The mortgage industry launched its first dedicated AI mortgage lending compliance framework on Thursday, even as a federal class action lawsuit against a Michigan lender illustrated precisely why such guardrails can no longer wait. The Mortgage Industry Standards Maintenance Organization released FRAME — the Framework for Responsible AI in Mortgage Ecosystems — giving lenders, servicers, and technology providers a structured risk management toolkit on the same day that a wave of regulatory deadlines and a new industry white paper made clear that governing AI in lending has shifted from best practice to legal obligation.
"Mortgage companies are increasingly utilizing AI-enabled systems, and they need a framework that helps them manage risk while supporting innovation," said Dan Sugg, 2026 chairman of the Mortgage Bankers Association's Residential Board of Governors and chief mortgage lending officer at Michigan First Credit Union.
For the millions of Americans who apply for a mortgage each year, the stakes are direct: AI may now influence, score, or communicate every stage of their application — and federal law has not yet caught up to that reality in every dimension, even as it firmly anchors one element that lenders cannot automate away.
MISMO FRAME Mortgage AI Governance Framework Now Available to Members
FRAME gives mortgage companies a practical starting point for managing AI governance in mortgage lending. The toolkit includes a governance policy template, an AI system inventory, a risk assessment guide, and a getting-started document, all designed to help organizations identify and monitor AI-enabled systems across their operations. MISMO developed the framework through its AI Community of Practice in collaboration with the MBA's Residential Board of Governors, which made an industry AI framework one of its top priorities for 2026.
"Organizations cannot manage risk they cannot see," said Rick Hill, MBA's vice president of industry technology and a key contributor to the framework. "FRAME provides a practical path to identifying, understanding, and managing AI risk across the enterprise."
Critically, FRAME does not create new regulatory requirements. It operates alongside existing law, which already applies to AI-enabled mortgage decisions. The Equal Credit Opportunity Act, the Fair Housing Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, Regulation X, and existing GSE requirements all remain fully applicable whether a credit decision is made by a human or an AI system.
FRAME is now available to MISMO member companies through MISMO Connect.
Federal Law Still Requires a Human Loan Officer: What Mortgage Rules Actually Mandate
Even as AI takes on more of the origination workload, a fundamental legal constraint remains. A white paper released Wednesday by the Mortgage Bankers Association — prepared by law firm Orrick, Herrington & Sutcliffe — concluded that existing federal disclosure requirements effectively prevent lenders from removing human originators from the transaction.
Under the Truth in Lending Act and Regulation Z, every mortgage must disclose the name and NMLS identification number of an individual licensed loan officer. AI tools are not NMLS-licensed and cannot fulfill that requirement. As the MBA paper noted, the SAFE Act does not require AI tools to obtain their own mortgage loan originator license — but it also does not remove the obligation to assign a licensed human to the transaction.
The white paper flagged a particularly risky practice: listing a loan officer as a borrower's primary contact while routing all actual origination work through AI. The MBA argued that approach could constitute an unfair or deceptive act or practice under UDAAP if consumers reasonably expect that named person to be genuinely involved in their loan. Making a loan officer a nominal figurehead while AI runs the process is not a compliance workaround — it is a potential enforcement exposure.
The report recommends that lenders maintain meaningful human-in-the-loop practices: a licensed originator who is accessible to borrowers and retains real oversight authority, even when AI performs the bulk of the application work. The MBA also called for robust fair lending testing, model explainability documentation, data privacy controls, and vendor governance. When an AI system cannot explain why it scored a borrower a particular way, the lender faces a Regulation B adverse action explanation problem regardless of the model's aggregate accuracy.
AI-Driven Borrower Contact Already Drawing Class Action Lawsuits
The compliance stakes are not theoretical. In February 2026, a Michigan borrower filed a class action complaint against Mortgage One Funding after an AI voice agent cold-called his cell phone — registered on the National Do Not Call Registry — recommending a cash-out refinance without obtaining prior written consent as required by the Telephone Consumer Protection Act. The case illustrates that the gap between moving fast with AI and the laws governing borrower contact is already producing litigation.
Jim Brodsky, a founding member of Washington, D.C.-based firm Weiner Brodsky Kider PC and general counsel to the National Reverse Mortgage Lenders Association, summarized the risk plainly at NRMLA's Western Regional Meeting on Wednesday: "If AI is not introduced in your company on an enterprise-wide basis ... you're going to have issues. It's just inevitable."
Brodsky outlined several federal laws that directly govern AI-driven borrower interactions. TCPA requires prior consumer consent before AI-initiated contact. The Do Not Call Registry applies to AI chat and voice outreach — as Brodsky put it: "Do not call means do not chat." The Gramm-Leach-Bliley Act requires lenders to account for consumer data absorbed and stored by AI systems. Under UDAAP, lenders must notify consumers when AI is being used and must provide a clear, easy path to a human representative — making that opt-out difficult creates enforcement exposure. Every marketing or processing action conducted by AI must still identify a licensed human loan officer by name and NMLS number.
GSE Mandates and Updated Federal Model Risk Standards Set Hard Deadlines
The governance pressure is not coming from industry frameworks alone. Fannie Mae issued Lender Letter LL-2026-04 on April 8, 2026, establishing a formal AI governance framework for any approved seller or servicer using AI or machine learning in origination or servicing. The requirements take effect August 6, 2026, and mandate comprehensive policies governing the development, deployment, operation, maintenance, and risk management of AI systems — with vendor oversight standards that must be at least as rigorous as those the lender applies internally. Freddie Mac updated its servicer guide in late 2025 with similar AI and machine learning governance requirements, which took effect March 3, 2026.
