Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Financial Firms Use Software Tools To Reduce Risk, Comply With New Regulations

About a quarter of all companies have to comply with an average of six to eight regulations, and larger financial services firms are subject to a dozen or more, all with overlapping requirements, says the Yankee Group.

Financial firms are revamping risk and compliance management practices to deal with regulatory demands. Many are leaving Excel spreadsheets and manual processes behind and turning to software tools that help them better manage audit processes and correct errors.

"Companies have to transform their thinking from being only compliant with Sarbanes-Oxley to being compliant with all regulations that require information protection," says John Kirkwood, global information security officer at supermarket operator Royal Ahold and former chief information security officer at American Express.

For example, the Federal Financial Institutions Examination Council, a federal interagency group that prescribes uniform principles and standards for how the government examines financial institutions, has mandated that these companies implement more secure ways of letting customers log into financial accounts and conduct transactions. This requirement goes into effect Dec. 31.

Companies that handle credit card transactions, including banks, credit card companies, and merchants, need to start preparing to comply with version 1.1 of the Payment Card Industry's data security standard. It mandates that custom applications that companies use for these transactions be independently reviewed; this requirement goes into effect June 30, 2008. Those who don't follow it risk Visa and MasterCard not doing business with them.

Starting January 2008, financial institutions will have to comply with the Basel II Framework, an international agreement that places specific requirements on how banks compute the risks associated with their assets. The framework asks banks to identify the risks they face now and in the future, and to improve their ability to manage those risks.

About a quarter of all companies have to comply with an average of six to eight regulations, according to the Yankee Group. Larger financial services firms are subject to a dozen or more regulations, all with overlapping requirements. "We hear stories that it's common for companies like these to face 30 to 40 audits a year from regulators, partners, and customers," says Andrew Jaquith, an analyst at the research firm.

American Express must immediately respond to audits regarding the safeguarding of bank customer information, as mandated by the Gramm-Leach-Bliley Act, which protects consumers' personal information. To quickly collect information on assets that contain information on banking customers and employees who access that information, the company has deployed Archer Technologies' SmartSuite Framework, a customizable, content-independent infrastructure for managing risk and compliance processes.

American Express has built more than 100 applications with SmartSuite, says Steven Suther, director of information security management at American Express. Auditors get immediate access to compliance reports, Suther says, and American Express is using Archer's Training and Awareness Extension Module to manage security awareness training for more than 130,00 employees.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll