Adam Constantine on MLK Jr.’s impact on housing equality

During the interview, Constantine explains why the industry needs to focus on evoking intentional change rather than launching lackluster initiatives.

Navigating capacity concerns amidst record-high volumes

High loan volumes continues to loom large in the new year, making the “one-stop-shop” approach to the servicing and lending process even more appealing.

Amid record-high origination volumes, mortgage fraud risk is down

CoreLogic's recently released Mortgage Fraud Report is the industry standard for nationwide fraud monitoring and analysis. Read the findings here.

How student loan debt impact homeownership

Student loan expert Catalina Kaiyoorawongs shares her practical and tangible advice for people who feel overwhelmed by their student loan debt.

InvestmentsMortgageReal Estate

New York unveils sweeping cybersecurity regulations

Banks, financial services industry will be required to amp up security

Banks, insurance companies and other financial services companies that operate within the state of New York will soon be required to significantly increase their cybersecurity programs in an effort to further protect consumers’ personal and financial information.

The new regulations, proposed this week by the office of New York Gov. Andrew Cuomo and the New York Department of Financial Services, would require companies that are regulated by the NYDFS to establish a cybersecurity program, adopt a cybersecurity policy, add a chief information security officer, and would require companies to additional levels of security when working with third-party service providers.

In a statement, Cuomo called the new regulations a “first in the nation” and noted the critical importance of protecting sensitive financial information.

“New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,” Cuomo said. “This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”

Under the new regulations, which are subject to a 45-day notice and public comment period before a final issuance, NYDFS-regulated companies will be required to establish a cybersecurity program that performs the following functions:

  • Identification of cyber risks
  • Implementation of policies and procedures to protect unauthorized access/use or other malicious acts
  • Detection of cybersecurity events
  • Responsiveness to identified cybersecurity events to mitigate any negative events
  • Recovery from cybersecurity events and restoration of normal operations and services

Companies will also be required to adopt a written cybersecurity policy that covers the following items, “at a minimum,” according to the NYDFS:

  • Information security
  • Data governance and classification
  • Access controls and identity management
  • Business continuity and disaster recovery planning and resources
  • Capacity and performance planning
  • Systems operations and availability concerns
  • Systems and network security
  • Systems and network monitoring
  • Systems and application development and quality assurance
  • Physical security and environmental controls
  • Customer data privacy
  • Vendor and third-party service provider management
  • Risk assessment
  • Incident response

And companies must also add a chief information security office to put all of those policies and procedures into place.

New York’s new rules come on the heels of news that the nation’s biggest banks, including JPMorgan ChaseBank of America and Goldman Sachs, are joining together to share information on cybersecurity in a concerted effort to prevent future cyber attacks.

And with so financial institutions holding so much confidential information about consumers and various financial instruments (mortgages included), increased security is more important that ever.

In fact, HousingWire magazine’s issue from April was dedicated to the rising problem of cyber security.

According to the NYDFS, New York’s rules were informed by discussions with nearly 200 regulated banking institutions and insurance companies, as well as cybersecurity experts, over emerging trends and risks, as well as due diligence processes, policies and procedures governing relationships with third-party vendors.

“Consumers must be confident that their sensitive nonpublic information is being protected and handled appropriately by the financial institutions that they are doing business with,” NYDFS Superintendent Maria Vullo said.

“DFS designed this groundbreaking proposed regulation on current principles and has built in the flexibility necessary to ensure that institutions can efficiently adapt to continued innovations and work to reduce vulnerabilities in their existing cybersecurity programs,” Vullo continued. “Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks.”

Most Popular Articles

Prepare for the rise in mortgage rates

Economists offer their takes on how high mortgage rates will climb, how lenders will respond and what impact this will have on the housing market. HW+ Premium Content

Jan 18, 2021 By

Latest Articles

The real danger of releasing the GSEs from conservatorship

Dave Stevens writes: My experience with [the GSEs] began in earnest in 1999 when I became the senior vice president in charge of Single Family at Freddie Mac…It was this period that framed my entire perspective of the GSEs and what made me appreciate that they are both critical to housing finance yet equally as dangerous to the same sector and the broader economy.

Jan 22, 2021 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please