noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Charles River Laboratories[...]

The Importance of Microbial Identification
INGAA - Interstate Natural Gas[...]

INGAA Members drive vendor accountability in critical infrastructure[...]
City of Nashville, TN

Nashville receives first of its kind federal grant to remove obstacles[...]

Technology

Bank Policy Institute

08/21/2024 | Press release | Distributed by Public on 08/22/2024 13:35

BPI, ABA and HPC Ask Ginnie Mae to Harmonize Cyber Reporting Requirements

Dear Mr. Valverde,

The American Bankers Association,^[1] Bank Policy Institute,^[2] and the Housing Policy Council^[3] (collectively, the Associations) write to provide feedback on Ginnie Mae's All Participant Memorandums (APM) 24-02 and 24-10. The APMs, effective immediately, contain wide-ranging thresholds for cyber incident reporting that will present considerable compliance challenges for issuers and document custodians. Therefore, the Associations request that Ginnie Mae revise the current APMs to better align with existing cyber regulatory reporting requirements. Harmonizing the APMs in this way will still provide Ginnie Mae with timely notification of cyber incidents to mitigate risks, and will simplify the reporting process for an impacted entity. Today, companies dedicate significant resources and time complying with numerous reporting requirements with divergent timeframes.

As currently drafted, the APMs have an impractical "significant cybersecurity incident" definition with exceptionally low thresholds for reporting. The definition covers events that "potentially jeopardize" information or information systems or pose an "imminent threat of violation" to security policies, both standards that would likely encompass large numbers of incidents experienced by issuers and document custodians that are immaterial in their impact^[4]

The breadth of current requirements in the APMs is also inconsistent with several ongoing government cyber regulatory harmonization efforts. This includes the Cyber Incident Reporting Council's ("CIRC") work to coordinate, deconflict, and harmonize Federal incident reporting requirements.^[5] Moreover, the requirements are at odds with the National Cybersecurity Strategy's objective "to harmonize not only regulations and rules, but also assessments and audits of regulated entities" to "minimize the burden of unique requirements."^[6] More recently, Congress has also recognized the need to harmonize cyber regulatory requirements by introducing the Streamlining Federal Cybersecurity Regulations Act.^[7]

To read the full comment letter, please cli c k here, or click on the download button below.

BPI, ABA and HPC Ask Ginnie Mae to Harmonize Cyber Reporting Requirements Download

[1] The ABA is the voice of the nation's $23.4 trillion banking industry, which is composed of small, regional, and large banks that together employ approximately 2.1 million people, safeguard $18.6 trillion in deposits, and extend $12.3 trillion in loans.

[2] The Bank Policy Institute is a nonpartisan public policy, research and advocacy group that represents universal banks, regional banks, and the major foreign banks doing business in the United States. The Institute produces academic research and analysis on regulatory and monetary policy topics, analyzes and comments on proposed regulations, and represents the financial services industry with respect to cybersecurity, fraud, and other information security issues Business, Innovation, Technology and Security ("BITS"), BPI's technology policy division, provides an executive-level forum to discuss and promote current and emerging technology, foster innovation, reduce fraud, and improve cybersecurity and risk management practices for the financial sector.

[3] The Housing Policy Council is a trade association comprised of the leading national mortgage lenders and servicers; mortgage, hazard, and title insurers; and technology and data companies. HPC's interest is in the safety and soundness of the housing finance system, the equitable and consistent regulatory treatment of all market participants, and the promotion of lending practices that create sustainable homeownership opportunities in support of vibrant communities and long-term wealth building for families.

[4] U.S. Dep't of Housing & Urban Development, Ginnie Mae, APM 24-02, Cybersecurity Incident Notification Requirement (2024); U.S. Dep't of Housing & Urban Development, Ginnie Mae, APM 24-10, Cybersecurity Incident Notification Requirement for Document Custodians (2024).

[5] Dep't of Homeland Sec., Harmonization of Cyber Incident Reporting to the Federal Government 2 (2023), https://www.dhs.gov/sites/default/files/2023- 09/Harmonization%20of%20Cyber%20Incident%20Reporting%20to%20the%20Federal%20Government.pdf.

[6] OFFICE OF THE NAT. CYBER DIR., NATIONAL CYBERSECURITY STRATEGY 9 (2023), https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.

[7] Streamlining Federal Cybersecurity Regulations Act, S. 4630, 118th Cong. (2024).

Download

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format