MReport February 2020

TheMReport — News and strategies for the evolving mortgage marketplace.

Issue link:

Contents of this Issue


Page 26 of 67

M R EP O RT | 25 FEATURE M ortgage banking firms serious about managing cybersecu- rity risk must con- sider a variety of factors across the organization, including processes, equipment, facilities, human capi- tal/people, industry knowledge, skills, and the use of third-party service providers. Doing so means there must be a commitment to having a robust risk-management technology solution that combines both internal controls and regula- tory compliance that adequately encompasses these factors. Having such a technology solution is a critical lynchpin toward creation of a culture within the organiza- tion and amongst third-party service providers focused on understanding and managing cybersecurity risk and embracing necessary internal controls. This is particularly critical given the myriad of sensitive, confidential, and customer/ investor-centric financial informa- tion that mortgage bankers house and are privy to—including loan origination, underwriting, deal structuring and securitization, customer service, cash application processing, and loan servicing, on through to foreclosure, bank- ruptcy, REO processing, and asset disposition. It is, therefore, necessary to have a technology solution that helps identify control and com- pliance gaps and which allows management to achieve its princi- pal objective of taking necessary preemptive actions to ensure the protection of consumer and inves- tor data. Proactively Focusing on Prevention B eing proactive by taking preventative actions is crucial. Once cybersecurity risk has reared its ugly head and damage has been done, the organization's road to recovery may be in peril. Mortgage bankers should consider having one end-to-end technology solution that can assist them in getting out in front of those latent and hidden risks that may cause damage—not only to each spe- cific functional component of the mortgage finance organization (i.e. loan origination, underwriting, customer service, loan servicing, payment processing, collections, loss mitigation, default manage- ment, structuring/securitization, etc.), but also to the enterprise as a whole (i.e. whether it be a sav- ings/commercial bank/investment bank, a broker dealer specializing in trading, etc.). Having multiple technology solutions is the least preferable option, as having more than one system only potentially increases the cybersecurity risks associated with housing propri- etary customer and investor infor- mation on multiple platforms. Protecting the consumer's private information needs to be front-and-center. If not, the impact that cybersecurity breaches may have on the mortgage business can be devastating. Data breaches involving investor informa- tion that may be held by a firm (i.e. the issuer, the sponsor, the securitization agent, the primary or master servicer, etc.) can be equally devastating. Regardless of how low interest rates being offered are, how high the quality of the customer ser- vice is, how good a job the firm does at default management and loan servicing, or how effective they are at minimizing loss sever- ity, investors and consumers will undoubtedly take their business elsewhere once they lose confi- dence that their data is not being maintained confidentially and being adequately protected. Data breaches involving con- sumer/investor data and infor- mation can be enough for any mortgage banking entity to lose business permanently. Aside from the potential financial impact, having just one data breach may be all it takes to shatter con- sumer/investor confidence and end the firm's ability to operate as a going concern. Once the damage is done, it is too late to By Vincent Spoto

Articles in this issue

Archives of this issue

view archives of TheMReport - MReport February 2020