Compliance Solutions For Financial Institutions

Introduction

The financial world is heavily regulated today.  Gone are the days when a client could simply sign off on a 1 or 2-page document when opening a new account.  Now, because of the wide plethora of compliance laws for financial institutions, especially those of the recent passages of the GDPR and the CCPA, that document has now grown to become easily over 20 pages in length.  

Also, the Cybersecurity landscape is putting far greater pressure on the financial institutions to become compliant with every piece of legislation that is passed.

Dealing with financial-based compliance is a large and complex topic, and in this article, we will review some of the legislations out there that you need to be aware of.  

The Top Financial Compliance Laws

Here is an overview of the major ones:

1. The Payment Card Industry Data Security Standard:

This is also known as the PCI-DSS for short.  This legislation primarily deals with the safety and security surrounding not only the usage of credit cards by customers, but also the data that is collected, processed, and stored.  The compliance requirements are quite detailed, and more information about it can be seen here.  Each and every financial institution that allows for credit card transactions are bound by this law.  This was created and enacted back in 2006 by a consortium of the major credit carriers which include the following:

• Mastercard
• Visa
• Discover
• American Express
• Japan Credit Bureau (JCB)

1. The Sarbanes Oxley Act:

This is also referred to primarily as “SOX,” though some regulators also call it “SAR-BOX.”  This is a key piece of legislation that regulates how the financial records of publicly traded companies are to be stored and archived, as well as how specific kinds and types of financial transactions are to be logged and recorded, as well as monitored on a real-time basis.  It was passed and enacted in 2002.  More detailed information about this can be seen here.

2. The Gramm-Leach-Bliley Act:

In financial circles, this is also commonly known as the “GLBA.”  This relates to how the Personal Identifiable Information (PII) datasets are to be stored, processed, and protected.  This applies to both private and public financial institutions, which is based upon the “Safeguards Rule” in this act.  A very important aspect of the GLBA is that it mandates a transparent process as to how the PII datasets are to be shared with other entities, and the customer must be notified when such information sharing actually takes place.  Also, they must be given the right to opt out if they do not want their confidential data to be shared with other third-party entities.  Much more detailed information on the GLBA can be found here.

3. The 23 NYCRR 500 Cybersecurity:

This is a regulatory act that was passed by the New York State Department of Financial Services, also known as the “NYDFS.”  It deals specifically with financial institutions located in New York.  Although it also deals with the protection of the PII datasets, it has been more angled to cover the issue of data privacy, especially when it comes the provisions of the GDPR and the CCPA.  There are 23 specific tenets in this law that addresses how New York based entities must implement Cybersecurity compliance, with a very strong emphasis on risk reduction to mitigate the chances of a data leakage, whether it is intentional or not.  Further information on the NYDFS can be seen here. 

4. The European Union Data Protection Directive:

This is commonly referred to as the “EUDPD,” and in some ways, can be considered as the predecessor to the GDPR.  However, it does not have the “teeth” like the GDPR does, as this law only deals with financial entities that are based in the European Union.  But it is important to keep in mind that if you are a US based entity and have offices in the EU, you will also be bound by this regulation.  

Conclusions

So as one can see, trying to keep track of all these regulations and financial compliance laws can truly be a nightmare, especially when it comes to the compliance aspect.  It is always best that you consult with a Cybersecurity company that specializes in this area to further assist you. For more information, you can schedule a call with our experts here.

Future articles will take a look at some of the pitfalls financial companies fall into when trying to come into compliance, as well as ways that can help you to achieve it.

Sources

1. https://www.pcisecuritystandards.org/pci_security/
2. https://www.soxlaw.com/
3. https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/8/viii-1-1.pdf
4. https://www.dfs.ny.gov/industry_guidance/cyber_faqs