The next wave of servicing regulation is coming – Are you ready?

Join this webinar to learn what servicers need to know about recent and upcoming servicing compliance regulations and strategies experts are implementing to prepare for servicing regulatory audits.

Inside Look: RealTrends 2021 Brokerage Compensation Study

Steve Murray, senior advisor to RealTrends, gives an exclusive first look at the 2021 RealTrends Brokerage Compensation Report.

Logan Mohtashami on trends in forbearance exits

In this episode of HousingWire Daily, Logan Mohtashami discusses several hot topics in the housing market, including recent trends in forbearance exits and future homebuyer demand in the midst of inventory shortages.

How lenders can prepare for increasing regulatory pressures

As compliance becomes an increased focal point for mortgage lenders and investors, staying ahead of state and federal regulations can be the difference between a flourishing business and one mired in fines.

Politics & Money

The OCC slaps Capital One with $80M fine over cybersecurity, risk management practices

In particular, the OCC took issue with the bank’s customer notification and remediation efforts.

This article was written for FinLedger, HW Media’s new fintech-focused news brand designed specifically for financial services professionals in banking, insurance and real estate. Stay tuned for updates.

Migrating to the cloud is an increasingly common practice for financial institutions. But with that migration comes increased risk. If not done properly, the process could leave sensitive information vulnerable and potentially lead to breaches. As such, there is more scrutiny than ever on cloud migration practices.

On Thursday, the Office of the Comptroller of the Currency said that it has assessed an $80 million civil money penalty against Capital One N.A., and Capital One Bank (USA) N.A. related to the migration of “significant” IT operations to the cloud.

Specifically, the OCC said the civil money penalty was based on the “bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment.” It also was based on the bank’s failure to correct the deficiencies in a timely manner, according to the OCC.

The OCC in particular took issue with the bank’s customer notification and remediation efforts. 

“While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers,” it said in a written statement.

The incident that the OCC is referring to goes back to last September when the bank determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for its credit card products.

Capital One estimated that the incident impacted about 100 million people in the United States and approximately 6 million in Canada.

Beyond credit card application data, the hacker obtained portions of credit card customer data, including: customer status data, social security numbers, and linked bank account numbers.

A look at the OCC’s Cease and Desist Order reveals that the agency’s comptroller found that Capital One failed to appropriately design and implement certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts. 

It also alleged that the bank’s internal audit failed to identify “numerous control weaknesses and gaps in the cloud operating environment.” Further, the OCC claims that the bank’s board did not hold management appropriately accountable, particularly in addressing concerns regarding certain internal control gaps and weaknesses. 

We reached out to Capital One for comment and the bank provided the following statement:

“Safeguarding our customers’ information is essential to our role as a financial institution. The controls we put in place before last year’s incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker. In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders. We appreciate our regulators’ recognition of our positive customer notification and remediation efforts, and remain committed to working closely with them to ensure that we meet the highest standards of protection for our customers.” 

Capital One will pay the $80 million penalty to the U.S. Treasury as part of an agreement with the OCC.

The bank is also said to have entered into consent orders with the Federal Reserve Board of Governors and the OCC resulting from regulatory reviews of the incident and relating to ongoing enhancements of its cybersecurity and operational risk management processes.  

Are you a financial services professional hungry for better fintech news and info? HW Media is proud to introduce FinLedger, a fintech media brand that will cover the critical news impacting financial services professionals — from SaaS to big data, and cybersecurity to regtech. Want to be notified when we launch? Enter your email here and follow us on Twitter.

Leave a comment

Most Popular Articles

Treasury removes restrictions on investment properties

The Treasury Department and FHFA announced Tuesday that they are suspending certain requirements that were added in January to the Preferred Stock Purchase Agreements (PSPAs) between Treasury and Fannie Mae and Freddie Mac.

Sep 14, 2021 By

Latest Articles

Natural disasters and forbearance: What borrowers and mortgage servicers need to know

The United States is grappling with a sharp rise in natural disasters, including wildfires, an active hurricane season, floods, tornadoes and mudslides. The mortgage industry needs to be proactive in examining programs to help borrowers recover.

Sep 17, 2021 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please