Why M3's CTO has been focused on security from day one

Tech head had lofty goals when he joined the company – but one element underpinned them all

Why M3's CTO has been focused on security from day one

André Boisvert (pictured) stepped into his role as chief technology officer at the M3 Group with some serious ambitions. When he joined the mortgage giant in 2018, he sought to improve broker efficiency by a full 50%, by automating operational processes taking up far too much time. He stated, too, that he would put M3 on an open platform, a tech tool that could seamlessly integrate with the endless crop of third-party software released on a regular basis for the industry. Underpinning those two lofty goals was perhaps the core of Boisvert’s strategy as CTO: security, security, security.

Having developed trading platforms for major stock exchanges before joining M3, Boisvert knows a thing or two about security. He saw in 2018 that the predicted digitization of the mortgage industry would have to come with best-in-class security so that borrowers and brokers could trust that their incredibly sensitive information was protected. Since 2018, Boisvert has led a drive to deliver high-level security for M3’s brokers and borrowers, weaving it into the DNA of the company. With the onset of the COVID-19 pandemic, that focus on security has been a huge success driver for M3.

“I believe that security is really important in industries such as ours because everything is based on trust and credibility of the stakeholders,” Boisvert said. “As soon as you start losing that trust in the overall ecosystem, then customers will go and try to find alternative solutions.”

Read more: Amid vaccinations, consumer confidence reaches three-year high

As a part of his efficiency drive, Boisvert began working on digitization and work from home capacity for M3’s brokers. His focus on security in building platforms and familiarizing brokers with key tech tools like e-signing created a greater degree of trust and comfort for them when the pandemic hit and offices were forced to go remote. Brokers could maintain their productivity and engage directly with clients about the security of the new platforms they were using, further building that key trust.

Boisvert’s security strategy hinged on a data pledge that defined the ‘rules of engagement’ for user privacy. M3 promised brokers they would respect data ownership via four key rules. First, M3 will only contact customers with proper consent of both the brokers and customers. Second, M3 will ensure that brokers always have access to, and control over, their data. Third, M3 ensures that the broker data is safe and secure. Finally, M3 will always respect applicable laws.

In addition to setting their own rules, Boisvert led a push to get M3 SOC 2 certified. The SOC 2 certification is one of the highest standards for data trust and security across the financial services industry and M3 is the only mortgage brokerage in Canada to attain SOC 2 Certification, he explained. Boisvert considers SOC 2 a minimal requirement for security conscious people, be they brokers or borrowers. Built around five trust principles, it requires hundreds of controls that need to be integrated throughout the organization, followed by a significant third-party audit.

Read more: North East Real Estate acquires Coldwell Banker Commercial Alliance

That third-party audited standard has forced M3 to maintain a best-in-class level of security while stating to the industry and the world that it has reached a level of security service necessary to operate at the highest levels of the financial services universe.

That work has already resulted in a shifting mindset among consumers and brokers. Where before they might put more trust in email for transferring sensitive documents, now they prefer to upload on a portal, confident in the security M3 is providing.

“Security is the foundation of establishing those networks of open partners,” Boisvert said. “You want to make sure that you integrate in a secure fashion. And you want to ensure that when you’re integrated, you can trust your partners. They themselves must have a secure platform, because it’s one thing to say, ‘I’ll send it in a secure fashion.’ But once your data and documents are there, you want to ensure that it’s properly protected.”