Despite increasing regulations across the finance sector globally, fraud and associated risks continue to increase—and at a staggering pace. Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”
And, the cost of compliance is on the rise. A recent Financial Post article notes, “…analysts say that much of the hiring in the financial institutions sector has been on the risk management and compliance side. Generally, these folks are not revenue generators and Moody’s predicts rising regulatory costs could impact the profitability prospects of the banks going forward.”
At the same time, the finance sector is experiencing unparalleled innovations across all areas of the business—from the consumer experience to the foundations of IT infrastructures. These innovations are bringing new digital transformation opportunities to streamline the costs of running legacy systems while offering intelligent customer services that drive competitive advantage.
All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe?
The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.
It’s imperative for us as consumers to ensure that we know how our financial and personal data is collected, transmitted, stored and used by finance institutions. Keeping our identity and data safe needs to be a top priority, and we should educate ourselves on the best practices for doing so.
Finance service providers
From a finance sector perspective, the chief information security officer (CISO) bears much responsibility, but Forester’s has a suggestion for CISOs, “Stop trying so hard.” Instead, the CISO should narrow his/her focus to two key areas:
- Give the IT department ownership of baseline security controls. This may require modernization, new services and more to ensure that data flows are identified and monitored by IT at all stages. Solid, vigilant network hygiene is one element; however, strong code development, code verification practices, and certification of offerings also need to be incorporated into baseline activities.
- Empower the business side to meet client needs while also meeting required security standards. This includes investing in security innovations that address the full context of doing business, including compliance with all relevant regulations, laws and industry standards.
To succeed in both areas, a CISO must stay aware of the current threat landscape, have an in-depth knowledge of the organization’s business and IT environment, and exercise reasonable care. The standard for reasonable care may have been raised a bit in the U.S. after a recent Third Circuit Court of Appeal ruling against Wyndham (hacked repeatedly back in 2008 and 2009), which held that the U.S. Federal Trade Commission “can sue organizations that have poor IT security practices, especially companies that have had more than one security breach that compromised customer data.”
Staying aware of the current threat landscape, retaining/gaining the right resource mix, employing the best value-add technology and exercising reasonable care will continue to be a challenge for all finance service providers. “Stop trying so hard” applies here as well; use external providers that are experts in their field and experienced in working within multi-vendor environments. Focus on your core business instead.
A sometimes forgotten yet often significant player is the IT systems integrator. Finance ecosystems, also known as multi-vendor environments, are today’s norm. SaaS, PaaS and other technologies from multiple vendors are all, to various degrees, integrated into financial offerings and systems. Ensuring the security of each data connection is essential to each payment system, trade application, finance institution and merchant.
Real-time payments demand the highest standards of service availability. This can’t be compromised when jumping from the infrastructure of one institution to another. The system integrator’s role is key to ensuring availability and the highest standard of reasonable care. Sharing the burden of care with an integrator is one of the many benefits of tapping into its focused expertise.
Security in the finance sector is one of today’s most pressing challenges. Each player, whether a consumer, provider or integrator, plays a leading role in ensuring that reasonable care is taken at each phase of a financial transaction and the highest level of security is maintained. With a greater focus on security by each player, the finance sector can make significant headway in reducing security threats.