Critical security concerns for the financial services industry

Compliance regulations in the financial services industry 

The financial services industry is heavily regulated with compliance requirements focusing on the management of risk and fraud. The sector must comply with a raft of regulatory measures, including: 

  • PSD2
  • MLD4
  • MiFID
  • PCI-DSS
  • GLBA
  • SOX
  • EBA
  • National/state data protection law

Financial service providers also must comply with the tenets of GDPR, which revolve around personal data protection. Because of the nature of international banking and finance, these regulations must span international jurisdictions. Even regulations which seem to be outside the direct remit of cybersecurity have implications on the security of personal data, authentication and identity/financial fraud and integrity. The whole is a complex web of requirements and cross-requirements. 

Bank Secrecy Act

Applicable to financial institutions operating in the U.S.

The Bank Secrecy Act (BSA) requires financial institutions in the U.S. to help government agencies prevent money laundering. BSA requires all institutions to create anti-money laundering programs (AML programs). AML programs must incorporate a variety of controls, including independent review of the program, ongoing employee education and written policies and procedures. 

Fourth Money Laundering Directive

Applicable to financial institutions operating in the EU & UK

The EU’s Fourth Money Laundering Directive (MLD4) has a number of provisions to reduce the risk of financial transactions. This includes having strict Know Your Customer or Customer Due Diligence (KYC checks) measures in place. 

Payment Card Industry Data Security Standard

Applicable to financial institutions worldwide

The Payment Card Industry Data Security Standard (PCI DSS) sets out a raft of controls around payment card processing, storage and transmission. This includes secure networks, protection of cardholder data and access control measures. It also describes security policies and assessment rules.

Gramm-Leach-Bliley Act

Applicable to financial institutions operating in the U.S.

The Gramm-Leach-Bliley Act (GLBA) focuses (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ObkCeKw5amY/