Compliance is perhaps the mortgage industry's most prevalent business concern, largely due to an ever-increasing number of regulations, a continued need to understand the specific expectations to be in compliance with new legislation, and the strong desire to avoid repeating any missteps that led to the market meltdown.

Veros takes compliance concerns seriously and engineers its analytic tools, systems, technology infrastructure and internal protocols to align with the compliance expectations of the industry’s largest and most heavily audited participants.

Audit Performance

Veros’ Compliance and Audit Department executes an annual audit and risk management plan. The plan aims to identify risks throughout Veros which may impact the company and its clients through risk assessments, and carries out any needed remediation steps to improve internal controls. This group also facilitates client audits and supports the external audit firms in their execution of the annual SSAE 16 and FISMA compliance audits. The SSAE 16 audit period covers January through December each year and the FISMA compliance attestation is issued every three (3) years.


Veros leverages two separate data centers in two states to ensure disaster recovery and business continuity during natural disasters while ensuring minimum impact to our systems and clients. Data is replicated in multiple servers to ensure data availability and is backed up on a daily basis and securely transported by a reputable company to be stored in a secure location. Our collocation data centers are managed by an industry-leading data center management company. The data centers offer state-of-the-art technology and 24-7-365 guards to maintain security.  These controls are audited annually by Veros and its independent auditors.


Veros system security is independently verified and validated by various independent auditing firms through annual security compliance assessments as well as annual system security vulnerability audits.  Veros is fully compliant with the requirements of the Federal Information Security Management Act (FISMA) of 2002 and has taken steps to formally certify its system security compliance in regard to confidentiality, integrity and availability of information by an independent third party in accordance with NIST 800-53, FIPS 199 and FIPS 200 standards.

Veros has implemented policies and procedures to ensure data privacy including periodic Privacy Impact Assessment and security of information when accessed remotely, and stored offsite or on portable media in accordance with the Office of Management and Budget (OMB) M-06-16 requirements. Further, the company maintains various security and operations policies and procedures and deploys various tools to maintain the company’s security posture. These controls are periodically reviewed by Veros' Compliance and Audit Department to ensure security and privacy of information are maintained.

Due Diligence Requests

With the increasing need to validate compliance with regulatory institutions, Veros participates in providing the needed due diligence information on products and services being used or evaluated by existing and prospective clients, respectively.

Please complete the form below to request due diligence documentation from Veros.  A representative will contact you to ensure your request has been received and that the necessary documentation will be provided. Please note, a non-disclosure agreement may be required dependent upon the nature of the information requested. 

If you have a specific questionnaire that your organization requires, please email your request to

Captcha Code

Click the image to see another captcha.