.png)
Close
.svg){kind=icon}
Cybersecurity threats and cybercrimes are significantly impacting the mortgage industry. New threats evolve as technology progresses. Artificial Intelligence (AI) is being used to impersonate and manipulate individuals to gain access to sensitive data. All of this should be a huge concern for mortgage professionals. Protecting the consumer’s personal data is becoming more important than ever, and there are increased reporting requirements everyone needs to know and understand. All companies should have specific policies and procedures in place to ensure compliance — with adequate security measures and detailed reporting requirements identified.
There are several laws that regulate how the mortgage industry is required to protect the consumer’s personal information, and what needs to be done when that information has been compromised or breached.
In 2024, the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule became fully enacted and will be enforced by the Federal Trade Commission (FTC). The new Safeguard Rule requires mortgage lenders, mortgage brokers, and several other financial entities to report directly to the FTC in the event of a cybersecurity breach. Under the Safeguard Rule, any company that experiences a security breach involving at least 500 consumers must report it to the FTC no later than 30 days after discovery — or sooner if possible.
The notification process to the FTC is an online portal that will collect the information on the incident. This data includes details of the breach, the number of customers impacted, and how the breach was handled so far in the process. On this last point, the FTC wants to know what specific steps have been taken, such as contacting local law enforcement, reporting to the FBI or other federal agencies as applicable, and whether a criminal investigation has been initiated on the breach.
In addition to federal regulations, there are the lender and agency requirements for reporting a data breach. If you are a direct lender or mortgage banker, you may need to report directly to FHA, Fannie Mae or Freddie Mac in the event of a data breach incident.
States also have their own requirements, including reporting the incident, identifying the root cause of the breach, and providing “Corrective and Preventative Action Plans.”
The Fair Credit Reporting Act (FCRA) requires creditors to inform the consumer in the event of a data breach. The notification must provide insight into the incident, and how it may impact the consumer. The creditor must offer the consumer options on how to protect themselves from further implications in the event a consumer’s information is used illegally. This may include credit protection options, access to free credit reports, or instructions on how to freeze and monitor credit activities as a consumer. Creditors must also provide additional information on how to dispute, and report, any incident where the consumer’s information is being used without their permission or knowledge.
Cybersecurity protections are also a part of a mortgage company’s examination process. Examiners will ask for your company’s policies and procedures, which need to address how the company’s “Information Security Program” works. Specifically, examiners will want to understand how the company identified the associated risks and how the security monitoring programs are used to protect the consumer’s data. If the company has remote work locations, how is the company monitoring, protecting, and ensuring that all remote work activities are secure? Cybersecurity protections also go beyond the company’s computer systems to third-party vendors selected and used. Do you have an adequate vendor management program, one that requires due diligence of the vendors selected to perform vital mortgage-related services? The examiners will also review insurance policies for adequate insurance coverage for cybersecurity, ransomware and data breaches. Finally, the review will include a look at the company’s incident response and remediation plans.
How are you preparing, defending, and protecting your company’s data and your clients’ personal information in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule and Fair Credit Reporting Act (FCRA)? Do you know what specific state requirements are applicable to you based on where you are licensed to conduct mortgage loan origination activities?
Cybersecurity threats and cybercrimes are significantly impacting the mortgage industry. New threats evolve as technology progresses. Artificial Intelligence (AI) is being used to impersonate and manipulate individuals to gain access to sensitive data. All of this should be a huge concern for mortgage professionals. Protecting the consumer’s personal data is becoming more important than ever, and there are increased reporting requirements everyone needs to know and understand. All companies should have specific policies and procedures in place to ensure compliance — with adequate security measures and detailed reporting requirements identified.
There are several laws that regulate how the mortgage industry is required to protect the consumer’s personal information, and what needs to be done when that information has been compromised or breached.
In 2024, the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule became fully enacted and will be enforced by the Federal Trade Commission (FTC). The new Safeguard Rule requires mortgage lenders, mortgage brokers, and several other financial entities to report directly to the FTC in the event of a cybersecurity breach. Under the Safeguard Rule, any company that experiences a security breach involving at least 500 consumers must report it to the FTC no later than 30 days after discovery — or sooner if possible.
The notification process to the FTC is an online portal that will collect the information on the incident. This data includes details of the breach, the number of customers impacted, and how the breach was handled so far in the process. On this last point, the FTC wants to know what specific steps have been taken, such as contacting local law enforcement, reporting to the FBI or other federal agencies as applicable, and whether a criminal investigation has been initiated on the breach.
