MPF Announcement 2022-61

MPF Program Reminder

Effective Date: Immediately

As a reminder, PFIs and Servicers must meet the guidelines set forth in the MPF Program Guide, applicable MPF Product Guides, and any Applicable Agreements, including the requirement to report security incidents and data breaches.

Security Incident/Data Breach:   

A PFI/Servicer must immediately notify the applicable MPF Bank and MPF Provider upon becoming aware of any security incident/data breach affecting any MPF Program or Mortgage Loans, whether they or one of their service providers were the subject of the incident, and must:

• Ensure compliance with all state, federal and other regulatory entities’ requirements regarding privacy and data laws and cooperate with the MPF Bank and MPF Provider in any investigation the MPF Bank or the MPF Provider deems necessary, and
• Take immediate steps, in consultation with the MPF Bank and the MPF Provider, to mitigate the damages caused by such Security Incident and promptly use all commercially reasonable efforts to prevent further Security Incident/Data Breaches.

PFIs must report a security incident/data breach to the MPF Provider by sending an email to MPF-Help@fhlbc.com.

For additional information see MPF Program Guide Section - 6.1.1. Loss of Confidential Information/Security Incident/Data Breach.