Commercial real estate (CRE) servicing still runs on email. Borrowers send financial statements, draw requests, and payment questions as attachments, and fraudsters know it. The FBI's Internet Crime Complaint Center logged close to $2.77 billion in business email compromise losses in 2024, and the Association for Financial Professionals found that 63% of organizations were hit by an email-based payment scam last year. For servicing teams, fraud is no longer an edge case. It is the operating environment.

That reality framed MBA's CRE Servicing Solutions Conference, held May 17–20 at the Hilton San Diego Bayfront. The industry's leading servicers, lenders, and asset managers came together around one conclusion: trust-based servicing workflows have run their course.

Laura Krashakova, CEO of Smart Capital Center, was invited to speak at the conference on fraud prevention and servicing security. Her core message:

Fraud prevention is not only about catching bad actors after the fact. It is about designing workflows where bad information has fewer places to hide.

— Laura Krashakova, CEO, Smart Capital Center

This article covers the conference's defining themes — and what they mean, in practice, for CRE servicing teams.

A Conference Defined by Two Shifts

Two signals dominated the sessions in San Diego.

1. Verification is replacing trust. It was the through-line of the entire event, and the closing panel made it the explicit takeaway: in CRE servicing, verification has to replace trust as the default control. The panel also put a number on the gap. The industry now verifies roughly 95% of wire instructions. The remaining 5% — trusted, known counterparties — is the entire attack surface.

Business email compromise (BEC) is why that gap matters. BEC is a scam in which an attacker impersonates a trusted contact over email to redirect a payment or steal information. It succeeds because it targets trust, not technology. The scale is documented: the AFP found 63% of organizations experienced BEC last year, and several of the most damaging recent corporate attacks involved no technical hacking at all — only social engineering aimed at help desks, finance teams, and HR.

2. AI moved from pilot to production. For the first time, medium and large servicers described deployed systems rather than experiments. Panelists walked through credit memo processes cut from roughly 40 hours to minutes, and a 200-page form populated in under 30 seconds. The question is no longer whether AI belongs in servicing operations. It is how to deploy AI with the traceability and human oversight that credit decisions demand.

These two shifts are connected. The infrastructure that makes servicing faster is the same infrastructure that makes it verifiable.

Why Email Is the Weakest Link in CRE Servicing

Laura's session focused on a problem most servicing shops live with daily: email is still the main channel for borrower communication, and it is the weakest point in the workflow.

Email is unstructured, easy to spoof, and hard to govern, and it is almost impossible to connect back to the loan record. Yet borrowers use it to submit financial statements, invoices, draw requests, escrow disbursement requests, insurance updates, covenant materials, and payment questions. Each one lands as a loose attachment in someone's inbox, disconnected from the loan, untraceable at scale, and open to interception or impersonation.

The operational cost compounds the fraud risk. Teams answer the same borrower questions again and again. They dig through threads to reconstruct submission history, and they reconcile competing versions of the same financial package. Bad information has too many places to hide.

The Secure Borrower Portal: Verification by Design

The alternative presented at the conference was to move borrower communication out of email and into a secure borrower portal — one controlled environment where borrowers access their loan information around the clock and submit everything the servicing relationship requires.

That shift changes the control environment in three ways.

1. Every submission becomes structured data. Financial statements, supporting documents, escrow disbursement requests, and responses to lender questions are tied to the right loan, borrower, property, timestamp, and workflow. A submission is no longer an attachment. It is a record.

2. Verification becomes part of the design. The portal creates identity validation, permissions, document history, and a complete digital audit trail. The institution knows who submitted what, when, whether it was revised, who reviewed it, and who approved it. Spoofed emails, misdirected attachments, and inconsistent document versions lose their entry points.

3. The borrower experience improves. Borrowers see their invoices, statements, payment history, due dates, and open requests directly, without asking the servicing team. Better control and better borrower experience are usually framed as a trade-off. The portal delivers both.

