WASHINGTON – The Consumer Financial Protection Bureau (Bureau) is now requesting public comment on an assessment it will conduct on the TRID Integrated Disclosure Rule (the Truth in Lending Act and Real Estate Settlement Procedures Act).
As part of its assessment, the Bureau said it intends to address the TRID Rule’s effectiveness in meeting the purposes and objectives of Title X of the Dodd-Frank Act, the specific goals of the rule, and other relevant factors.
“The public is invited to comment on the feasibility and effectiveness of the assessment plan, recommendations to improve the assessment plan, and recommendations for modifying, expanding, or eliminating the TRID Rule, among other questions,” the CFPB said. “The TRID Rule implemented the Dodd-Frank Act’s directive to combine certain mortgage disclosures that consumers receive under TILA and RESPA and requires that all creditors use standardized forms for most transactions. Creditors are also required to provide loan estimates and closing disclosures within three business days.”
To view the notice and comment, go here.
CFPB Performs Well on Audit
Separately, the CFPB performed well on its fiscal year 2019 Federal Information Security Management Act (FISMA) audit, reaching a Level 4 and meeting the threshold for effectiveness, according to a report released by the CFPB’s Inspector General.
The audit found that while most of the agency’s results matched its FY18 audit, CFPB improved its capabilities in the Identify domain, pushing the maturity level up to Level 4. The improvements came in CFPB’s risk management program, where the Bureau developed a plan for insider threat, used automation to track the life cycle of hardware, and conducted an agency-wide risk assessment, MeriTalk reported.
“Since our review last year, the Bureau of Consumer Financial Protection has matured its information security program,” the Inspector General stated.
However, the audit highlights some area where the Bureau still needs to improve. The audit makes seven recommendations to the agency, including an increased focus on high-value assets, ensuring that security incident data is accurate, and completing security assessment and authorization processes for cloud systems prior to deployment.
The CFPB concurred with all recommendations, MeriTalk reported.