White Papers

The proliferation of new risk management regulations has made it increasingly difficult for banks, investment firms, insurance companies other financial services firms to effectively manage their policies, processes and procedures. No fewer than 20 different federal laws regulate information sharing and provide consumer privacy protection, five of them specifically targeted at regulating data sharing by financial institutions: the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Electronic Fund Transfer Act, the Right to Financial Privacy Act, and the Telephone Consumer Protection Act. And let’s not forget about SOX, or the PCI Security Standards Council’s Data Security Standard (PCI-DSS), which provides an actionable framework for developing a robust payment card data security process, including prevention, detection and reaction to security incidents.

Nobody disputes the purpose of these regulations, which includes law enforcement, establishing standards, prosecute misconduct and fraud, protect privacy and confidentiality, and, ultimately, mitigate and monitor various types of risk. For example, financial services organizations establish their policies and procedures based on operations manuals established in part by federal and state banking, insurance and investment regulations, and by firm’s own set of operating principles.