Over the years security and data breaches have had a negative impact on financial services organizations. Cyber attacks account for around $18.3 million annually per company. Verizon recently released a report that found only one in five organizations in America were fully compliant with the basic security requirements of the Payment Card Industry Data Security Standard (PCI DSS). Also in that report, fewer than 40% of the financial organizations examined were fully compliant.
Trying to beef up security while remaining compliant to new laws and regulations is no doubt a daunting task. There are a tremendous amount of regulations in which financial organizations must comply with. A recent article on regulatory concerns noted that there are 750 global financial regulatory bodies, each with their own rules.
In Europe, financial organizations had to quickly deal with the General Data Protection Regulation (GDPR). Then two more regulations came along, the Strong Customer Authentication (SCA) and the revised Payment Services Directive (PSD2).
The GDPR also set in motion a major push to globally strengthen data privacy and security protection for consumers. In the US, states like New York, California, Massachusetts, Washington, Hawaii, and many other states have introduced their own data privacy and protection legislation. There was a concern that there could be 50 versions of a consumer privacy act, each with its own rules and regulations. Due to this concern, Congress introduced the Consumer Online Privacy Rights bill to the Senate just before thanksgiving last year, which has yet to be passed.
With all these rules and regulations and more being introduced, its no wonder financial organizations are facing compliance fatigue which exposes them to risk.
How to combat compliance fatigue
Financial organizations can easily harness new technologies to achieve full compliance with many aspects of rules and regulations while streamlining the digital journey for their customers. The good news is there is a global task force, the Financial Action Task Force (FATF), that created a guide on Digital Identity that serves as a reference for countries all around the world looking to implement digital regulations for financial services.
FATF recommends that financial services organizations use a risk-based approach that relies on a set of open-source, consensus-driven assurance frameworks and technical standards for digital ID systems.
|CDD requirements (natural persons)||Key components of Digital ID systems|
|Identification / verification – R.10 (a)||Identify proofing and enrolment (with binding)– who are you? Obtain identifiers (name, DoB, ID # etc.) and ID evidence for those attributes, validate, and verify ID evidence and resolve it to identity proofed person;
Binding—issue credentials/authenticators linking the person in possession/control of the credentials to the identity proofed individual (i.e.,–linking the identity proofed individual to the onboarded customer /to the customer’s ID);
Authentication – Are you the identified/verified individual who has possession and control of the binding credentials? (applies to 10(a) if the regulated entity is conducting identification/verification of a pre-existing ID system)
Source: Public consultation on FATF draft guidance on digital identity
Many banks across the globe are embracing the shift to digital account openings by utilizing a business process management platform (BPM). With the right workflow in place, a BPM platform can easily digitize mundane and paper-intensive workflows and help financial organizations achieve digital transformation. For example, traditionally, a loan application could take anywhere from a day to a few weeks to process, depending on the lender. Yet, with a proper workflow in place, it can just take a few minutes as seen in the video below:
It is always important for financial organizations to stay current on the latest regulatory laws and changes across the globe. By implementing the proper workflows and processes with the right BPM platform, financial organizations can be assured they are taking the right step in their digital transformation initiatives.