Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Top Stories

Reducing Compliance Risk in the Age of Cloud Computing

Trulioo and Acuant Join Forces to Provide Comprehensive Global Identity Solution for Fraud Prevention and AML/KYC Compliance

By Mike Mason, Senior Product Marketing Manager, FairWarning 

MarketsandMarkets forecasts that the cloud market for the financial services industry will grow at a CAGR of 24.4 percent to $29.47 billion by 2021. As financial services industry spending shifts towards cloud technology, so does an influx of sensitive data. This kind of data must be secured, especially in an industry as heavily regulated as finance.

And the regulations just keep on coming. The New York State Department of Financial Services cybersecurity regulation for instance, requires banks, insurance companies and other financial services institutions in the state to hire a CISO who will put the proper risk assessments and processes in place, report not just successful data breaches but any attempted data breach and require their third-party providers to strengthen their security measures as well.

As the finance industry falls under these growing regulations, it becomes harder for

compliance professionals to manage and report because they are typically working with a wide array of legacy software services that are complicated, opaque and not optimized to configure for privacy and compliance.

The Effects of Cloud Migration

Cloud technologies now include features such as encryption, tokenization, strong authentication, and the ability for applications to produce audit logs. This allows highly regulated industries to entrust the cloud with their data and continue to reap the rewards of moving to the cloud. Not only do cloud-based technologies contribute to cloud security, but they also help organizations to meet basic regulatory requirement standards and to build upon their security and compliance programs.

 Compliance Requirements Abounding

Across the country and across the globe, regulations are springing up to ensure the safety and privacy of citizens’ data. In addition to the existing regulations of FINRA, PCI, FFIEC, the above-mentioned NY State Cybersecurity Rule and the UK’s FCA, organizations continue to face a mounting list of compliance regulations.

Perhaps the most significant of these is the European Union’s General Data Protection Regulation (GDPR), set to go into effect on May 25th, 2018. It affects the way organizations collect, store and use EU citizen data. Under GDPR, fines can equal four percent of annual turnover or 20 million Euros.

Individual U.S. states are increasing their control over financial services as well. The state of Delaware passed a new law, House Substitute 1 for House Bill 180,  that requires businesses to alert Delaware state residents affected by a data breach within 60 days of the occurrence, and to notify the state attorney general if more than 500 residents are affected. Meanwhile in Maryland, the Maryland Personal Information Protection Act was amended to expand the definition of personal information and provide a 45-day time frame for notice of a breach.

Key Questions When Choosing Cloud Applications

In light of all these compliance mandates, it’s important when choosing a cloud application to select an application that will aid in cloud compliance and improve your security posture, not create more risk. If not properly vetted, adding additional cloud applications into your network can create security and compliance vulnerabilities. If the applications don’t integrate, then you will possibly need to achieve compliance for each application separately.

This is why it is necessary to ask about integration when looking at cloud applications. Other compliance factors to consider include:

  • Who has access to my data?
  • Where does my data reside?
  • Are my cloud applications secure? Do third-parties access my cloud environment?
  • How long am I required to store my data?
  • Is my data organized to aid in e-discovery?

Three Keys to Effective Cloud Compliance

Because there are so many regulations to keep track of and comply with, financial services organizations often have a hard time integrating their compliance programs with their security goals. But with a few considerations, you can better align your security and compliance goals.

  • Understand which requirements affect your organization. These requirements can be mandated by specific regulations, which can be based on your jurisdiction or the activities that you employ to conduct business.
  • Run ongoing compliance risk assessments. These regular risk assessments contribute to the foundation of a strong compliance program. Regulatory risks change, which calls for the risk assessment process to be updated and revised regularly.
  • Streamline Compliance and Security. Go beyond meeting baseline regulatory standards. During your compliance journey, address gaps in security to go above and beyond just meeting a compliance checkbox.
  • Overlap compliance requirements. If you are trying to meet multiple compliance standards, try to achieve overlapping requirements to reduce workload and complexity.
  • Monitor and audit your compliance program. Be proactive in understanding your gaps and how to continue improving your compliance posture; don’t wait until you are in the midst of a crisis to conduct your own audit.

Of course, you want to avoid the sometimes-hefty fines associated with non-compliance, but a focus on compliance also continues to help your organization increase customer trust and loyalty to your brand.

Keeping Compliant

As the financial services industry increases its adoption of cloud computing, it faces the dilemma of juggling multiple regulatory requirements concerning data handling, privacy and safety. GDPR is a sign of more compliance rules to come, yet many financial services industry organizations already struggle to uphold and verify compliance due to their legacy systems. Cloud technology providers understand this struggle and are upgrading their offering for greater compliance and security. They will prove to be strong partners in compliance going forward as new laws and regulations arise.

 About the author:

Mike Mason is the senior product marketing manager at FairWarning. Mike has oversight and financial responsibility over nearly every aspect of FairWarning’s marketplace communications and education efforts. Mike’s efforts are directed at telling the company’s story and its customer stories from an authentic point of view. Mr. Mason was previously a product manager for Rakuten MediaForge.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now