Why Platform Stability Belongs on Every Lender’s Technology Due Diligence List

Why Platform Stability Belongs on Every Lender’s Technology Due Diligence List

When lenders evaluate a loan management platform, most of the evaluation time is spent on features: does it support my loan product type, does it have the ACH rules I need, how does the collections queue work? These are legitimate questions — but they leave out one of the most consequential dimensions of the decision.

By the numbers: Total nonrevolving consumer credit outstanding in the U.S. reached $3.78 trillion in 2025, per the Federal Reserve G.19 Consumer Credit Report. Meanwhile, FDIC data shows 70.5% of banked U.S. households now primarily use off-site digital channels — making modern loan management software essential infrastructure for any competitive lender.

Platform stability. The long-term financial health and operational reliability of the technology vendor itself.

It sounds like a secondary concern until you have experienced a vendor failure firsthand. A loan management system that goes dark — due to the vendor’s financial collapse, an acquisition that disrupts development, or infrastructure that cannot handle growth — doesn’t just create operational inconvenience. It creates regulatory exposure (compliance systems fail), financial exposure (payments cannot be processed), and customer experience damage (borrowers cannot access their accounts).

This post makes the case for including platform stability in your vendor due diligence — and explains what indicators to look for.

The Vendor Risk That Lenders Underestimate

The consumer lending software market has historically included many small, undercapitalized vendors who entered with a focused product and a competitive price point. Some grew into stable, capable organizations. Others did not.

The FDIC’s guidance on technology service provider oversight and the FFIEC’s IT Examination Handbook on service provider management both require regulated financial institutions to conduct due diligence on technology vendors as part of their third-party risk management programs — including assessment of the vendor’s financial health and business continuity planning.

For non-bank lenders who are not directly subject to these frameworks, the underlying logic applies equally: a technology vendor whose business fails takes your operating infrastructure with it.

What Stability Indicators to Examine

Longevity. How long has the vendor been operating at scale? A platform that has been running for 18+ years has navigated multiple credit cycles, regulatory shifts, and technology transitions. Vergent LMS has been developed continuously since its founding by practitioners from within the lending industry.

Business model. Vendors that are cash-flow positive from customer revenue are structurally more stable than those dependent on external investment for day-to-day operations. A vendor whose growth is funded by its own customers’ subscription fees is aligned with long-term product quality in a way that a venture-funded vendor racing toward an exit is not.

Infrastructure and certifications. Cloud hosting with enterprise-managed security (Vergent operates on Microsoft Azure with Rackspace Enterprise Managed Security), SOC 1, SOC 2, and SOC 3 certifications, and PCI DSS compliance are verifiable indicators of infrastructure investment. The annual audit process required to maintain these certifications requires genuine security and operational discipline.

Uptime record. A clean, single code base with zero-downtime release deployments — Vergent’s releases are deployed on a monthly schedule, typically on a Sunday morning, with no disruption to ongoing operations — indicates operational maturity.

Portfolio scale. A vendor managing 20,000+ daily active users and $1 trillion+ in total loans serviced has demonstrated that its infrastructure scales. A vendor with a small install base has not been stress-tested at the volumes a growing lender will eventually place on the system.

US-based operations. For lenders subject to US regulatory requirements, having the software development and support teams in the same regulatory environment matters. Vergent’s development and support are performed entirely by US-based employees across two offices, with four CPAs on staff ensuring financial accuracy of all platform outputs and GL integrations.

Release Process: Another Stability Signal

How a vendor manages software releases reveals a great deal about operational discipline. Platforms that push updates without warning, deploy releases that cause production downtime, or release frequently with poor quality control create operational risk for the lenders running on them.

Vergent operates on a monthly release cycle. One week before each release, release notes are distributed to all clients describing every item in the upcoming release — including instructions for any new configuration options. Releases are deployed on a consistent schedule (second or third Sunday of each month) during low-traffic hours, with no downtime.

This cadence and transparency allow lenders to prepare for changes, plan staff training, and choose which new capabilities to adopt — rather than discovering changes after they affect daily operations.

FAQ

What due diligence should lenders conduct on a loan management software vendor?
Key areas include: vendor financial stability (profitability, funding model, longevity), security certifications (SOC 1/2/3, PCI DSS), uptime track record, data portability terms (can you export your data if you switch?), reference clients at similar scale, regulatory compliance history, and business continuity/disaster recovery planning.

What do SOC 1, SOC 2, and SOC 3 certifications mean?
SOC (System and Organization Controls) certifications are issued by independent auditors who evaluate an organization’s internal controls. SOC 1 covers controls relevant to financial reporting. SOC 2 covers security, availability, processing integrity, confidentiality, and privacy. SOC 3 is a public-facing summary of SOC 2 results. Maintaining all three certifications requires annual independent audit and demonstrates ongoing commitment to security and operational standards.

What happens to loan data if a software vendor goes out of business?
This is a critical risk that should be addressed in vendor contracts. Key provisions to require: data export rights in standard formats (CSV, XML), access to data during a wind-down period, and escrow arrangements for source code if the vendor is acquired or ceases operations. With a real-time replicated database add-on like Vergent’s, lenders also maintain a current, independent copy of their data at all times.

Contact Vergent at vergentlms.com to learn more about platform infrastructure and certifications.

Sources: FDIC Technology Service Provider Guidance | FFIEC IT Examination Handbook — Service Providers | IBM/Ponemon Cost of a Data Breach 2023