In Part 1 we discussed our future plans to scale. Here in Part 2, we will answer your questions about our underwriting process and provide you with more clarity regarding its effectiveness as well as the emphasis we put towards data privacy and security.
Effective underwriting has been a concern in the crowdfunding space. What steps are you taking to protect your investors?
Underwriting is one of our highest priorities. Quality projects and quality operators are paramount to our continued success. We currently operate through rigorous traditional underwriting, generally including arms-length third party appraisals, commissioned by Patch of Land for a full walk-through and value analysis, with an ever increasing emphasis on selectively choosing the most relevant data and metrics to support that underwriting. We carefully evaluate the local market, the performance of that particular asset class in that market, and the risk profile of the borrower. We only work with professional, experienced developers with strong track records in the real estate industry. At that point, we normally only fund up to a certain percentage (typically 60%) of the ARV (after repair or rehab value) of the property. That way, in a worst case scenario, we can liquidate the property and have a reasonable expectation of being able to return most or all of our investors’ funds. On top of that, we are committed to carefully educating our investors to enable their ability to make informed decisions by providing our underwriting criteria, supporting documentation showing proof of meeting such criteria, analysis of risks and mitigants, as well as updates to each deal during the lifetime of the loan. We believe that the more our investors understand their investments, the more empowered and confident they feel in their choices.
Data Privacy: We have several mechanisms in place to insure data privacy both from a systems and hardware perspective. All private data, such as bank account numbers, is encrypted before storage in a separate database separate from the database running the website. This information is only decrypted in memory before transmission to the bank to have them collect funds or send funds. It is never stored in plain text. We lockout accounts that are trying to be broken automatically and have a Symantec malware scanning subscription which does daily scans of our site to detect any abnormalities. We adhere to all eCommerce security best practices in-office and out, and ensure our staff is fully trained on security issues. Only the executive team has access such data, and all requests are logged and regularly audited. Hardware systems are geographically distributed and fail-overs exist. Backups are taken daily, weekly and monthly and are also stored in encrypted form outside of the primary data centers. Two-factor authentication is used on our administration areas and matched with intense levels of access control and approval processes. Did you enjoy reading this article? Still have questions? We want to hear what you think, so please leave your comments and questions below!