we’re looking at $40 billion in projected losses, and Cotality has indicated that roughly 1 in 118 mortgage applications is showing fraud indicators. For a small or mid-size lender, that’s not an abstract industry statistic — it has direct implications for their QC program’s scope, their sampling approach, and where they’re pointing their discretionary selections.
The threat mix has also shifted in ways that traditional QC checklists weren’t designed to catch. AI-generated documents — paystubs, W-2s, bank statements — are now sophisticated enough that a visual review won’t catch them. Per Fannie Mae, undisclosed debt remains the single largest driver of repurchase defects, with an average undisclosed balance of $34,300 opened just 39 days before closing. Wire fraud and CPL fraud are rising, and the recovery window when something goes wrong is just 24 hours. Deepfake and synthetic identity fraud are moving from the theoretical to the operational for lenders of all sizes.
Brian:
The first thing to understand is that you can no longer rely on visual inspection alone. AI-generated paystubs and W-2s are designed to look authentic. The tells are in the metadata, font inconsistencies, and template mismatches that aren’t visible to the naked eye. That means lenders need to add a specific layer to their pre-fund QC checklist that addresses AI document anomaly detection. It can’t be assumed away.
The second thing is that the agencies are already using AI on the post-closing side to detect fraud. If your internal QC program isn’t mirroring that scrutiny on the front end, you’re going to keep getting surprised by what they find. The technology needed to address these challenges, including MFA, independent verification, and wire fraud prevention as a formal QC checklist item, needs to be embedded in QC controls, not treated as an IT policy someone else owns.
Rachael:
That’s a good segue to the technology side. A lot of what Brian described, the metadata anomalies, the document-to-data mismatches, the data integrity checks that have to happen before a file moves forward, is exactly what IDX is built to catch at the document level before it ever becomes a QC finding.
Rachael:
IDX is the document intelligence engine underneath the QC workflow. AuditGenius catches QC defects, but it can only do that if it has accurate, structured data to work with. IDX is what validates that data.
When a document hits the system, IDX identifies what it is, pulls the relevant data fields, and checks them against what’s in the LOS. That bi-directional validation is what we mean by document-to-data integrity: confirming not just that a document exists, but that the data on the document matches the data your team is making decisions on.
For QC specifically, that matters enormously at pre-fund. If the income on the paystub doesn’t match what was entered into the AUS, that’s a finding. If the property address on the appraisal doesn’t match the LOS record, that’s a finding.
Rachael:
It matters because defects don’t respect stage boundaries. A data quality problem at loan set-up can travel all the way through underwriting, post-close, and into servicing before anyone catches it, and the cost compounds at every step.
AuditGenius supports the full range: prefund, post-close, servicing QC for both performing and non-performing loans, HMDA, MERS, Early Payment Default, Cancelled/Denied/Withdrawn, MI reviews, pre-purchase, and due diligence, all under one login with unlimited workflows and audit types. That single-platform approach gives QC leaders a genuinely holistic view of risk across their entire portfolio, which is valuable for both captive servicers and secondary market participants.
Brian:
Consistent defect taxonomy is the foundation, and it’s harder than it sounds, especially when lenders use multiple vendors. Defects from various QC sources – internal QC teams and vendors supporting outsourced QC reviews – can present a challenge aligning defects from these different sources. Without a shared taxonomy, you can’t see how a pattern at pre-fund connects to what’s showing up at post-close or in EPD. You’re looking at three separate reports that don’t speak the same language.
From a services perspective, we work with clients to align defect classifications across all of our reviews (Prefund, Post Close, EPD), to determine whether a defect pattern is systemic or isolated. Without that consistency, meaningful trend analysis across channels isn’t possible, and you’re missing fraud signals that only become visible when you can see the whole picture. Mortgage repurchase risk compounds when defect patterns go undetected across review types – a signal that’s invisible in one report becomes unmistakable when the data is unified.
And that’s where the reporting piece becomes critical. Taxonomy alignment is only valuable if the reporting can reflect it. If your platform can’t show you defect trends across review types in one view, you’re doing the taxonomy work manually in spreadsheets, which defeats the purpose.
Rachael:
Two things come up consistently. First, they have data but not insight. They can pull a report, but it doesn’t tell them where defects are coming from or who’s responsible. Second, they’re building custom reporting from scratch for every investor or regulatory requirement, which is expensive and slow.
