Data Security and Navigating the FinServ Regulatory Environment
“Data security” can have a fairly broad context—it’s certainly not just a single function.
“As a whole, it means analyzing all the data that you possess, as well as all the data that you transmit, and then having security measures around that,” notes Scott Spatz, Cooperative Systems partner and President. “For a financial institution, that’s obviously paramount, as they handle very sensitive internal and customer data.”
Another aspect of data security—especially regarding banking transactions and any customer-facing aspects of the financial services sector—is having controls in place that ensure that both customers and institutions enjoy equal levels of protection.
All of those needs require a person or function within the organization responsible for identifying all the different types of data that they possess and transmit, and the controls and mechanisms in place to secure that data.
What having the right data security in place ultimately boils down to is trust.
“Clients won’t see this behind-the-scenes bulwark, but it’s necessary for them to have confidence in banking with you and believe that their transactions—and funds—are secure,” Spatz says. “Your existence as a financial institution rests on having that reputation.”
Adding Regulatory Wrinkles
While security matters to any organization, banks, and other financial services firms have the added responsibility of dealing with very stringent regulations. Navigating complex regulatory, legal, and industry compliance standards from an IT standpoint has its own level of challenge.
“Depending on the type of financial institution you are, you’re going to run into different sets of regulations, such as those put in place by the Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA), Financial Industry Regulatory Authority (FINRA), and more,” says Spatz. “Any security steps a financial institution takes need to do more than protect data; they need to adhere to a wide range of different regulations, and those regulations can be very complex.”
Finding a Compliance Partner
Community banks and credit unions typically don’t have the capacity to manage all those variables internally. They’re not large enough staffing-wise and generally don’t possess the expertise to navigate and manage those security and compliance needs on their own. They simply don’t have the resources and manpower that larger financial institutions do.
“For those organizations, it makes sense to find consultants with specific data security and compliance expertise,” notes Spatz. “These are people with the skillsets to manage regulatory compliance programs. Think of all that entails: keeping up with a nearly constant cycle of regulatory and legal changes throughout the year; understanding legislative cycles; and being informed enough to stay ahead of the curve in knowing what’s coming. Partnering with a reputable consulting organization that can effectively provide that service can offer great peace of mind.”
Spatz adds that, while Cooperative Systems makes no claim to specific expertise in regulatory compliance, they do help clients from a working solutions perspective.
“There are plenty of entities out there that do excel in compliance programming and that we partner with specifically to provide a holistic solution to clients in regulated industries,” he says. “Certainly, we have the skills to cover compliance when it concerns IT controls—which is a large portion of it. But we have access to partners who cover operational controls, policies and procedures, updates on written policies, ongoing staff training, and more.”
The “controls” Spatz mentions cover a lot of ground, starting with safeguarding and controlling your physical network and communications infrastructures as a baseline.
“Consider your cloud-based applications and how you hold your cloud service providers accountable for data security and typical cybersecurity measures, from transmission of data to data backups. So, third-party risk management comes into play,” he says. “Think about your electronic communications with your vendors, customers, and business partners,” he says. “That’s transmission of data across different software platforms. That needs to be safeguarded, as does your voice system. All that entails a range of different technology components and controls that help secure the applications you use. So, while our partners supply high-level compliance service, we handle the infrastructure and physical and technical controls that need to be managed in a financial services IT environment.”
Contact us to learn how Cooperative Systems can help your firm’s data secure and your operations compliant.