New AI Audit Practice Arrives as Mortgage Industry Faces New Regulations

NEW YORK, NY – May 15, 2026 – As the mortgage industry grapples with a new wave of binding artificial intelligence regulations, law firm Brody | Gapp LLP today announced the launch of its Mortgage AI Governance Audit Practice. The initiative, unveiled at the MBA Secondary & Capital Markets Conference, aims to provide lenders and technology vendors with a defensible framework for AI compliance just as new rules from government-sponsored enterprises (GSEs) come into force.

In a significant move demonstrating the urgency of the issue, Seattle-based AI pre-underwriting platform Friday Harbor has already become the first company to complete the firm's Limited Attestation. The proactive engagement comes ahead of an August 6, 2026, deadline for new Fannie Mae AI governance requirements, signaling a pivotal shift in how the industry manages technological risk.

The New Regulatory Gauntlet

The launch is timed to address a rapidly solidifying regulatory landscape. AI risk management requirements from Freddie Mac, detailed in Guide §§1302.2 and 1302.8, are already in effect. These rules are seen as highly prescriptive, mandating that sellers and servicers conduct regular audits and maintain robust accountability structures for their AI systems.

More imminently, Fannie Mae's Lender Letter LL-2026-04 becomes effective on August 6. The letter requires lenders to ensure that any third-party vendors using AI on their behalf are subject to governance controls that are no less protective than the lender's own. This places the ultimate responsibility for vendor compliance squarely on the shoulders of the mortgage banks, creating a critical need for due diligence and verifiable governance.

"On one side, binding AI governance requirements are already in effect at Freddie Mac, with Fannie Mae's own set of requirements coming online in August. On the other, very few lenders are positioned to produce defensible governance files today," said James W. Brody, Founding and Managing Partner of Brody | Gapp. The gap between regulatory expectation and industry readiness has created what many see as a looming compliance crisis.

A Lifeline for Lenders and FinTechs

Brody | Gapp's new practice aims to bridge that gap. The firm's Limited Attestation is a defined-scope legal work product that evaluates an AI platform across a spectrum of critical risk areas, including fair lending, adverse action notice requirements under Regulation B, model governance, vendor risk management, data governance, and overall examination readiness. While distinct from a formal audit opinion or SOC report, it is designed to provide a defensible file for lenders to present to regulators.

To complement the audit practice, the firm also announced a Q3 2026 publication date for The Mortgage Bankers AI Governance Guide™. Co-authored by Brody and Founding Partner Ronald Gapp, Jr., the guide is designed as a practical reference for industry leaders.

"We built the Guide around what a compliance committee needs to produce when a demand letter, an examination request, a QC self-report, or a discovery production lands," said Mr. Gapp, who previously served as general counsel and chief operating officer of a national lender. The guide will map out AI deployments at a fictional mortgage bank to provide tangible examples for navigating governance issues.

The development of the audit practice was spearheaded with Marvin Chang, the firm's Senior FinTech & AI Advisor. Chang, who is also an Executive in Residence at Duke University's Pratt School of Engineering and previously led digital transformation at Caliber Home Loans, brings deep expertise in financial technology and machine learning to the initiative.

Friday Harbor Sets a Proactive Precedent

The decision by Friday Harbor to voluntarily undergo the attestation process marks a significant development. As an AI-powered pre-underwriting platform that helps loan officers assemble compliant loan files in real-time, Friday Harbor's technology sits at the heart of the origination process. By proactively seeking a third-party governance review, the company is addressing one of the biggest pain points for its lender clients: vendor risk.

Named to HousingWire's 2026 Tech100 Mortgage list, Friday Harbor has gained rapid traction, with its platform adopted by over 20 lenders. The company's move provides its clients with an added layer of confidence and a clear signal that its platform is built with the new regulatory standards in mind. It also sets a competitive benchmark for other mortgage technology providers who will increasingly be asked by their lender partners to demonstrate robust governance and compliance.

"Friday Harbor stepped forward as an early example for the benefit of their lender customers and the industry before any regulator forced the question," Mr. Brody noted, highlighting the strategic advantage of early adoption in a shifting regulatory environment.

The Broader AI Governance Battleground

The emergence of specialized services like Brody | Gapp's audit practice reflects a broader industry-wide reckoning. AI is no longer a peripheral tool but has become essential infrastructure for everything from marketing and underwriting to servicing and fraud detection. Surveys show high rates of AI adoption among mortgage professionals, yet a significant gap remains in their readiness to govern these complex systems.

Industry analysts describe an emerging "compliance and governance battleground" where lenders are caught between the drive for efficiency through AI and the immense liability it can create. The risks extend beyond underwriting decisions to include customer-facing chatbots and automated communications, all of which carry potential fair lending exposure. Many existing contracts with technology vendors predate the current level of scrutiny and lack crucial provisions for audit rights, model explainability, and data controls.

As regulators intensify their focus, the ability to demonstrate a documented, actively maintained governance program is becoming a prerequisite for responsible innovation. The proactive steps taken by firms like Friday Harbor and the creation of specialized legal frameworks to support them represent a necessary maturation of the industry, attempting to build a sustainable and compliant future for AI in mortgage finance.