Ginnie Mae, the government-owned enterprise, has introduced new cybersecurity incident reporting requirements for issuers of mortgage-backed securities. This measure aims to enhance information security and business continuity standards in the housing finance sector.
Ginnie Mae Implements New Cybersecurity Incident Reporting Requirements
( Credit to: Housingwire )
Ginnie Mae, the government-owned enterprise, has recently announced new cybersecurity incident reporting requirements as part of its commitment to enhancing information security and business continuity standards. Issuers of Ginnie Mae mortgage-backed securities are now required to notify the company of any cybersecurity incidents within 48 hours of detection.
A cybersecurity incident, as defined by Ginnie Mae, includes unauthorized access, disclosure, alteration, transfer, or destruction of confidential personal information that may impact an issuer's ability to fulfill its obligations under the Guaranty Agreement. This new reporting requirement applies to issuers who subservice for others as well, with a distinction made between incidents pertaining to their own portfolio or subserviced portfolios.
Upon receiving notification, Ginnie Mae will request additional information and assess the appropriate level of engagement needed to contain the incident. These measures aim to effectively manage cyber risks that could potentially impact Ginnie Mae's program.
Importance of Prompt and Clear Communication
President of Ginnie Mae, Alanna McCargo, emphasized the importance of prompt and clear communication in managing cybersecurity events. She stated, "This new requirement is an important step in further enhancing our cybersecurity framework to meet current and future needs."
The significance of cybersecurity in the housing finance sector was highlighted at the Mortgage Bankers Association (MBA) servicing solutions conference earlier this year. Sam Valverde, Principal Executive Vice President at Ginnie Mae, acknowledged the increasing number of successful cybersecurity attacks within the industry. He emphasized the need for collaboration among homeowners, investors, insurance companies, and Ginnie Mae as a bridge between these parties.
Valverde emphasized that working together effectively has become a new priority for Ginnie Mae. The company recognizes that these cybersecurity issues not only impact their own operations but also have far-reaching consequences for homeowners, investors, and insurance companies involved in the mortgage-backed securities market.
Strengthening Cybersecurity Framework
By implementing these new cybersecurity incident reporting requirements, Ginnie Mae aims to strengthen its cybersecurity framework and ensure the protection of confidential personal information. The timely reporting of incidents will enable the company to take appropriate measures to contain and address any potential threats. As the housing finance industry continues to face cybersecurity challenges, Ginnie Mae remains committed to safeguarding its program and collaborating with stakeholders to mitigate risks.
