DATA PRIVACY, SECURITY & AI TRACK: Evolving Regulatory Landscape on AI in the Mortgage Industry

Regulatory Specialist, Mortgage Bankers Association

Gabriel Acosta is the Regulatory Specialist in the Residential Public Policy and Industry Relations department at the Mortgage Bankers Association. Gabriel works with the team to analyze agency actions and legislation in areas related to origination, servicing, and data protection. Gabriel also works with member committees to provide guidance to members on the changing regulatory landscape. Before the Mortgage Bankers Association, Gabriel previously worked in Congress on criminal justice and immigration issues. Gabriel is a recent graduate from the Georgetown University Law Center and was a student at Georgetown’s Federal Legislation Clinic.

Chief Executive Officer and Founder, Winnow Solutions, LLC

As Chief Executive Officer and Co-Founder of Winnow, Chris Hilliard leads a team of legal, compliance, and technology professionals transforming how financial institutions and lenders navigate state and federal regulatory requirements. Winnow is a powerful online application that enables customers to generate surveys and searches tailored to their specific business type, licensing, products, and geographic scope based on a comprehensive and dynamic database of state and federal laws and regulations. Winnow also provides an AI-powered platform that helps financial institutions navigate complex state and federal regulations, ensuring compliance while improving operational efficiency. Chris Hilliard has over 20 years of industry experience in consumer, commercial, and residential mortgage lending and general banking, with extensive expertise in regulatory compliance, BSA/AML, internal audit, licensing, and legal functions. He is a Certified Regulatory Compliance Manager (CRCM), Certified Compliance and Ethics Professional (CCEP), and a California Licensed Life, Accident & Health Agent. He has held executive, senior management, and mid-level management positions at major financial institutions and lenders, where he managed all aspects of compliance, risk, and litigation, as well as product development, management, and design. He is passionate about leveraging technology to create innovative solutions that enhance compliance efficiency, effectiveness, and customer satisfaction. HousingWire, Finovate, and the US Fintech Awards have recognized him, and he is a HousingWire Tech 100 Trendsetter for 2024.

Shareholder, Buchalter

Wendy Lee is a shareholder at Buchalter and Chair of its Fintech and AI practice group. Prior to joining Buchalter in April 2024, Wendy was the EVP and Chief Legal Officer of Sagent, a servicing technology provider. Wendy has been engaged as a legal executive in both mortgage servicing and technology for more than 20 years. During this time, Wendy has played the role of lawyer, consultant (Deloitte), servicer (Washington Mutual Bank), start-up strategist, and even was a database architect way back when in her past life. She works on the impact of data privacy laws on the servicing community and is honored to contribute to the movement to prevent upcoming regulatory and legal changes from unnecessarily impacting mortgage operations.

Partner, Orrick, Herrington & Sutcliffe, LLP

Sherry-Maria Safchuk represents clients in regulatory and compliance matters and provides support for government examinations and investigations involving the mortgage, consumer and commercial lending industries. She also assists clients on privacy and cybersecurity issues, including those related to the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA) and state privacy laws such as the California Consumer Privacy Act (CCPA). Prior to joining Orrick, Sherry was a partner at Buckley LLP. Sherry’s clients include banks, mortgage originators and servicers, mortgage brokers, commercial lenders, bank holding companies, private equity firms, investment advisors, investment managers, finance companies, fintechs, consumer reporting agencies, debt collection companies, etc.

Partner, Ballard Spahr LLP

Greg Szewczyk is a partner in Ballard Spahr’s Denver and Boulder offices and Practice Leader of the Privacy and Data Security Group. Greg leverages a career that includes both high-stakes transactions and litigation to help companies take a practical approach to assessing risk and complying with the ever-expanding patchwork of state, federal, and international privacy and data security statutes and regulations. Greg helps companies of all sizes, from Fortune 500s to start ups, build and maintain their privacy and data security programs. He has advised hundreds of companies on various compliance issues—from the use of artificial intelligence to vendor management to routine data processing matters that arise in day-to-day business—relating to the Colorado Privacy Act (CPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standards (PCI DSS), the Illinois Biometric Information Privacy Act (BIPA), the Gramm-Leach-Bliley Act (GLBA), state financial privacy laws, the Telephone Consumer Privacy Act (TCPA), and various other laws and regulations. Greg also advises clients in connection with corporate transactions, such as mergers, acquisitions, and partnerships. In doing so, he helps his clients assess the potential risks involved and develop creative solutions to data issues.