Financial institutions and their customers are often targeted by cyber attackers because of the large amounts of money that they move around. Added risks from emerging technologies, market globalization, the convergence of financial services, and industry consolidation make security even more complicated. As a result, government and industry compliance requirements in place to protect everyone have to change often as well. Financial products, services, and operations are constantly being assessed and revised to keep pace with market demands, and these institutions need to have solid compliance systems as part of their overall risk management strategies.
What is a Compliance Management System?
The FDIC (Federal Deposit Insurance Corporation) requires all their supervised financial institutions to have compliance management systems, and the responsibility for this rests with its management and board of directors. They handle the oversight of the program and its audits. There is a learning curve when it first gets set up, and the employees involved should understand what their responsibilities are.
Financial institutions hire compliance officers who are familiar with all of the applicable regulations and consumer protection laws. These professionals should also understand how the institutions operate and have to interact with the different departments and branches.
When there are new products, services, operations, or regulations, compliance officers step up and act. Companies that don’t have their own compliance officers often use IT management providers that provide this vital service.
Relevant Financial Regulations That You Should Know About
Financial institutions that process cardholder data must have firewalls that adhere to PCI DSS (Payment Card Industry Data Security Standard) guidelines. This includes denying unauthorized traffic, restricting system access, and changing the default password. PCI DSS also specifies that personally identifiable information on cards have to be protected by encryption. There also needs to be an intrusion detection system that complies with PCI DSS requirement 11.4.
The GLBA (Gramm-Leach-Bliley Act) requires that all security event information be logged and reviewed, and the FFIEC (Federal Financial Institutions Examination Council) has guidelines for identifying log sources and evaluating them for potential threats, incident response and reporting.
There’s also SOX (the Sarbanes-Oxley Act) – this outlines requirements for managing and storing corporate-facing financial records. The 23 NYCRR 500 is supervised by the New York Department of Financial Services (NYDFS), and protects information systems from cyber attackers. There are other regulations like the General Data Protection Regulation (GDPR) and ones from OFAC (Office of Foreign Assets Control); these are many others that apply as well.
Is My Bank Compliant With the Laws?
If you have questions about your financial institution’s compliance management program, the best course of action is to do an audit. Banks and similar organizations who want to reduce their own risks and protect their customers would be foolish not to do this and should also have fraud risk management teams.
It could be challenging to find out which regulations a particular financial institution should follow, and an experienced IT management team like TAG Solutions may be the best source for this kind of information.
There are also ways for customers to protect their information from cyber threats. The first piece of advice is to choose strong, unique passwords that don’t contain personal information like their own name or date of birth.
Passwords should be on the longer side and avoid common number combinations like “123” or “xyz.” It’s smart to update passwords regularly, and to enable two-factor authentication. Customers can also sign up for blanking alerts that show new transactions and failed login attempts; they should also avoid public Wi-Fi spots, and keep an eye out for phishing scams.
Still have questions? Contact TAG Solutions today! We are an Albany-area managed services provider with decades of experience. We can help you stay in compliance and ensure you are only working with compliant vendors.