Financial Crime World

Financial Sector Struggles with Compliance: Leach-Bliley, PSD 2, FFIEC, and DORA

=====================================================

The financial sector is facing a daunting task as it strives to comply with a myriad of regulations aimed at ensuring the security and integrity of sensitive financial data. The following regulations are just a few examples of the numerous regulations that financial institutions must adhere to:

  • Leach-Bliley Act
  • Payment Services Directive (PSD 2)
  • Federal Financial Institutions Examination Council (FFIEC)
  • Digital Operational Resilience Act (DORA)

Leach-Bliley Act: A Look Back

The Gramm-Leach-Bliley Act, enacted in 1999, repealed parts of the Glass-Steagall Act and allowed commercial banks to engage in investment activities. The act also mandated the Federal Trade Commission (FTC) to regulate financial institutions’ data security practices.

PSD 2: Enhancing Customer Data Security

The Payment Services Directive 2 (PSD 2), enacted by the European Union, aims to promote competition and innovation in the banking sector while ensuring customer data security. The directive requires banks and financial institutions to:

  • Implement strong customer authentication measures
  • Protect online payments
  • Enhance customer data security

FFIEC: Cybersecurity Guidelines

The Federal Financial Institutions Examination Council (FFIEC) is an interagency body that sets cybersecurity guidelines for financial institutions. The FFIEC outlines its guidelines in the Information Technology Examination Handbook series, which covers topics such as:

  • Audit
  • Business continuity
  • Information security
  • Outsourcing technology services

DORA: Cybersecurity and Operational Resilience

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at enhancing cybersecurity and operational resilience across financial institutions and ICT service providers. The act requires critical ICT third-party service providers to:

  • Adhere to standardized technical requirements
  • Undergo regular audits and inspections

Consequences of Non-Compliance

Failure to comply with these regulations can result in severe penalties, including:

  • Fines of up to EUR 20 million or 4% of annual revenue (whichever is greater) for PSD 2 non-compliance
  • Fines of up to $2 million for FFIEC non-compliance

Best Practices for Maintaining Cybersecurity Compliance

To maintain cybersecurity compliance, financial institutions can implement the following best practices:

  • Implement a zero-trust architecture
  • Develop a third-party risk management program
  • Install data leak detection solutions
  • Utilize attack surface monitoring solutions

Conclusion

The financial sector is faced with an uphill battle as it strives to comply with numerous regulations aimed at ensuring the security and integrity of sensitive financial data. By understanding these regulations and implementing best practices for maintaining cybersecurity compliance, financial institutions can avoid the consequences of non-compliance and ensure the continued trust of their customers.