Lenders Must Prepare For Cybersecurity Audits – NMP Skip to main content

Lenders Must Prepare For Cybersecurity Audits

Katie Jensen
Dec 15, 2021

'As a lender you are responsible to regulators for your vendor’s adhering to regulations.' - Rob Chrisman

KEY TAKEAWAYS
  • President Joe Biden has issued an executive order that all agencies must adopt a multi-factor authentication (MFA) by mid-November 2021.
  • It has become imperative that cybersecurity is included as an audit plan for every organization. 
  • The purpose of cybersecurity audits is to assess compliance and identify vulnerabilities across digital infrastructures.
  • Not only will this help companies stay ahead of cyber criminals, but it also helps avoid fines. 

President Joe Biden has issued an executive order that all agencies must adopt a multi-factor authentication (MFA) by mid-November 2021. Leading up to the deadline, new regulations will be enforced, even as companies are currently struggling to meet the laws of compliance. It’s not enough to simply stay up to speed on compliance requirements; it has also become imperative that cybersecurity is included as an audit plan for every organization. 

The purpose of cybersecurity audits is to assess compliance and identify vulnerabilities across digital infrastructures. Not only will this help companies stay ahead of cyber criminals, but it also helps avoid fines. 

An on-site audit will entail an auditor – typically a third party vendor – checking your software’s configuration as well as running tests to analyze your network and identify any gaps. A network security audit is a great tool for highlighting potential solutions for strengthening security practices, controls, and mitigating risk. 

“Vendor management is its own discipline, but as a lender you are responsible to regulators for your vendor’s adhering to regulations,” said industry expert Rob Chrisman. “How are you monitoring your service providers? What are they, and you, going to do in the event of a data breach? Is your advertising compliant in terms of print size, color, and placement? Does your company allow team names (“The Jane Doe Team at ABC Mortgage”)? If so, does the name have to be filed with state or county or the NMLS as a DBA/trade name? The list goes on.”

An auditor will help your company understand which tools you need in order to meet compliance standards by taking detailed notes regarding the safety and effectiveness of your current IT tools. The auditor will provide a detailed report on the internal and external security systems, determine what changes need to be made, then allow companies to implement their new and improved defense plan. 

External auditors are extremely detailed but do not come cheap. Overall, it can be difficult to find an auditor with all the necessary qualifications. On the other hand, internal auditors are less expensive, easier to manage, and allow companies to gather data and set their own benchmarks in the auditing process. However, an internal audit can lead to potential bias, which is why audit committees and boards have been established to set expectations and mitigate any potential risks for internal audits. 

Published
Dec 15, 2021
SEC: Angel Oak Capital Advisors Misled Investors

Company, portfolio manager agree to pay $1.825M combined in civil penalties.

Regulation and Compliance
Aug 10, 2022
MISMO Seeks Public Comment On 3 eMortgage Resources

Updates proposed to MISMO Business Glossary, eMortgage Glossary, and eModification Reference Flyer.

Regulation and Compliance
Aug 05, 2022
As Expected, The Fed Raises Rate By Another 0.75%

Experts say housing industry will shrug off the latest increase.

Regulation and Compliance
Jul 27, 2022
AmTrust Ends 'No-Poach' Agreement, Pays $1.25M Fine In Deal With N.Y. AG

Company also agrees to cooperate with ongoing investigations of the title insurance industry.

Regulation and Compliance
Jul 25, 2022
NAR Chief Economist: Nationwide Home Price Decline Won't Happen Soon

Lack of inventory continues to support growth in prices, which have increased year over year for 124 straight months.

Regulation and Compliance
Jul 22, 2022
FHFA Director: Fannie, Freddie Need $300B Combined In Capital

So far, the enterprises combined have built $83.5 billion in reserves, or about 27% of the target.

Regulation and Compliance
Jul 21, 2022