In October 2017, Mortgage Compliance Magazine featured cyber security compliance to help highlight National Cyber Security Awareness Month. According to a September 2017 Grant Thornton study, federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017. KPMG reports that over the next three years, CEOs expect to make significant cyber investments, but do have digital, data, and sensory concerns.
But, as we’ve seen in recent national news, cyber attacks have continued to occur. The U.S. Securities and Exchange Commission’s (SEC) EDGAR database was compromised last year. And, most recently, the credit reporting bureau Equifax reported a data breach that was estimated to put the personal information of as many as 143 million Americans at risk.
PwC’s Financial Services Institute conducted a Global State of Information Security Survey in 2017 and, from the US financial services respondents, reported the top five cybersecurity challenges:
- 36% Assessment of security protocols and standards of third-party vendors
- 33% Complex technologies
- 30% Ability to protect personally identifiable customer information
- 30% The need for clear regulatory guidance
- 29% Employee training
Financial institutions must engage in robust, ongoing efforts to thwart or identify and resolve data security issues. The Federal Financial Institutions Examination Council (FFIEC) offers tools and resources to help management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institutions.
The resources are found at https://www.ffiec.gov/cybersecurity.htm, and include the Cybersecurity Assessment Tool designed to help institutions identify their risks and determine their cybersecurity preparedness. The Assessment provides a repeatable and measurable process for institutions to measure their cybersecurity preparedness over time. Beyond reiterating technical and theoretical data, it offers guidance on the process flow financial institutions should employ to maximize cybersecurity compliance oversight.
Stumped on how examiners will assess your institution’s cybersecurity compliance and find gaps. Look no further than the FFIEC IT Examination HandBook InfoBase. The process and tools employed by regulatory agencies could be the block from which your financial institution can begin building its own cybersecurity compliance management program.
Two things are sure – besides death and taxes – cybersecurity will continue to grow and challenge legitimate mortgage businesses, and management and directors of financial institutions must continuously seek to understand the regulatory agencies’ supervisory expectations, increase their awareness of cybersecurity risks, and maintain processes to assess and mitigate the risks facing their institutions.
Around the Industry:
CFPB launches beta platform for HMDA.
On the Horizon:
NMLS Annual Conference set for February 2018.
What should your company be doing to maximize its compliance training? See this to learn more.