European Union and Australia Lead the Charge on Cybersecurity and Digital Identity Compliance in Financial Sector

As technological advancements continue to reshape the economic landscape, financial institutions and businesses across all sectors are embracing digital transformation. Innovations like quantum computing and artificial intelligence present new cybersecurity risks, underscoring the need for robust digital defenses. Regulators and policymakers recognize the stakes are high, and are responding with renewed regulatory efforts. In this article, we will outline the key regulatory updates and policies regarding authentication, digital identity, electronic signatures, and notarization to watch for in 2024, focusing on the European Union (EU) and Australia.

European Union

Authentication and Cybersecurity

The European Union is keen on enhancing cybersecurity in various sectors, with a particular focus on the financial sector. The following regulations will set the rules:

1. The Digital Operational Resilience Act (DORA): By January 17, 2025, financial institutions and their tech providers are required to implement multi-factor authentication for employees to strengthen cybersecurity. DORA also sets rules for ICT risk management, incident reporting, and the management of third-party risks.

2. NIS2: The Second Network and Information Security Directive expands the scope of its predecessor to cover critical sectors, including banking. NIS2 emphasizes governance, supply chain security, and multi-factor authentication. Failure to comply could result in fines up to 10 million euros.

Authentication and cybersecurity in the EU: A focus on multi-factor authentication and phishing-resistant methods

Australia

Essential Eight

The Australian Cyber Security Centre (ACSC) recommends the Essential Eight strategy to mitigate cyberattacks. The updated Essential Eight Maturity Model now prioritizes multi-factor authentication and phishing-resistant methods.

United States

Authentication and Access

Financial sector compliance in the United States sees several changes:

1. Updated “Safeguards Rule” under the Gramm-Leach-Bliley Act: Starting in 2024, any individual accessing an information system must use multi-factor authentication. Non-bank financial institutions are now subject to these regulations.

2. Security controls against APP fraud: Financial institutions are urged to adopt security controls against authorized push payment (APP) fraud, such as Confirmation of Payee and transaction monitoring. The Authentication and Access to Financial Institutions Services and Systems Guidance from the Federal Financial Institutions Examination Council prioritizes the implementation of enhanced authentication controls.

Digital Identity

Denmark: MitID

Denmark’s advanced digital identity system, MitID, replaces NemID, offering enhanced flexibility and security features.

Canada

A Secure Digital Identity Ecosystem

The Pan-Canadian Trust Framework (PCTF) and Voilà Verified Trustmark Program aim to build a unified and secure digital identity ecosystem in Canada. Organizations that comply with the PCTF’s standards will receive certification, promoting a robust digital economy.

Staying informed and compliant with these regulations and standards is essential for financial institutions, insurance companies, and businesses across all sectors. Keep ahead of the competition and your competitors by implementing the necessary changes.