Access Business Technologies - Provides Compliant Software for New York State Department of Financial Services New Strict Cybersecurity Regulations for Mortgage Companies

Share Article

Access Business Technologies - provides software that will help mortgage companies stay compliant once 23 NYCRR Part 500 is instated, March 2018

New York State Department of Financial Services Requires New Strict Cybersecurity for Mortgage Companies

Access Business Technologies has been offering multi-factor authentication (MFA) and cybersecurity services to the mortgage industry for over eighteen years.

The New York State Department of Financial Services (DFS) has been closely monitoring the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors. Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data. Cybercriminals can cause significant financial losses for DFS regulated entities as well as for New York Consumers whose private information may be revealed and/or stolen for illicit purposes. The financial services industry is a significant target of cybersecurity threats. The new requirements are forcing companies in the financial industry to look at improving current cybersecurity strategies.

The biggest change to the already strict regulations is the new requirement of multi-factor authentication; which can be viewed in depth under item 500.12. Access Business Technologies (ABT) has been offering multi-factor authentication (MFA) and cybersecurity services to the mortgage industry for over eighteen years. MFA is designed to promote the protection of customer information as well as the information technology systems of regulated entities. Under the new regulations each company will be required to assess its specific risk profile and design a program that addresses its risks in a robust fashion. ABT offers the compliant technology that financial businesses will need; effective March 1,2018.

Below are the some highlighted items from the new requirements:

500.04 (b) CISO Begins Reporting to Board of Directors. The Chief Information Security Officer is required to report, in writing, to the Board of Directors, or equivalent governing body, at least once a year. This report includes the status and effectiveness of the Cybersecurity Program as well as any material Cybersecurity Risks.

500.05 Begin Annual Penetration Testing and Vulnerability Assessments. In accordance with your Cybersecurity Risk Assessment, institutions must perform continuous monitoring, annual penetration tests and bi-annual vulnerability assessments to assess the effectiveness of your Cybersecurity Program.

500.09 Commencement of Period Risk Assessments. Periodic Risk assessments should be conducted to continually address changes to your Information Systems, business operations and nonpublic information. This activity should be carried out in accordance with your written Risk Assessment policies and procedures.

500.12 Implement Multi-Factor Authentication. Each institution is required to use effective Cybersecurity Controls, which may include Multi-Factor Authentication or Risk-based Authentication. This helps protect against unauthorized access to Nonpublic Information and Information Systems. This is required for any individual accessing the Institution's internal network from an external network.

500.14(b) Provide Regular Cybersecurity Awareness and Training for all Personnel. Provide regular Cybersecurity Awareness Training for all personnel that is updated to reflect risks identified by the Risk Assessment.

Key Dates Under New York's Cybersecurity Regulation

March 1, 2017 - 23 NYCRR Part 500 becomes effective.
August 28, 2017 - 180 day transitional period ends. Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.
February 15, 2018 - Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date.
March 1, 2018 - One year transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.
September 3, 2018 - Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.
March 1, 2019 - Two year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.

It is critical for all regulated institutions that have not yet done so to move urgently to adopt a cybersecurity program. The number of cyber events has been steadily increasing and estimates of potential risk to our financial services industry are stark.

ABOUT ACCESS BUSINESS TECHNOLOGIES:
Access Business Technologies (ABT), headquartered in Northern California, was founded in 1999 as a leading provider of hosted, on-demand software for mortgage loan origination, servicing and pipeline management. We provide access to business technologies that empower mortgage professionals to safely perform at the top of their game. ABT proactively supports, defends, and manages game-changing technologies and processes that help mortgage professionals excel.

We are a certified SSAE 16 Type II cloud solution provider to over 500 mortgage financial institutions. We are partnered with nearly a dozen leading mortgage software vendors. These partnerships enable us to provide your workforce with the tools to safely produce more loans, anywhere and anytime. For more information, contact: info(at)myabt(dot)com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Luke Shawver
@Mortgage_Cloud
Follow >
Access Business Technologies
since: 04/2011
Like >
Access Business Technologies

Follow us on
Visit website