In addition to federal regulations, there are the lender and agency requirements for reporting a data breach. If you are a direct lender or mortgage banker, you may need to report directly to FHA, Fannie Mae or Freddie Mac in the event of a data breach incident.
States also have their own requirements, including reporting the incident, identifying the root cause of the breach, and providing “Corrective and Preventative Action Plans.”
The Fair Credit Reporting Act (FCRA) requires creditors to inform the consumer in the event of a data breach. The notification must provide insight into the incident, and how it may impact the consumer. The creditor must offer the consumer options on how to protect themselves from further implications in the event a consumer’s information is used illegally. This may include credit protection options, access to free credit reports, or instructions on how to freeze and monitor credit activities as a consumer. Creditors must also provide additional information on how to dispute, and report, any incident where the consumer’s information is being used without their permission or knowledge.
Cybersecurity protections are also a part of a mortgage company’s examination process. Examiners will ask for your company’s policies and procedures, which need to address how the company’s “Information Security Program” works. Specifically, examiners will want to understand how the company identified the associated risks and how the security monitoring programs are used to protect the consumer’s data. If the company has remote work locations, how is the company monitoring, protecting, and ensuring that all remote work activities are secure? Cybersecurity protections also go beyond the company’s computer systems to third-party vendors selected and used. Do you have an adequate vendor management program, one that requires due diligence of the vendors selected to perform vital mortgage-related services? The examiners will also review insurance policies for adequate insurance coverage for cybersecurity, ransomware and data breaches. Finally, the review will include a look at the company’s incident response and remediation plans.
How are you preparing, defending, and protecting your company’s data and your clients’ personal information in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule and Fair Credit Reporting Act (FCRA)? Do you know what specific state requirements are applicable to you based on where you are licensed to conduct mortgage loan origination activities?
Cybersecurity threats and cybercrimes are significantly impacting the mortgage industry. New threats evolve as technology progresses. Artificial Intelligence (AI) is being used to impersonate and manipulate individuals to gain access to sensitive data. All of this should be a huge concern for mortgage professionals. Protecting the consumer’s personal data is becoming more important than ever, and there are increased reporting requirements everyone needs to know and understand. All companies should have specific policies and procedures in place to ensure compliance — with adequate security measures and detailed reporting requirements identified.
There are several laws that regulate how the mortgage industry is required to protect the consumer’s personal information, and what needs to be done when that information has been compromised or breached.
In 2024, the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule became fully enacted and will be enforced by the Federal Trade Commission (FTC). The new Safeguard Rule requires mortgage lenders, mortgage brokers, and several other financial entities to report directly to the FTC in the event of a cybersecurity breach. Under the Safeguard Rule, any company that experiences a security breach involving at least 500 consumers must report it to the FTC no later than 30 days after discovery — or sooner if possible.
The notification process to the FTC is an online portal that will collect the information on the incident. This data includes details of the breach, the number of customers impacted, and how the breach was handled so far in the process. On this last point, the FTC wants to know what specific steps have been taken, such as contacting local law enforcement, reporting to the FBI or other federal agencies as applicable, and whether a criminal investigation has been initiated on the breach.
In addition to federal regulations, there are the lender and agency requirements for reporting a data breach. If you are a direct lender or mortgage banker, you may need to report directly to FHA, Fannie Mae or Freddie Mac in the event of a data breach incident.
States also have their own requirements, including reporting the incident, identifying the root cause of the breach, and providing “Corrective and Preventative Action Plans.”
The Fair Credit Reporting Act (FCRA) requires creditors to inform the consumer in the event of a data breach. The notification must provide insight into the incident, and how it may impact the consumer. The creditor must offer the consumer options on how to protect themselves from further implications in the event a consumer’s information is used illegally. This may include credit protection options, access to free credit reports, or instructions on how to freeze and monitor credit activities as a consumer. Creditors must also provide additional information on how to dispute, and report, any incident where the consumer’s information is being used without their permission or knowledge.
Cybersecurity protections are also a part of a mortgage company’s examination process. Examiners will ask for your company’s policies and procedures, which need to address how the company’s “Information Security Program” works. Specifically, examiners will want to understand how the company identified the associated risks and how the security monitoring programs are used to protect the consumer’s data. If the company has remote work locations, how is the company monitoring, protecting, and ensuring that all remote work activities are secure? Cybersecurity protections also go beyond the company’s computer systems to third-party vendors selected and used. Do you have an adequate vendor management program, one that requires due diligence of the vendors selected to perform vital mortgage-related services? The examiners will also review insurance policies for adequate insurance coverage for cybersecurity, ransomware and data breaches. Finally, the review will include a look at the company’s incident response and remediation plans.
