As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was effective immediately. Apparently in response to industry criticism, in Mortgagee Letter 2024-23 FHA announced revised requirements.
Acting Comptroller of the Currency Michael J. Hsu today issued the following statement in support of the Financial Stability Oversight Council’s (FSOC) Annual Report:
The Consumer Financial Protection Bureau (CFPB) today published an order establishing supervisory authority over Google Payment Corp. The CFPB is responsible for supervising a wide range of financial firms to ensure they are complying with federal consumer financial protection laws. The CFPB has supervised nonbank entities in certain industries like mortgage and payday lending, service providers to banks and credit unions, and larger players in particular markets as defined by rule.
Relying solely on a contract as a means of oversight is like assuming that having speed limit signs eliminates the need for traffic enforcement. A contract might outline the expectations and responsibilities, but it’s not enough to ensure compliance or effectiveness. In the realm of audits—whether you’re assessing internal operations, third-party vendors, or even a fourth party hired by a third party—simply pointing to contractual clauses is not an adequate substitute for robust tests and controls.
Businesses in the US will be subject to a lot more scrutiny from consumers and regulators in 2025. With eight new data privacy laws going into effect over the course of the year, attorneys general will be eager to show they’re not all talk, privacy advocacy groups will be encouraging residents to exercise their rights, and consumers will (slowly but surely) begin supporting the businesses that respect their privacy—and avoiding the ones that don’t.
.jpg)
.jpg)