Compliance Scorecard: Banking & Financial Regulations

Seven key regulations that security executives in this sector need to know


The financial industry is one of the United States' most regulated sectors. Risk issues in this industry can easily impact the livelihoods of thousands if not millions of people, as corporate ethics scandals and our current economic recession have clearly shown. The federal government has set forth number of well-recognized rules intending to better secure this high-profile sector.

Bank Protection Act of 1968
www.ffiec.gov/ffiecinfobase/resources/management/con-12_usc_1882_bank_protection_act.pdf

The Bank Protection Act placed minimum security guidelines on banks "to discourage robberies, burglaries and larcenies and to assist in the identification and apprehension of persons who commit such acts." It designated four Federal supervisory agencies - the Comptroller of the Currency; the Board of Governors of the Federal Reserve System; the Federal Deposit Insurance Corporation; and the Director of the Office of Thrift Supervision - to promulgate minimum security standards for the banks or S&Ls they regulate.

Financial Modernization Act of 1999
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s900enr.txt.pdf

Also called the Gramm-Leach-Bliley Act or GLB Act, this act includes provisions to protect consumers' personal financial information held by financial institutions. The Financial Privacy Rule governs the collection and disclosure of customers' personal financial information; the Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information; and the Pretexting Provisions protect consumers from companies that obtain their personal financial information under false pretenses. GLB gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule, which apply not only to banks, securities firms, and insurance companies, but also companies providing other types of financial products and services.

The Currency and Foreign Transactions Reporting Act
http://www.fincen.gov/statutes_regs/bsa/

Otherwise known as the Bank Secrecy Act (BSA) or Anti-Money Laundering Act, this law passed in 1970 and amended by the Patriot Act requires financial institutions to assist government agencies in detecting and preventing money laundering. It requires financial institutions to keep records of cash purchases of negotiable instruments, to file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion or other criminal activities.

Regulation H
http://www.federalreserve.gov/bankinforeg/reglisting.htm

Regulation H implements those portions of the Federal Reserve Act that affect state member banks. The Federal Reserve amended Regulation H as part of a broad effort to "risk-focus" the supervisory process and to reduce the regulatory burden on well-run banks. Among other things, Regulation H sets out requirements concerning bank security procedures, suspicious-activity reports, and compliance with the Bank Secrecy Act; and establishes rules governing banks' ownership or control of financial subsidiaries.

Guidance on Authentication in Internet Banking Environment
http://www.ffiec.gov/pdf/authentication_guidance.pdf

From the Federal Financial Institutions Examination Council, this updated guidance replaces the 2001 Guidance and specifically addresses why financial institutions regulated by the agencies should conduct risk-based assessments, evaluate customer awareness programs, and develop security measures to reliably authenticate customers remotely accessing their Internet-based financial services. Its goals are to safeguard customer information; to prevent money laundering and terrorist financing; to reduce fraud and the theft of sensitive customer information; and to promote legal enforceability of financial institutions' electronic agreements and transactions.

Final Rule on Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003
www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf

This content continues onto the next page...