How are you preparing, defending, and protecting your company’s data and your clients’ personal information in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule and Fair Credit Reporting Act (FCRA)? Do you know what specific state requirements are applicable to you based on where you are licensed to conduct mortgage loan origination activities?
Cybersecurity threats and cybercrimes are significantly impacting the mortgage industry. New threats evolve as technology progresses. Artificial Intelligence (AI) is being used to impersonate and manipulate individuals to gain access to sensitive data. All of this should be a huge concern for mortgage professionals. Protecting the consumer’s personal data is becoming more important than ever, and there are increased reporting requirements everyone needs to know and understand. All companies should have specific policies and procedures in place to ensure compliance — with adequate security measures and detailed reporting requirements identified.
There are several laws that regulate how the mortgage industry is required to protect the consumer’s personal information, and what needs to be done when that information has been compromised or breached.
In 2024, the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule became fully enacted and will be enforced by the Federal Trade Commission (FTC). The new Safeguard Rule requires mortgage lenders, mortgage brokers, and several other financial entities to report directly to the FTC in the event of a cybersecurity breach. Under the Safeguard Rule, any company that experiences a security breach involving at least 500 consumers must report it to the FTC no later than 30 days after discovery — or sooner if possible.
The notification process to the FTC is an online portal that will collect the information on the incident. This data includes details of the breach, the number of customers impacted, and how the breach was handled so far in the process. On this last point, the FTC wants to know what specific steps have been taken, such as contacting local law enforcement, reporting to the FBI or other federal agencies as applicable, and whether a criminal investigation has been initiated on the breach.
In addition to federal regulations, there are the lender and agency requirements for reporting a data breach. If you are a direct lender or mortgage banker, you may need to report directly to FHA, Fannie Mae or Freddie Mac in the event of a data breach incident.
States also have their own requirements, including reporting the incident, identifying the root cause of the breach, and providing “Corrective and Preventative Action Plans.”
The Fair Credit Reporting Act (FCRA) requires creditors to inform the consumer in the event of a data breach. The notification must provide insight into the incident, and how it may impact the consumer. The creditor must offer the consumer options on how to protect themselves from further implications in the event a consumer’s information is used illegally. This may include credit protection options, access to free credit reports, or instructions on how to freeze and monitor credit activities as a consumer. Creditors must also provide additional information on how to dispute, and report, any incident where the consumer’s information is being used without their permission or knowledge.
Cybersecurity protections are also a part of a mortgage company’s examination process. Examiners will ask for your company’s policies and procedures, which need to address how the company’s “Information Security Program” works. Specifically, examiners will want to understand how the company identified the associated risks and how the security monitoring programs are used to protect the consumer’s data. If the company has remote work locations, how is the company monitoring, protecting, and ensuring that all remote work activities are secure? Cybersecurity protections also go beyond the company’s computer systems to third-party vendors selected and used. Do you have an adequate vendor management program, one that requires due diligence of the vendors selected to perform vital mortgage-related services? The examiners will also review insurance policies for adequate insurance coverage for cybersecurity, ransomware and data breaches. Finally, the review will include a look at the company’s incident response and remediation plans.
How are you preparing, defending, and protecting your company’s data and your clients’ personal information in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule and Fair Credit Reporting Act (FCRA)? Do you know what specific state requirements are applicable to you based on where you are licensed to conduct mortgage loan origination activities?
MaxClass is a woman-owned company, and we're offering MWLC members 65% off your continuing education when you use our code WOMENWIN.
MaxClass is a woman-owned company, and we're offering MWLC members 65% off your continuing education. Become a member for our unique code.
MaxClass is a woman-owned company, and we're offering MWLC members 65% off your continuing education when you use our code WOMENWIN.
MaxClass is a woman-owned company, and we're offering MWLC members 65% off your continuing education. Become a member for our unique code.
.jpg)
A surprisingly powerful break from the chaos of grown-up life.
Build self-assurance, project confidence in any setting, and communicate with authority without second-guessing yourself
How mortgage women can achieve Non-QM mastery
.jpg)
.jpg)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.