From Document Drop Box to Intelligent Servicing Layer

A portal alone is not enough. As Laura put it in her session:

The portal should not just be a document drop box. It should be an intelligent servicing layer.

— Laura Krashakova, CEO, Smart Capital Center

That layer monitors submissions, routes tasks, checks completeness, compares new information to prior submissions, and flags inconsistencies. When a borrower uploads financials, the system identifies what is missing, compares the numbers to prior periods, and assigns the right follow-up to the right person. When an escrow disbursement request comes in, the system connects it to the loan agreement, approved budget, inspection report, invoices, and prior draws.

This is where fraud prevention becomes continuous instead of periodic. Everything lives in one auditable environment — borrower communications, financial submissions, disbursement requests, approvals, and servicing history — so AI can continuously check whether the story still holds together: across documents, across time, and across the full loan lifecycle. Smart Capital Center's fraud alert capability applies exactly this approach. It detects inconsistencies across documents and data sources, and surfaces early warning signals before they become exposure.

The productivity evidence for this kind of automation is on the record. Fernando Salazar, Director of Asset Management at JLL, reports:

Instead of the 30–40 minutes it took us previously to process a single financial statement, now it takes 1–3 minutes with Smart Capital.

— Fernando Salazar, Director of Asset Management, JLL

That is a 30x productivity gain on one of servicing's most time-consuming inputs. KeyBank reports a 40% reduction in financial model preparation time. The conference reframed these same capabilities as risk infrastructure, not just efficiency tools.

The Maturity Wall Makes This Urgent

The conference's third major theme gives the portal conversation a deadline — though not the one most headlines assume. According to the MBA's 2025 Commercial Real Estate Survey of Loan Maturity Volumes, roughly $875 billion in CRE loans mature in 2026, much of it carried forward through extensions. But the maturity panel pointed past 2026. Their message: maturities stay manageable through 2028, and the steep climb arrives between 2029 and 2032, when ten-year loans from 2018 and five-year loans from 2023 come due in the same window. One panelist's rule of thumb captured the slope — if your 2028 maturities aren't three times your 2027 volume, you are probably underestimating.

The borrower behavior servicers described is already costly today. Borrowers play “wait and see” on rates. A 30-day delay becomes a 60-day extension request, and servicers at the conference cited extension events running $20,000 or more in legal and documentation fees. The maturity panel's verdict, in one line:

We're never having these conversations early enough.

— Maturity Wall panel

The communication cadence that emerged as best practice is simple. The challenge is running it across thousands of loans.

That cadence cannot be run manually at maturity-wall volume. Automated covenant monitoring, key-date tracking, and proactive alerts — paired with a portal where borrowers can surface their refinance plans without being chased — are the scalable version of these practices.

How to Evaluate a Secure Debt Asset Management Stack

For servicing leaders assessing portal and AI infrastructure after this conference, five tests separate production-ready systems from demos.

1. Loan-record connectivity. Verify that every borrower submission is automatically tied to the loan, borrower, property, and workflow, not filed in a generic document folder by hand.

2. Audit trail completeness. Request a sample audit log. Confirm it captures submission, revision, review, and approval events, with timestamps and user identity. If any step happens outside the system, the trail has gaps.

3. Cross-document intelligence. Submit a current financial statement alongside prior-period data. Confirm the system flags meaningful variances, not just that documents were received.

4. Source-level traceability. When the system flags an inconsistency, analysts should immediately see which documents were involved, which data points triggered the alert, and where that information sits in the source material. Smart Capital Center provides source-level traceability on every extracted figure.

5. Key-date automation at scale. Confirm the system can run the 18/12/6-month maturity cadence across the full portfolio, with configurable templates and escalation, and without analysts manually checking dates.

Risks to Consider Before Deploying

Three risks deserve active management as servicers adopt portal and AI infrastructure.

