In alternative finance, brokers send deals by email to super brokers and funders every day. It is familiar, fast, and does not require extra software or development.

The problem is not email itself. It’s what happens after it’s sent.


What Is an Email Submission?

An email submission is a request for business funding sent by email, often to a shared inbox such as submissions@, credit@, or newdeals@. The email typically includes sensitive documents, including credit applications and bank statements.


When Email Works Safely

Email submissions do not inherently mean a company has weak controls. The safest model is when submissions are automatically parsed and routed into the funder’s systems. In that case, email functions only as an intake method, not a place where people manually handle, download, or forward files. These same funders continue to accept submissions by email, largely to accommodate brokers.


When Email Becomes Risky

Email becomes risky when the submission process requires people to download attachments, rename files, forward documents, or manually upload files into other systems. The issue is not that people are involved in the process; it is what their access allows them to do.

Once the attachments are downloaded, the files are now locally available on the employee’s computer. The employee can then log into a personal email account and send the files to themselves or someone outside the company who has no role in the transaction.


Why It Matters

For brokers, a submission is not just a set of documents. It represents their hard work and the commissions that keep their business running.

For funders without safeguards, one mishandled submission can mean competing offers, stacking, or merchants walking away entirely. That is real revenue, and the true impact can be painfully difficult to quantify.

There is also potential liability for both sides if data is misused and the merchant decides to escalate the matter.

All this to say: this is not only a “bad actor” problem. It is an access problem.


What Better Looks Like

Better security does not mean giving up email submissions. It can start with basic controls, depending on the process.

Human behavior also changes when people know they’re being monitored. Something as simple as telling staff during onboarding that document activity is logged can go a long way.

Document watermarking works the same way: visible marks make files harder to pass off as your own, making misuse less likely in the first place.

No control is perfect, but reducing opportunity is how security improves.


My Final Thoughts

Email is not going away overnight, but a shift toward more automation is already in motion. Until then, ask partners how email submissions are handled and evaluate your own process. Companies looking to strengthen their controls can review the Secure Broker and Secure Funder certification guidelines as a starting point.

For Funders For Brokers