Key industry trends
1. Increasing regulations
The Financial Services industry is undoubtedly one of the most highly regulated in the world. As new technologies continue to emerge, governments are constantly adapting to shifting business models and consumer behavior, leading to new regulations. This is no more apparent than when it comes to risk management and cyber threats.
The regulatory landscape is becoming increasingly complex. The burden is largely falling on the shoulders of IT teams to implement compliant, yet agile, architectures that drive innovation while curbing costs.
GDPR is the regulation that has occupied headlines throughout the past couple of years, but this is only one of many that FS companies have had to comply with in developing their IT strategies.
In the US, the California Consumer Privacy Act was signed into law in June 2018 to establish new consumer privacy rights whilst increasing liability for data breaches. The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a US federal law that, under the Safeguards Rule, expects financial institutions to be able to demonstrate how consumers’ private information is protected. The New York State Department of Financial Services (NYDFS) cybersecurity regulation requires all DFS regulated entities to adopt the core requirements of the cybersecurity program through the implementation of a cybersecurity policy, designation of a CISO, periodic pen testing and vulnerability assessments as well as a string of other requirements.
The regulations mentioned above represent only a handful of the US laws affecting data and privacy. In the UK there is the Data Protection Act 2018; Germany has the German Privacy Act 2018; revisions were made to the French Privacy Act to comply with GDPR – the list goes on as data and privacy comes to the forefront of not only IT agendas, but overall organizational agendas.
Every nation and international body is evaluating how to best approach digital-centric economies. Regulatory compliance has become of paramount importance for every business. With an ever-increasing mobile footprint, IT and Security professionals need to consider the impact of mobility on data privacy and determine whether they have the appropriate technologies in place to guarantee compliance.