Regulatory Updates for August 2022: CFPB on Data Security, CRE Loan Accommodations, Future of FFIEC’s CAT, & More.

Stephanie Lyon

2 min read

Aug 1, 2022

Dive into this month's regulatory update as we explore CFPB's stance on data security, FHFA requirements to maintain fair lending data, stances on CRE loan accommodations, consideration of the future of FFIEC’s CAT, and cybersecurity assessments for nonbanks. Stay informed and ahead of the curve!

CFPB: Data security is a UDAAP issue

The CFPB released a bulletin stating that security deficiencies can be considered deceptive practices under the UDAAP framework. Data breaches can cause substantial harm to consumers, are not easily avoidable, and have no countervailing benefits. The guidance emphasizes multi-factor authentication, strong passwords, and timely patching of vulnerabilities.

FHFA to require servicers to maintain fair lending data

FHFA announced that Fannie Mae and Freddie Mac will require mortgage servicers to collect and maintain fair lending data, including borrower demographics. The requirement starts from March 1, 2023, but servicers are encouraged to implement it earlier. HUD also announced that FHA lenders must obtain a Unique Entity Identifier (UEI) by December 31, 2022, for tracking non-federal entities doing business with the government. Compliance and preparation are essential for institutions, including training and incorporating the UEI in applications.

Agencies address CRE loan accommodations

The OCC, FDIC, and NCUA proposed an updated policy statement on prudent commercial real estate loan accommodations and workouts. It emphasizes working constructively with borrowers, provides examples, and aims to promote supervisory consistency while ensuring credit availability to sound borrowers. Institutions can provide feedback by October 3.

Agencies consider future of FFIEC’s CAT

Regulators are seeking industry feedback on the FFIEC's Cybersecurity Assessment Tool (CAT). It's rumored that the OCC may develop its own tool, but no official version has been released. Use of the CAT is voluntary, but baseline cybersecurity preparedness is crucial. The Federal Reserve issued guidelines for reviewing access to Federal Reserve master accounts and payment services, aiming to make the application process more transparent.

Cybersecurity assessments for nonbanks

The California Attorney General's first public enforcement action under CCPA was against Sephora for allegedly failing to comply with disclosure and opt-out requirements related to third-party tracking. The settlement highlights that analytics cookies are considered a sale, GPC compliance is mandatory, and CCPA enforcement is active. Businesses subject to CCPA should review their use of cookies, update privacy notices, ensure third-party agreements comply, implement opt-out mechanisms, and prepare for upcoming CPRA changes.

Subscribe to the Nsight Blog

All Topics Risk & Compliance Product Insight Banks Lending Compliance Credit Unions Risk Management Fair Lending Nfairlending Cluster: Risk Management Compliance Lending Compliance Management Integrated Risk Blog Nrisk Regulatory Compliance Management News & Updates HMDA Risk Mortgage Lenders Ncomply Vendor Management Business Resiliency CRA Lending Compliance Blog Vendor CFPB Ncontinuity Third-Party Vendor Management Business Continuity Cybersecurity Fintech NVendor Strategic Planning Ncyber Ntransmittal Audits & Findings Company Culture OCC Regulatory Updates Audit Nverify Regulatory Compliance Exams FDIC Compliance Management Findings Nfindings NCUA Contract Management Employee Intranet Contract FRB Business Continuity Management FFIEC Findings Management Ncontracts manager Third-Party Vendors Vendor Risk Enterprise Risk Management ABA Bank Access Control Audit Findings Board Portal Call Report Due Diligence Efficiency Employee Engagement Exam findings FIEC Inc. 5000 Internal Audit Management Nboardportal Verify Wealth Management

Solutions

Risk Solutions

Vendor Solutions

Compliance Solutions

Lending Compliance

Risk Performance Management

Software Solutions

Risk Management Software

Vendor Management Software

Compliance Management Software

Continuity Management Software

Fair Lending Compliance Software

Findings Management Software

Audit Management Software

Cybersecurity Assessment Software

1071 Compliance Software

Employee Network/Intranet Software

Accredited Certification Program

Banks

Credit Unions

Mortgage Lenders

Fintech

Wealth Management

Nsight Blog

Webinars

Ncast Podcast

Regulatory Pulse

Events

Nsider Community

Dig into our Nstitute Certified Vendor Management Professional Training!

Featured Resources

Webinar: What Does Resilience Look Like?

Regulatory Pulse March 2024

Webinar: The Future of Risk Management

9 Fair Lending Compliance Training Essentials

Podcast: Succeeding All Together, Banking and Company Intranets

Book: The Upside of Risk

Resource Hub

About Us

News

Leadership

Partnerships

Join the Team

Ncontracts Highlights

Ncontracts Launches Nstitute & the Certified Vendor Management Professional (NCVMP) Certification

Ncontracts named Top Workplace for Third Consecutive Year in 2023

Ncontracts and CBANC Release New Report

Event: Ngage 2023 Nashville

Regulatory Updates for August 2022: CFPB on Data Security, CRE Loan Accommodations, Future of FFIEC’s CAT, & More.

CFPB: Data security is a UDAAP issue

FHFA to require servicers to maintain fair lending data

Agencies address CRE loan accommodations

Agencies consider future of FFIEC’s CAT

Cybersecurity assessments for nonbanks

Subscribe to the Nsight Blog

Share this

You May Also Like

2010 Census Impacts CRA and Fair Lending Approach

2011 HMDA Data Ready for Release - Are You Ready to Act in 3 Days?

Examiners Will Be Focusing on Your Institution’s Riskiest Areas. Do You Know What They Are?