Preparing for SBA Loan Processing on the Salesforce Platform

Own Company
No items found.

It is expected that droves of small businesses will be looking to apply for Small Business Administration (SBA) Loans under the Paycheck Protection Program (PPP) and other types of loans to keep their businesses afloat in these uncertain times. As you go through this process, here are a few things to think about when it comes to your Salesforce environment.

Platform exposure

Many banks and lending institutions are using the nCino application, which runs on the Salesforce Platform, to perform loan origination, processing, and underwriting functions. Many of these same institutions are also tracking other commercial and retail sales opportunities or servicing issues using Salesforce Sales or Service Clouds. With its verticalized approach to Financial Services, Salesforce is clearly a dominant player.

People and process exposure

We hypothesize that these same institutions are likely to hire more loan officers and/or processors to keep up with this increased demand. This will result inevitably in some people with inadequate experience or training participating in the lending, sales, or servicing processes. Other, more nefarious people, are likely to seek to slip through the candidate vetting process to capitalize on the opportunity this explosive increase in demand creates. In either case, it’s essential to ensure that the sensitive information stored in the Salesforce instances used by these institutions is as secure as it can be.

What can you do?

Here are some general guidelines to help get you started securing your Salesforce org:

-Identify and understand the type of data that will be needed for loan processing and stored in your Salesforce platform. Determine if new fields may be required to accommodate the government's lending rules under the Paycheck Protection Program (PPP) for an SBA loan that helps businesses keep their workforce employed during the Coronavirus (COVID-19) crisis.

-Review the data classification of your fields in the Salesforce platform. If new fields have been introduced recently, take the time to classify these fields based on your institution's data classification framework. Be sure to pay close attention to fields that contain highly sensitive information, i.e., Tax ID/EIN, Social Security Numbers, etc. Identify highly sensitive information as high risk so that it can be treated with more extensive controls.

-Determine if sensitive data should be encrypted while at rest and understand the business impact of encrypting those fields BEFORE enabling the encryption. When the processing demand hits, loan processors will need everything working smoothly so they can process as many loans as possible - quickly, and accurately.

-Determine who should have access to sensitive data, and what functions they should be able to perform on those fields and objects (i.e., view only, edit, delete?). Loan processors should be enabled to perform their job functions without exposing sensitive data unnecessarily if it's not required for their workflows. Try to focus on the principle of least privileged access.

-Make sure the changes to sensitive fields are being tracked, so changes to these fields can easily be reported / audited.

-Understand the security controls that are in place and be able to provide comprehensive compliance and oversight reporting. While we are in a state of "hurry up!", it's also important to be able to prove the controls and historical context that are implemented for the inevitable audits in the future.

For further information on securely enabling a remote workforce on your Salesforce Platform, check out this blog. To learn more about Own Secure, request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.

Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo
Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo

You may also like


Own Company Awarded 10 Badges in G2 Fall 2023 Report

For the Fall 2023 reports, G2 has awarded Own ten badges, all based on reviews from verified users about their experience using Own.

Backup and Recovery

Dynamics 365 Release Wave: How Might Industry Cloud Data be Impacted?

We’ve reviewed more than 600 pages of release notes and highlighted the features that are more likely to impact your data.


How to Maintain Compliance in the COVID Era

Businesses that fail at security and compliance are at risk. With many businesses working remotely, these security risk mitigation strategies are crucial.


Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo