The CFPB’s Next Target

In a previous column I talked about how apathy enables cyber crimes. Cyber crimes are now larger than all property crimes combined. Unfortunately this apathy leads most lenders and service providers in the mortgage industry to still believe that cyber crime might hit Target and other well know retailers but not the mortgage industry. Well, I hope these recent events may change your thinking.

Last week Ellie Mae confirmed that its recent outages, which have forced lenders to delay loan closings, resulted from a flood of service requests “characteristic of a distributed denial of service” attack.

As reported in National Mortgage News, “loan closings delayed by the attack have forced lenders to pay for rate lock extensions and hedging losses. Home closings funded by purchase mortgages have been delayed, presumably inconveniencing consumers who need to move.”

So, do you still believe that cybercriminals are not going to hit the mortgage industry? In addition to this latest attack, “The U.S. Securities and Exchange Commission is examining the exposure of stock exchanges, brokerages and other Wall Street firms to cyber attacks that have been called a threat to financial stability,” according to a Bloomberg News report published on March 26, 2014.

The article went on to say that “The SEC and the Financial Industry Regulatory Authority, which oversees broker-dealers, identified cybersecurity as a priority for compliance examinations. Criminal hacking cost financial services companies, on average, about $18.8 million in 2013, according to a study by the Ponemon Institute, a research and consulting firm. The report estimated an average cost for brokerages of $19 million and $21.9 million for investment advisers.”

“Hackers targeting broker-dealers may seek intellectual property such as trading algorithms or the source code of trading systems,” said Richard Bejtlich, chief security strategist at FireEye Inc., a Milipitas, California-based information-security consultant. “Manipulation of critical data systems probably poses the greatest risk to Wall Street companies whose buy-and-sell decisions and order routing are increasingly automated. Under a rule proposed last year, exchanges would be required to promptly disclose to their broker-dealer members any breaches of critical systems.“

Given the Ellie Mae situation and the potential threat of more attacks to come to the mortgage industry, isn’t it just a matter of time before the CFPB follows the SEC and FINRA in indentifying cybersecurity as a priority for compliance examinations? The bottom line is that no longer can the mortgage industry allow apathy to enable cyber crimes. The time to act is now before the regulators force your hand.