Following an audit, acting Inspector General of the Federal Housing Finance Agency Phyllis Fong is calling for an annual contingency plan review for a widely used housing finance dataset.
The audit found that the regulator, while ensuring that contingency plans and backup facilities were in place, did not regularly review how well the National Mortgage Database and Correspondence Tracking System of the state-sponsored companies would fare in the event of a disaster.
"The FHFA has not reviewed or tested the NMDB contingency plan annually," said the acting inspector general in a December 13 report.
Even though the agency tests the contingency plan for its general support system every year and said that the correspondence tracking system “inherits” that plan, the audit found that the procedure in question “did not include the CTS or its servers”.
The FHFA agreed in a memo from Chief Information Officer Kevin Smith to complete all recommendations in the Inspector General's report.
These recommendations included conducting an assessment to determine whether the Agency's Information and Technology Bureau had the necessary resources to "update, test and execute the requirements of the contingency plan". The FHFA also pledged to conduct an annual review and test of the National Mortgage Database and to amend the general assistance system plan to include the CTS.
The FHFA has agreed to finalize all of these recommendations for action by December 1, 2022.
The IG office also checks other types of information security at the FHFA. A previous audit focused on protocols for sharing performance data between counterparties.