1. Adoption is a change-management problem, not a technology problem. A portal only removes email risk if borrowers actually use it. Start with high-volume submission types, financials and draw requests, and make the portal genuinely useful to the borrower – provide loan information, reports, property benchmarking, and more. Smart Capital Center’s borrower portal is known for its user-friendly interface and rich capabilities.

2. Alert fatigue from misconfigured anomaly detection. If variance thresholds are set too broadly, monitoring buries real risk signals under false positives. Calibrate thresholds to portfolio-specific norms during a baseline period before turning on automated notifications.

3. Traceability is non-negotiable. If a system flags something, it should show you why. Smart Capital Center is built this way — every flag links back to the source document behind it, so any finding can be defended in an audit.

Looking Ahead

The MBA CRE Servicing Solutions Conference made the industry's direction clear. Verification is replacing trust as operating doctrine. AI has crossed from pilot to production. And a wave of maturities is building toward 2029–2032 that will stress-test every manual workflow servicers still run.

The institutions that respond will not treat these as three separate projects. A secure borrower portal with an intelligent AI layer addresses all three at once. It closes the email attack surface. It puts AI into production where the fraud and capacity stakes are highest. And it builds the automated borrower-communication infrastructure the maturity window demands.

Smart Capital Center is building this infrastructure today, giving lenders, servicers, and asset managers a secure, intelligent servicing environment where every submission is verified, every action is logged, and every workflow scales.

See how Smart Capital Center makes verification structural across your servicing operation. Book a demo today.

FAQ: Fraud Prevention and Servicing Automation for CRE Lenders

Q: How can CRE lenders prevent wire fraud and business email compromise (BEC)?

A: The most effective control is structural: move borrower communication and submissions out of email and into a secure portal with identity validation, permissions, and a complete audit trail. Layer verification protocols on wire instructions — the conference consensus was that the small share of transactions cleared on trust with known counterparties is where attacks concentrate. Employee training matters, but workflow design matters more, because it removes the openings that social engineering exploits.

Q: What is a borrower portal in commercial loan servicing?

A: A borrower portal is a secure environment where borrowers access their loan information — invoices, statements, payment history, due dates, open requests — and submit financials, draw requests, escrow disbursement requests, and insurance documentation directly. Every submission is tied to the correct loan, borrower, property, and timestamp. Loose email attachments become structured, auditable servicing records.

Q: How does AI detect fraud in commercial real estate lending?

A: AI compares information across documents and across time: new financial submissions against prior periods, disbursement requests against loan agreements and approved budgets, borrower-reported performance against market data. By analyzing the full document set at once, AI surfaces inconsistencies that manual, document-by-document review struggles to catch, and routes them to analysts for judgment rather than replacing that judgment.

Q: When do most CRE loan maturities come due?

A: According to the MBA's 2025 Commercial Real Estate Survey of Loan Maturity Volumes, roughly $875 billion in CRE loans — about 17% of outstanding commercial mortgages — mature in 2026, much of it carried forward through extensions. Conference panelists pointed past 2026 to a steeper climb between 2029 and 2032, as 2018 ten-year paper and 2023 five-year paper mature together. Servicers were advised to begin borrower maturity conversations 18 months out.

Q: What should lenders look for in CRE asset management software?

A: Five criteria stand out: automatic connectivity between submissions and the loan record, a complete audit trail from submission through approval, cross-document variance detection, source-level traceability on every alert, and key-date automation that can run maturity notice cadences portfolio-wide. Smart Capital Center delivers all five — and extends well beyond them. The end-to-end system covers the full loan lifecycle, from origination through asset management, with deep expertise in collateral financial analysis. Its asset management suite spans financial reporting, loan compliance monitoring, and insurance renewal review. AI agents monitor loans, submissions, tenants, and tasks; workflow automation moves work forward without manual chasing; and a data-rich borrower portal keeps submissions flowing — every data point traced to its origin. It integrates with Yardi, SS&C Precision, Midland Enterprise, or any system via API.

‍