Oct 4, 2023 2023-18

MFA Security Policy Reminder

MFA would like to remind participating lenders that they must follow MFA’s Security Policy when using our programs. We continue to address concerns regarding “Personal and Identifiable Information” (PII). The most common is the submittal of borrower PII though unsecure channels such as unencrypted email. MFA takes the security of borrower information seriously. MFA follows the National Institute of Standards and Technology definition:

National Institute of Standards and Technology (NIST) SP 800-122 defines PII as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contact of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.

Beginning January 1, 2024, MFA staff must report cybersecurity incidents to the organization’s Security Officer, including the receipt of PII in an unsecure manner. PII violations will require a written response from our partners Corporate Compliance Officer and / or Chief Information Officer. Repeat offenses may result in loss of access to MFA systems and/ or up to termination as a participating lender.

Please slow down, take a moment to review your email for borrower PII before hitting send. MFA prohibits staff from using any information sent in an unencrypted format. When in doubt, encrypt.

Current options to send sensitive borrower information to MFA include:

  1. Upload borrower specific information directly to VirPack when available.
  2. In cases where a reservation does not exist and uploading to VirPack is impossible:     
    1. Contact a member of the Homeownership Department and inform them that you are sending an encrypted email with borrower information.
    2. If you are unable to generate an encrypted email, contact a member of the Homeownership Department. We will set up an encrypted email for you to transfer sensitive information safely and securely to us.

Should you have questions, please contact a member of the Homeownership Department at 505.843.6880.

Thank you for participating in MFA programs.