Main Credit Reporting AgenciesMost important credit agencies
The CFPB goes hand in hand with data protection in the disclosure of mortgages | Insights and incidents
The Equifax Infringement has made individuals, businesses and regulatory authorities aware of the risks posed by personally identifiable information and many businesses are looking for ways to reduce the risks of unauthorised disclosures. Enterprises must audit their inbound and outbound information systems, the types of information they store, maintain, and use in their daily business, and their procedures and controls in order to make sure that information is secured in the most meaningful and cost-effective manners.
To create efficient information protection guidelines and practices, organizations must also analyse certain legislation that mandates organizations to provide essential information to regulatory agencies. The Homegage Disclosure Act and Regulation C, which obliges many creditors to provide certain information about their private mortgages activity and to make it available to the general public, are among these Acts.
The Office for the Financial Security of the Consumer published guidelines in a timely press statement to explain how the Office would disseminate to the general public key information on the activities of retail mortgages under the HMDA. These guidelines set out the CFPB's information analyses and the associated risk associated with credit information for individuals and groups of information that could be used to help individuals understand their situation.
CFPB is in charge of gathering this information and then making it public so that HMDA customers can forecast private mortgages trend. The HMDA in its present format contains information on home buyers and claimants that can enable HMDA user groups to easily spot specific customers, deals and real estate.
Accessibility to this information could present a potential hazard for customers, a problem recognised by the CFPB in its recent guidelines. The CFPB is taking measures to reduce the risks of identification of individuals by HMDA system operators through these recent guidelines. Exclusion of certain items from the HMDA databank, such as the unique ID of the global credit, the date of receipt of the request, the date on which the bank acted on a secured credit or request, the location of the object providing security for the credit and the creditworthiness on which the credit assessment is based.
Excludes free-form arrays used to notify candidate or recipient races, ethnic origin of candidates or recipients, the name and release of the credit rating scheme used to create any credit rating or credit rating used in the credit approval process, the primary cause or causes on which the bank may have declined the request, and the name of the automatic system of insurance coverage.
Modify MFDA information at the government lending layer to lower the accuracy of most reporting figures, to include rounded amounts of the secured loans amount and the value of the real estate that secures the loans to the closest $10,000 range; report age of borrower in areas (i.e. 25 to 34, 35 to 44, 45 to 54, 55 to 64 and 65 to 74); reporting on the borrower's overall borrower debts and incomes per month for credit choices within bands, unless the consumer's debt-to-income is between 40 and 50 per cent, in which case it is provided as presented by the bank.
CFPB seems to focus not only on promoting the very aim of regulation, but also on guaranteeing the protection of consumers' data. CFPB guidelines provide a clear analytical picture of what the Office regards as personal data, alone or in combination with other information that may present a potential threat to clients when publicly available.
The Directive is a good way of bridging a possible opening that cyber criminals could use to hijack, abuse, resell or tamper with user information. CFPB also provides a roadmap for information about customers that CFPB considers may be detrimental or vulnerable if exposed, and an insight into CFPB's expectation of providers of financial products that can be used for internal analysis of a company's own information protection programme.
In the Guidelines, it is noted that the CFPB recognises that, as a public authority, strengthening its efforts to enforce dishonest and misleading practices related to the protection of individuals and cyber security, it must also recognise that the gathering of non-public personally identifiable information entails the same kinds of risk that it seeks to remove from the market.
CFPB guidelines reflect the severity and scope of the cyber security threat faced by any entity that uses or holds a consumer's personally identifiable information. After Equifax, privacy violations have become a key issue for regulatory authorities, CFPB included. Indeed, only last months the CFPB indicated that it was considering integrating the regulatory authorities into the three main credit bureaus.
In many countries, retail property deals have been publicly known for years, but the promise of wide-spread misuse of this information has led the German governments and some states to restrict publicly available information. It is therefore essential that banks fully grasp the keys to a resilient information protection programme, encompassing the type of information the organisation gathers, where the information is held, who has acces to the information, how the information moves within the organisation, how the information is transferred outside the organisation, checks at each point of entry, as well as information classifications and layers of sophistication.
Enterprises should also conduct corporate trainings, tutorials, table-top and compliance drills to help anticipate possible security challenges. Whilst the environment is changing and regulatory authorities are focusing on stronger state and state regulations and enforcements, businesses must further re-evaluate and develop resilient compliance programmes.
Also, it is important that these practices should be outside the "pen and paper" guidelines and practices within a company. Strong programmes should encompass learning and development and testing, oversight of the boards and senior managers, verification and attendance of table-top activities, and tight co-ordination with in-house and external law, information technologies, senior leadership, regulatory affairs and innovations as well as general information, consciousness and cultural affairs within the organisation.