With the rapid adoption of technology to support business activities, regulatory compliance will continue to evolve and strengthen through the issuance of new requirements and onsite examinations.
Emerging regulatory focus
Customer data protection
In recent years, we have experienced a huge advancement in data loss protection (DLP) technologies, as well as a number of recent high-profile customer data leakage incidents. As such, many global regulatory bodies reinforced their requirements regarding the handling of customer data through updated Customer Data Protection legislations. Many of these legislations introduced a number of updated data protection requirements to ensure adequate data protection.
Bring-your-own-device
In the past, bank employees were unable to use their own personal computing equipment, such as smartphones or personal computers/laptops, to access or store the bank’s emails and customer data. In many countries across the globe, this requirement has been relaxed. This means that employees can now use their own computer equipment for work purposes, provided there are appropriate controls in place which comply with the stipulated regulatory requirements.
Cloud computing security
A number of banks have recently migrated their non-critical IT functions to the cloud, thanks to recent changes in regulatory stance regarding banks’ adoption of cloud computing. However, regulators must closely monitor the adoption of cloud services by banks and financial institutions in order to avoid security breaches. Security requirements must be fine-tuned when it comes to the use of cloud technology, electronic banking and cybersecurity.
Operational and IT controls over rogue trading
A number of high-profile rogue trading incidents have occurred in recent years, leading to significant losses for a number of banks. Such incidents revealed loopholes in risk management governance and technology infrastructures, as well as deficiencies in trading surveillance. As a result, both the SFC and HKMA have increased efforts to ensure that banks strengthen their controls over electronic trading, with a particular focus on rogue trading. We expect the HKMA and SFC to continue reinforcing the relevant control requirements through their regular supervision activities (e.g. on-site examinations).
Electronic banking and cybersecurity
Recently, we have witnessed a shocking increase in cybersecurity threats and new technologies being adopted for electronic banking. In light of increasingly sophisticated cyberattack techniques, as well as newly adopted banking channels (such as mobile banking) it can be expected that regulators will refresh their e-banking guidelines to remain afloat of these industry changes. Financial institutions should consider adopting best practices when it comes to e-banking and cybersecurity, in order to protect their infrastructure and stay up-to-date with upcoming regulatory changes.
How to Prepare yourself for future regulatory compliance
• Understand the emerging requirements
• Look for any gaps within your organization
• Have a plan of action to respond
Are you concerned about regulatory compliance requirements?
If so, contact 8 Ways Media today to discuss your options.