Magazine article Mortgage Banking

The Information-Security Challenge: The Mortgage Bankers Association Recently Issued a Comprehensive Study of Mortgage Industry Information-Security Requirements. the Study Also Outlines a Five-Step Model for Information Assurance That's Tailored to Residential and Commercial Lenders' Compliance Needs

Magazine article Mortgage Banking

The Information-Security Challenge: The Mortgage Bankers Association Recently Issued a Comprehensive Study of Mortgage Industry Information-Security Requirements. the Study Also Outlines a Five-Step Model for Information Assurance That's Tailored to Residential and Commercial Lenders' Compliance Needs

Article excerpt

Whatever happened to the vision of the easy exchange of information in the 21st century? The Internet was presented as the stage for a new business model where customers, employees and partners would drive business to new heights by communicating via a broad range of media, applications and connectivity. [??] Customers would be able to obtain services and manage accounts through multiple user-friendly tools. Employees could work anywhere at anytime. Trading partners would be connected through a multitude of interfaces, using a variety of savvy methods of communication. And all of this activity would be fueled by seamless connections to databases throughout cyberspace. [??] When the Internet protocol was created, it was designed through a U.S. Defense Department research project, with the main design goal of providing a network that would survive cataclysmic events causing massive disruption (read: nuclear explosions) and be able to route around the affected area, resulting in the rest of the network maintaining connectivity and communication.

The protocol has been put to the test as recently as 2005--when Hurricanes Katrina and Wilma disrupted all electronic connectivity in Louisiana and Florida--and the Internet routed around the areas.

What was not contemplated in its design was network-layer security. Therefore, it was reasoned, security would be added on an as-needed basis at the application or system level.

The door to the utopian open exchange of all information is closing, and fast. The reality of viruses, hackers, phishing, pharming, lost tapes and laptops--not to mention the persistence of plain old fraud--has changed that idealistic vision. Now, the latest news stories are not just "Gee whiz!," but also "Danger, danger, Will Robinson!" The compromise of nonpublic personal information, corporate misrepresentation of finances and even increased threats to our children are headlining the stories we read today.

Regulators and legislators have been listening and reacting to these developments. Regardless of whether the source of risk is terrorism, criminal activity, or vulnerable databases and poor security practices, firms now must meet new standards established to safeguard our physical, corporate and consumer safety. A whole slew of new legal and regulatory requirements have been imposed on business as a result of a range of new risks that are now apparent.

The Enron Corporation and WorldCom scandals drove the U.S. Congress to legislate improved controls over public companies' financial records. The Sarbanes-Oxley Act of 2002 and the Public Company Accounting Reform and Investor Protection Act established specific accountability for boards of directors, management and auditors as to the correctness and accuracy of financial reports.

The USA PATRIOT Act was signed into law in response to the Sept. 11, 2001, terrorist attacks against the United States. A portion of that statute defines requirements for businesses to better understand who their customers are before engaging in financial transactions.

In February 2005, Alpharetta, Georgia-based ChoicePoint Inc. suffered a major information-security breach that led to the unauthorized disclosure of nearly 163,000 personal and nonpublic information records, according to the Federal Trade Commission (FTC). What triggered the public announcement of this breach was the California Security Breach Information Act (California S.B. 1386). That law requires organizations holding the personal information records of California state residents to notify those residents should a security breach occur that results in the unauthorized and unencrypted disclosure of those records.

Since the California security-breach legislation, more than 30 states have enacted similar versions of breach and notifications laws, and similar legislation has been proposed at the federal level.

The breath, depth and multitude of federal- and state-enacted legislation has had a significant impact on mortgage lending. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.