In the coming years, banking and insurance organizations will be busy preparing and adapting to new regulations in the field of security and operational resilience. These new rules represent an evolution in the expectations placed on the industry in an increasingly technologically driven era. In addition, in some jurisdictions, regulations will also apply to third parties that provide critical services to financial services providers. So what’s happening around the world?
World perspective
In the EU, the Digital Operational Resilience Act (DORA) provides “financial entities” with a harmonized set of rules for managing risks related to IT, data and digital operations. Similar to the SEC’s new rules, DORA also holds boards of directors ultimately responsible for the success or failure of companies’ technical cybersecurity strategies, making it a central business consideration.
By March 2025, financial services firms in Britain will need to ensure they have developed and implemented operational resilience policies at board level. Such policies should include rules to identify and document key business services (including mapping the business processes and associated IT infrastructure and applications), establish impact tolerances, and develop a scenario testing program.
In the US, the SEC has adopted new rules intended to “improve and standardize disclosure of cybersecurity risk management, strategy, governance and material cybersecurity incidents” for financial services companies. In practice, this will mean imposing more aggressive timelines for reporting material security breaches, and proactively sharing details about the processes in place to identify and respond to cybersecurity incidents. Most aspects of these rules are already in force and must be fully enforced by the end of 2024. It is no coincidence that countries such as Australia and Canada are simultaneously introducing stricter requirements for banking and insurance companies.
Managing Director for Kyndryl Ireland and Kyndryl UK & Ireland Banking Guild.
Regulations
The financial sector has always been one of the most heavily regulated sectors due to the essential role it plays in all other economic activities. And as the financial sector’s critical infrastructure increasingly embraces digitalization, new threats to security and resilience are emerging. From a regulatory perspective, this is not just about the immediate risk of financial loss and economic disruption – although that certainly warrants its own response. There is also the larger issue of trust in financial institutions. Think about how you would feel if your credit cards or digital wallets ever stopped working. You would no longer have access to your own money – which in itself would cause a lot of emotions and destroy trust.
Every transaction that takes place through a bank, or in which an asset is protected against loss by an insurer, requires an act of great trust. Whether the parties involved are individuals or multinationals, there must be confidence that the money deposited can later be recovered, that the policies will be paid out if the relevant conditions are met, and that all sensitive information will be kept secure. It is a sign of the success of many generations of financial regulation that the level of trust is generally so high that we do not consciously take it into account when making financial decisions.
The most important quality that any digitalized future for banking and insurance must protect is trust. It’s worth keeping this perspective in mind as financial sector companies look to meet new demands, ensure these efforts are not siloed, and contribute to a broader strengthening of customer resilience, reliability and trust . In fact, many important trends in this area point in that direction.
Cloud services
For example, an increasing reliance on cloud computing services has raised concerns among the Bank of England and others about institutions’ dependence on individual technology providers and the scale of disruption that could come with outages. These concerns will provide impetus for adopting a multi-cloud strategy, reducing the risks of operations with a more flexible approach to where services run and determining how customer needs are met.
To achieve these goals, it is necessary to close today’s IT talent gap. In finance, that divide will be even more acute in the context of mainframe modernization and hybrid strategies that combine cloud services with long-standing core infrastructure. Rapid adopters of digital archiving in the pioneering days of business computing, banking and insurance companies came to rely on mainframes that now need to be integrated with modern systems. This requires both increasing the skills that bridge on-premises and cloud environments, and working with partners who can fill the gaps with best-practice approaches.
Of course, any application of emerging technologies to financial services workflows – including generative AI – must have clear oversight of the security implications of those technologies. An important result of this is the possibilities for better tailored products. Insurers, for example, will have to rely on more sophisticated approaches to data analytics as they grapple with the increasingly unpredictable impacts of climate change.
Making corporate data more available, integrated and secure is also the strongest route to more efficient and flexible compliance with current and future regulations. And while compliance may seem like a steep hill to climb today, now is the time to develop proactive strategies to build and maintain trust in critical infrastructure for the long term.
We have listed the best payment gateways.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro