Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations - InformationWeek
Software // Enterprise Applications
11:55 AM

Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations

About a quarter of all companies have to comply with an average of six to eight regulations, and larger financial services firms are subject to a dozen or more, all with overlapping requirements, says the Yankee Group.

Financial firms are revamping risk and compliance management practices to deal with regulatory demands. Many are leaving Excel spreadsheets and manual processes behind and turning to software tools that help them better manage audit processes and correct errors.

"Companies have to transform their thinking from being only compliant with Sarbanes-Oxley to being compliant with all regulations that require information protection," says John Kirkwood, global information security officer at supermarket operator Royal Ahold and former chief information security officer at American Express.

For example, the Federal Financial Institutions Examination Council, a federal interagency group that prescribes uniform principles and standards for how the government examines financial institutions, has mandated that these companies implement more secure ways of letting customers log into financial accounts and conduct transactions. This requirement goes into effect Dec. 31.

Companies that handle credit card transactions, including banks, credit card companies, and merchants, need to start preparing to comply with version 1.1 of the Payment Card Industry's data security standard. It mandates that custom applications that companies use for these transactions be independently reviewed; this requirement goes into effect June 30, 2008. Those who don't follow it risk Visa and MasterCard not doing business with them.

Starting January 2008, financial institutions will have to comply with the Basel II Framework, an international agreement that places specific requirements on how banks compute the risks associated with their assets. The framework asks banks to identify the risks they face now and in the future, and to improve their ability to manage those risks.

About a quarter of all companies have to comply with an average of six to eight regulations, according to the Yankee Group. Larger financial services firms are subject to a dozen or more regulations, all with overlapping requirements. "We hear stories that it's common for companies like these to face 30 to 40 audits a year from regulators, partners, and customers," says Andrew Jaquith, an analyst at the research firm.

American Express must immediately respond to audits regarding the safeguarding of bank customer information, as mandated by the Gramm-Leach-Bliley Act, which protects consumers' personal information. To quickly collect information on assets that contain information on banking customers and employees who access that information, the company has deployed Archer Technologies' SmartSuite Framework, a customizable, content-independent infrastructure for managing risk and compliance processes.

American Express has built more than 100 applications with SmartSuite, says Steven Suther, director of information security management at American Express. Auditors get immediate access to compliance reports, Suther says, and American Express is using Archer's Training and Awareness Extension Module to manage security awareness training for more than 130,00 employees.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll