Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
11/30/2006
11:55 AM
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations

About a quarter of all companies have to comply with an average of six to eight regulations, and larger financial services firms are subject to a dozen or more, all with overlapping requirements, says the Yankee Group.

Financial firms are revamping risk and compliance management practices to deal with regulatory demands. Many are leaving Excel spreadsheets and manual processes behind and turning to software tools that help them better manage audit processes and correct errors.

"Companies have to transform their thinking from being only compliant with Sarbanes-Oxley to being compliant with all regulations that require information protection," says John Kirkwood, global information security officer at supermarket operator Royal Ahold and former chief information security officer at American Express.

For example, the Federal Financial Institutions Examination Council, a federal interagency group that prescribes uniform principles and standards for how the government examines financial institutions, has mandated that these companies implement more secure ways of letting customers log into financial accounts and conduct transactions. This requirement goes into effect Dec. 31.

Companies that handle credit card transactions, including banks, credit card companies, and merchants, need to start preparing to comply with version 1.1 of the Payment Card Industry's data security standard. It mandates that custom applications that companies use for these transactions be independently reviewed; this requirement goes into effect June 30, 2008. Those who don't follow it risk Visa and MasterCard not doing business with them.

Starting January 2008, financial institutions will have to comply with the Basel II Framework, an international agreement that places specific requirements on how banks compute the risks associated with their assets. The framework asks banks to identify the risks they face now and in the future, and to improve their ability to manage those risks.

About a quarter of all companies have to comply with an average of six to eight regulations, according to the Yankee Group. Larger financial services firms are subject to a dozen or more regulations, all with overlapping requirements. "We hear stories that it's common for companies like these to face 30 to 40 audits a year from regulators, partners, and customers," says Andrew Jaquith, an analyst at the research firm.

American Express must immediately respond to audits regarding the safeguarding of bank customer information, as mandated by the Gramm-Leach-Bliley Act, which protects consumers' personal information. To quickly collect information on assets that contain information on banking customers and employees who access that information, the company has deployed Archer Technologies' SmartSuite Framework, a customizable, content-independent infrastructure for managing risk and compliance processes.

American Express has built more than 100 applications with SmartSuite, says Steven Suther, director of information security management at American Express. Auditors get immediate access to compliance reports, Suther says, and American Express is using Archer's Training and Awareness Extension Module to manage security awareness training for more than 130,00 employees.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll