As you may know, LoanLogics (the company I work for) is a vendor to the mortgage industry. We provide technology, technology platforms, and reporting, to lenders for quality and risk management, MERS reviews, correspondent lending, portfolio monitoring and much more. You can view all our services at our website.
As a service provider we are required by our clients, under CFPB rules and the Gramm Leach Bliley Act, to provide adequate evidence of our physical, networks and information security.
The reason is mainly to ensure that we protect all consumer personal, identifiable information that is transmitted, viewed, stored and/or communicated to us in any way; digital, electronic or paper. This is in addition to evidence of adequate insurance coverage, including cyber security, and our financial condition.
However, it’s odd that when I go out to vet those who may provide services to LoanLogics involving the transfer, transmission, or storage of consumer PII, some either do not have the required information or they just plain ignore my requests. As a result, we are not able to use their services.
It’s important that a lender fully vet all service providers that may have access to any consumer PII, not just their technology and credit providers. This includes companies that handle:
- Verifications
- Document imaging, storage or destruction;
- Closings
At least annually, a review needs to be done of all service providers that may, in any way, shape or form, come in contact with any consumer PII or private company information to ensure the appropriate safeguards are in place for administrative, technical and physical security. The review should ensure:
- The adequate security and confidentiality of consumer records and information;
- Protection against any anticipated threats or hazards to the security or integrity of consumer records;
- No unauthorized access to or use of consumer records or information which could result in substantial harm or inconvenience to any consumer.
- That the company is protected from unauthorized use and distribution of company information or property
It’s a lender’s responsibility to protect the valuable consumer information with which it is entrusted. Failure to do so puts the consumer and the company at substantial risk.
One small breach could be catastrophic; not only financially but to a company’s reputation as well.
Don’t let it happen. Know the companies with which you do business and make sure they are just as careful as you are about protecting confidential information.
One more thing, do you have the necessary security in place?