In April 2026, the OCC, Federal Reserve, and FDIC jointly issued updated interagency model risk management guidance through OCC Bulletin 2026-13, superseding prior frameworks. The revised guidance covers AI and machine learning broadly — but it notably excludes generative AI and agentic AI from its scope. That exclusion does not mean those tools are unregulated; it means they must be governed through a different set of frameworks, including compliance management, operational risk, cybersecurity, privacy, fair lending, and board-level oversight.
There is also a concurrent shift in one area of federal consumer protection that makes voluntary governance all the more urgent. The CFPB published a final rule amending Regulation B on April 22, 2026, that takes effect July 21, 2026, removing disparate impact liability from ECOA enforcement. When that rule takes effect, a lender whose AI system produces statistically discriminatory outcomes for minority borrowers will face diminished federal enforcement risk under ECOA specifically, even if those outcomes are real. Intentional discrimination remains illegal, and state-level enforcement remains available under the Fair Housing Act and various state laws. But the primary federal tool for catching unintentional AI bias in lending will be narrowed at the federal level precisely as AI adoption accelerates — making industry frameworks like FRAME and state-level laws like Colorado's all the more consequential.
Colorado Automated Decision-Making Technology Act Sets Consumer Rights Template
One emerging template for state-level governance is Colorado's Automated Decision-Making Technology Act, signed into law on May 14, 2026, and taking effect January 1, 2027. The law replaces the 2024 Colorado AI Act with a more targeted framework. For mortgage lenders operating in Colorado, it applies to "consequential decisions" affecting credit access and eligibility — meaning loan approvals, pricing decisions, and rejections influenced by AI.
Under the law, technology developers must disclose their tools' intended uses, training data categories, and known limitations. Lenders deploying those tools must inform consumers when AI influenced a credit decision, must explain the AI's reasoning when an application is rejected, and must offer meaningful human review and reconsideration. Brodsky noted the law has drawn significant attention from the national mortgage industry and is likely to serve as a template for other states. Several states, including California and New York, have already enacted or proposed requirements that consumers be notified when they are interacting with an AI system rather than a human.
Can a Borrower Request Human Review of an AI Mortgage Decision?
That question is being answered differently depending on geography and lender. Under Colorado's law, which takes effect January 1, 2027, the answer for Colorado borrowers will be yes, with a statutory right of reconsideration. For borrowers elsewhere, the answer depends on the lender's internal policies and the terms of any state AI or consumer protection law that applies.
What is universally true under current federal law: a lender using AI to make or heavily influence a credit decision must still provide an adverse action explanation under Regulation B when a borrower is denied or offered materially worse terms. If the lender's AI model cannot identify why it reached a particular conclusion, the lender cannot satisfy that obligation — a compliance gap that applies to every mortgage transaction in every state, regardless of whether a state AI law is in effect.
Every mortgage borrower can take three practical steps today. First, ask directly: lenders should disclose whether AI influenced their application process, and under UDAAP, they must provide a clear path to a human representative. Second, if denied, request a written adverse action explanation — lenders are legally required to provide specific reasons, and a response attributing a denial to an opaque AI score is itself a compliance problem. Third, monitor state-level AI law developments: Colorado's framework, effective January 1, 2027, is the most explicit consumer-rights model currently enacted, and other states are likely to follow with similar or stronger requirements.
For lenders, the picture is equally clear: FRAME is available today, Fannie Mae's governance requirements take effect August 6, 2026, and every AI-driven borrower communication is operating under existing TCPA, UDAAP, and Gramm-Leach-Bliley Act rules right now. The question is not whether to build governance around AI in mortgage lending. The question is how quickly, and whether the framework will be in place before the next compliance failure.
Frequently Asked Questions
Can AI approve or deny a mortgage application?
AI can and does influence mortgage approval and denial decisions at many lenders — including screening documents, assessing risk, and generating credit recommendations. However, the lender remains legally responsible for the outcome under existing federal fair lending, UDAAP, and adverse action rules, and federal law requires a named, licensed human loan officer to be associated with every mortgage transaction under the Truth in Lending Act and Regulation Z.
Does a mortgage loan officer have to be human?
Under current federal law, yes. The Truth in Lending Act and Regulation Z require lenders to disclose the name and NMLS identification number of an individual human loan officer for every mortgage. AI tools cannot hold NMLS licenses and cannot substitute for that requirement. The MBA's 2026 white paper, prepared by Orrick, Herrington & Sutcliffe, found that listing a human loan officer as a nominal contact while routing all origination work through AI creates UDAAP exposure.
Is AI in mortgage lending regulated?
Yes, through a combination of existing laws including the Equal Credit Opportunity Act, the Truth in Lending Act and Regulation Z, the Telephone Consumer Protection Act, the Gramm-Leach-Bliley Act, UDAAP, and Regulation B — plus new frameworks. Fannie Mae's AI governance requirements take effect August 6, 2026. Colorado's Automated Decision-Making Technology Act takes effect January 1, 2027. MISMO's FRAME toolkit launched June 11, 2026, giving lenders a voluntary governance structure aligned with these existing obligations.
What happens if a borrower is denied a mortgage because of an AI decision?
Federal law requires the lender to provide a specific written adverse action explanation under Regulation B, including the reasons for the denial. If the AI model that produced the decision cannot identify the specific factors that drove the outcome, the lender cannot satisfy that requirement. Borrowers can request this explanation and, where state law applies, may also have a right to request human review and reconsideration of the decision.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
