We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Powered by Cookieyes logo
https://groundlabs-dev.centreblue.com/wp-content/uploads/2020/10/Growing-Pains-Blog.png

Blog Post

The Growing Pains of Global Compliance Standards for Financial Institutions

BY Stephen Cavey | 22 October 2020

It’s no surprise that financial organizations are among the world’s most heavily regulated areas of business. The industry as a whole, whether a traditional bank or a modern fintech startup, are lucrative entities for cyber criminals who are after the sensitive information stored within these organizations.

In fact, the U.S. Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller (OCC) on January 16, 2020 issued a joint bulletin alerting the financial services (FS) sector of the heightened threats amid rising geopolitical tensions and advising them to mitigate risks to systems, networks, data, and critical business functions.

These warnings of rising threats are why financial organizations are subject to an ever-growing set of regulations and face immense pressure to comply with each requirement to ensure the protection of customer data. But before compliance can be achieved, financial entities must understand these legal and regulatory requirements — let’s explore.

Six global financial data security regulations to know

Whether you’re based in Singapore, London or New York, there are many regional and national compliance standards financial organizations are required to meet. A few of the most prominent ones include: 

  • 23 NYCRR 500 Cybersecurity: The 23 NYCRR 500 cybersecurity regulation is part of the regulatory body, New York State Department of Financial Services (NYDFS). It was enacted to protect consumer data privacy used in financial services. This law includes 23 sections about the requirements for the implementation of an effective cybersecurity program. With this regulation, financial institutions must evaluate their risks in terms of cybersecurity to prevent data breaches. The regulation requires that organizations covered can demonstrate they have taken “reasonable care” to prevent data breaches.
  • Payment Card Industry Data Security Standard (PCI DSS): To ensure credit card payment security, the Payment Card Industry Security Standards Council (PCI SSC) has defined a detailed set of compliance requirements to safeguard credit card transactions  known as the Payment Card Industry Data Security Standard (PCI DSS). The regulation covers any company that has a financial transaction. The regulation was originally developed in 2006 by a consortium the major payment brands being Mastercard, Visa, Discover, American Express and JCB.
  • Gramm-Leach-Bliley Act (GLBA): GLBA regulates the collection, safekeeping, and use of private financial information. For example, according to the Safeguards Rule, if an entity meets the definition of a financial institution, it must adopt measures to protect the customer data in its possession. Additionally, the Act requires covered entities to be transparent with respect to information-sharing practices, which includes granting customers the right to opt-out of the sharing of their data with third parties.
  • Sarbanes-Oxley Act (SOX): The SOX law was implemented in 2002. SOX establishes requirements for the secure storage and management of corporate-facing electronic financial records, including the monitoring, logging, and auditing of certain activities. 
  • European Union Data Protection Directive (EUDPD): EU Data Protection Directive (also known as Directive 95/46/EC) is a regulation adopted by the European Union to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using or exchanging such data.
  • Japan’s Personal Information Protection Act: The Japanese PIPA Act is overseen by the Personal Information Protection Commission (PIPC) which is a Japanese supervisory authority. The act took effect on 30 May 2017. PIPA applies to the use of personal information for business but has no express provision around jurisdiction. It does set out a comprehensive classification of personal data including the idea of “Personal Identifier Codes”.

Staying proactive on the path to financial compliance

Many, if not all, of these regulations apply to financial institutions. The best thing your organization can do is hire a Chief Compliance Officer (CCO) who is willing to take a proactive, progressive approach to data management and cybersecurity. The core pillars of any good compliance and security program should include: 

  • Encrypting sensitive data
  • Logging and data collection 
  • Having policies and procedures in place for data management and security

Additionally, financial organizations should conduct a data discovery audit by scanning across their entire network — which ensures they know exactly where all sensitive, financial data is stored. Ground Labs is the global leader in data discovery and can help your organization get started on its journey to compliance today. 

Today’s complex world of compliance and security can be overwhelming, so finding a partner who can help you strategically navigate these challenges will ensure success. If you’re reading this and have additional questions about how your financial institution can achieve compliance or are curious to learn more about Ground Labs flagship solution, Enterprise Recon, schedule a demo with a data discovery expert today.

Want to keep up with all our blog posts? Subscribe to our newsletter!

Subscribe