Washington, D.C.— The North Dakota Department of Financial Institutions and 52 state financial regulatory agencies have taken coordinated action against mortgage company Bayview Asset Management LLC, and three of its affiliates, Lakeview Loan Servicing, Community Loan Servicing, and Pingora Holdings (collectively the Bayview Companies), for deficient cybersecurity practices and for not fully cooperating with state regulators following a data breach that impacted 5.8 million customers.
The fine and corrective plan underscore the importance of meeting state requirements to protect consumer data and complying with state supervisory demands.
State regulators in California, Maryland, North Carolina, and Washington State led the multistate effort, which found that Bayview Companies’ information technology and cybersecurity practices did not meet federal or state requirements. Furthermore, the Bayview Companies delayed the supervisory process by failing to comply with state requests in a timely and complete manner in the early stages of the examination.
In addition to the monetary penalty, the Bayview Companies have agreed to take specified corrective actions, improve cybersecurity programs, undergo independent assessments, and provide three years of additional reporting to the states.
State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers, and debt collectors.
North Dakota residents who have questions about the enforcement action should the Department at (701) 328-9933. Residents can also visit NMLS Consumer Access to verify that a company is licensed to do business in North Dakota, and they may also view past enforcement actions.