AuditGenius addresses both. The interactive dashboards give you everything from a portfolio-wide quality trend view down to loan-level drill-through, including defect rates by category, responsible parties, corrective action tracking, and reverification success rates. The Fannie Mae dashboard is pre-built and ready on Day 1. The bar has moved from ‘we found it’ to ‘we found it, fixed it, and validated it,’ and our reporting is built to support that standard.
And that reporting consistency matters especially when you have both a technology platform and a services team working together. The data our auditors are working from in AuditGenius is the same data the client sees. There’s no translation layer, no reconciliation between what the vendor found and what the platform shows. That transparency is something clients tell us they don’t always get elsewhere.
Brian:
Three things. First, proactive communication. You shouldn’t be finding out about emerging agency trends or new fraud patterns from your own audit findings six months after the fact. A good QC partner is watching the regulatory environment and telling you what’s coming before it hits your portfolio.
Second, feedback and trend monitoring: help interpreting what the data is signaling, not just delivering reports. Third, accountability support: structuring reporting in a way that supports defensible governance when an examiner or investor comes looking. A QC vendor should feel like an extension of your risk team, not just a file reviewer. If they’re only telling you what they found and not helping you think about what to do with it, you’re not getting the full value.
Brian:
Every engagement starts with a discovery process that includes defining service scope, reporting requirements, investor guidelines, sampling methodology, and SLAs before anything else. We then assign a dedicated engagement manager and subject matter experts who become an extension of the client’s team, not just a vendor contact. Our compliance team stays ahead of agency changes so clients don’t have to. When guidelines shift, we’re already implementing them, not waiting to be asked.
From there, we apply what we call a rightshore delivery model, mapping which tasks are best handled onshore versus offshore to maximize efficiency without sacrificing quality. For clients with security constraints around document images, everything stays onshore. For clients comfortable with the offshore model, we can transition identified tasks to optimize cost. The key is that the delivery structure is built around what each client actually needs. Indecomm has been doing this for 25+ years, and our ability to scale quickly – without ramp-up lag and without disrupting the client’s existing operation – is consistently one of the things clients point to as a differentiator.
Brian:
Indecomm’s Compliance Manager monitors agency updates, mortgagee letters, circulars, and all selling guide changes as a primary responsibility. This includes subscriptions to receive updates from the various agencies, access to AllRegs and various other industry compliance forums, groups, and publications. As updates take place, these are shared with Indecomm’s operational leadership and the Directors of QC – originations QC and servicing QC – to assess the impact on our audit scope and any changes to the checklists. State disclosures are tracked and monitored to ensure we are auditing for all required disclosures based on the property state.
Brian:
The lenders who treat QC as a strategic asset and not a compliance cost will be the ones best positioned to navigate what’s ahead. The AI mortgage fraud environment is getting more sophisticated, Fannie Mae QC requirements are tightening heading into 2026, and the bar for what counts as defensible governance keeps moving. A QC program that’s still built around checking boxes and filing reports is going to fall short.
What we see with the clients who are really ahead of this is a shared mindset: QC informs how you underwrite, how you train, how you manage vendors, and how you respond when something goes wrong. That’s the shift – from QC as a lagging review function to QC as the feedback loop that makes the whole operation better. And for lenders considering outsourced mortgage QC services, the question to ask any vendor is not just what they find, but what they help you do with it.
Works Cited
Deloitte projection on AI-driven fraud losses ($40 billion by 2027). Certified Credit, January 2026. https://www.certifiedcredit.com/the-cost-of-deception-how-mortgage-fraud-impacts-lenders-and-borrowers-alike/
1 in 118 mortgage applications showing fraud indicators. Cotality National Mortgage Application Fraud Risk Index, Q3 2025. Via Commercial Observer, May 2026. https://commercialobserver.com/2026/05/proptech-mortgage-fraud-rental-fraud/
Undisclosed debt: 47% of repurchase defects, $34,300 average undisclosed auto loan balance, opened 39 days before closing. Fannie Mae Single Family, July 2021. https://singlefamily.fanniemae.com/media/28021/display
Deepfake and AI-enhanced fraud schemes rapidly growing. FBI Internet Crime Complaint Center (IC3) 2025 Annual Report via HousingWire, April 2026. https://www.housingwire.com/articles/fbi-cybercrime-losses-real-estate-fraud-hits-275m/