What to expect at HousingWire’s Spring Summit

The focus of the Summit is The Year-Round Purchase Market. Record low rates led to a banner year for mortgage lenders in 2020, and this year is expected to be just as incredible.

How real estate agents can increase profitability in 2021

As real estate professionals strategize on how to do business in this competitive, fast-paced market, they’ll discover the need for better tools to market their listings.

HousingWire's 2021 Spring Summit

We’ve gathered four of the top housing economists to speak at our virtual summit, a new event designed for HW+ members that’s focused on The Year-Round Purchase Market.

An Honest Conversation on minority homeownership

In this episode, Lloyd interviews a senior research associate in the Housing Finance Policy Center at the Urban Institute about the history and data behind minority homeownership.

Politics & Money

The OCC slaps Capital One with $80M fine over cybersecurity, risk management practices

In particular, the OCC took issue with the bank’s customer notification and remediation efforts.

This article was written for FinLedger, HW Media’s new fintech-focused news brand designed specifically for financial services professionals in banking, insurance and real estate. Stay tuned for updates.

Migrating to the cloud is an increasingly common practice for financial institutions. But with that migration comes increased risk. If not done properly, the process could leave sensitive information vulnerable and potentially lead to breaches. As such, there is more scrutiny than ever on cloud migration practices.

On Thursday, the Office of the Comptroller of the Currency said that it has assessed an $80 million civil money penalty against Capital One N.A., and Capital One Bank (USA) N.A. related to the migration of “significant” IT operations to the cloud.

Specifically, the OCC said the civil money penalty was based on the “bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment.” It also was based on the bank’s failure to correct the deficiencies in a timely manner, according to the OCC.

The OCC in particular took issue with the bank’s customer notification and remediation efforts. 

“While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers,” it said in a written statement.

The incident that the OCC is referring to goes back to last September when the bank determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for its credit card products.

Capital One estimated that the incident impacted about 100 million people in the United States and approximately 6 million in Canada.

Beyond credit card application data, the hacker obtained portions of credit card customer data, including: customer status data, social security numbers, and linked bank account numbers.

A look at the OCC’s Cease and Desist Order reveals that the agency’s comptroller found that Capital One failed to appropriately design and implement certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts. 

It also alleged that the bank’s internal audit failed to identify “numerous control weaknesses and gaps in the cloud operating environment.” Further, the OCC claims that the bank’s board did not hold management appropriately accountable, particularly in addressing concerns regarding certain internal control gaps and weaknesses. 

We reached out to Capital One for comment and the bank provided the following statement:

“Safeguarding our customers’ information is essential to our role as a financial institution. The controls we put in place before last year’s incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker. In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders. We appreciate our regulators’ recognition of our positive customer notification and remediation efforts, and remain committed to working closely with them to ensure that we meet the highest standards of protection for our customers.” 

Capital One will pay the $80 million penalty to the U.S. Treasury as part of an agreement with the OCC.

The bank is also said to have entered into consent orders with the Federal Reserve Board of Governors and the OCC resulting from regulatory reviews of the incident and relating to ongoing enhancements of its cybersecurity and operational risk management processes.  

Are you a financial services professional hungry for better fintech news and info? HW Media is proud to introduce FinLedger, a fintech media brand that will cover the critical news impacting financial services professionals — from SaaS to big data, and cybersecurity to regtech. Want to be notified when we launch? Enter your email here and follow us on Twitter.

Leave a comment

Most Popular Articles

FHFA extends forbearance period to 18 months

In an effort to protect homeowners, the FHFA extended forbearance coverage to 18 months and pushed the eviction and foreclosure moratorium to June 30.

Feb 25, 2021 By

Latest Articles

Purchase market will highlight closing process problems

The closing process, that time between underwriting approval and the actual closing, is the mortgage industry’s not-so-secret Achilles heel.

Mar 01, 2021 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please