Regulations and compliance

Email Alerts

Register now to receive SearchFinancialSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Federal Information Security Management Act (FISMA)

    The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.

  • Dodd-Frank Act

    The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a federal law that places regulation of the financial industry in the hands of the government.

  • international financial reporting standards (IFRS)

    International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union.

  • Cloud computing technologies and financial services

    Cloud computing offers cost savings but how does it fit into the highly regulated financial services industry?

  • Red Flag Rules compliance strategies for the enterprise

    SearchFinancialSecurity.com presents a comprehensive guide to Red Flag Rules compliance. Our experts cover all the angles with authoritative technical advice on: using a risk-based approach for compliance; specific examples of red flags; clarification of the guidance; and what industry organizations are doing to help victims.

  • National Automated Clearing House Association (NACHA)

    The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments.

  • Data security implications of financial services regulatory reform

    Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals.

  • Seven considerations when evaluating automated GRC tools

    Automated tools can help ease the compliance burden, but financial services firms must first weigh their needs. In this tip, David Strom looks at the top considerations when looking into buying a GRC tool.

  • Firewall audit tools aid compliance

    Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirements

  • Rethinking compliance audit software

    After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position.

  • VIEW MORE ON : Auditing, testing and assessment for compliance
  • four eyes principle

    The four eyes principle is a requirement that two individuals review and approve some action before it can be taken. In a business context, the two individuals are often the CEO and the CFO. However, the principle can be applied to decisions at all levels and in a wide variety of environments. The four eyes principle is sometimes called the two-man rule or the two-person rule.

  • tokenization

    Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

  • Is your examiner a friend or foe?

    Those in the banking industry often struggle to communicate with an examiner believing that by keeping to themselves they will be better off. See why expert David Schneier says that is the wrong way to think.

  • Financial security tutorials

    SearchFinancialSecurity.com's tutorials provide the in-depth information and instruction on topics related to information security at financial services firms. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their financial organizations secure.

  • How privacy and data security legislation will fare after Nov. 2

    The midterm elections will likely result in a shift in political power. How will that impact pending privacy and data security bills?

  • Midmarket financial firms grapple with internal, external security threats

    In the wake of the global economic crisis, many financial firms are struggling to meet tough regulations while defending against both accidental data leakage and a constant barrage of external attacks.

  • National Automated Clearing House Association (NACHA)

    The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments.

  • FDIC releases guidance on digital copier security and printer risks

    Financial institutions need to implement policies and procedures to protect sensitive data stored on devices like copiers, agency says.

  • Data masking best practices for protecting sensitive information

    Protection of customer data is critical for financial services firms but encryption isn't the only option. Learn key considerations for data masking.

  • Data security implications of financial services regulatory reform

    Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals.

  • VIEW MORE ON : Compliance best practices
  • How privacy and data security legislation will fare after Nov. 2

    The midterm elections will likely result in a shift in political power. How will that impact pending privacy and data security bills?

  • FTC again delays Red Flags Rule enforcement deadline

    Fifth extension comes at the request of members of Congress who are considering limiting the scope of businesses covered by the law.

  • Red Flags Rule (RFR)

    The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.

  • FTC announces fourth Red Flags Rule extension

    Members of Congress asked FTC to delay enforcement of identity-theft regulation for organizations the FTC governs

  • Identity Theft Assistance Center marks five years of helping victims

    The Identity Theft Assistance Center (ITAC), a nonprofit cooperative of financial-services companies, is celebrating its fifth anniversary with a reception in Washington, D.C. on Wednesday. ITAC has helped 60,000 of its 38 member companies' customers recover from identity theft. SearchFinancialSecurity.com recently met with ITAC President Anne Wallace to discuss ITAC's work, identity theft investigations, and the Red Flags Rule.

  • Red Flags Rule and preparing for new regulations

    Financial institutions face tough compliance requirements in the Red Flags Rule and the new Massachusetts data protection law. In this video, Richard Mackey discusses how companies can create an effective compliance framework.

  • Federal Trade Commission announces third Red Flags Rule extension

    Extension gives state-chartered credit unions and other FTC-governed entities more time to develop an identity theft prevention program.

  • Regulatory reform will require much work ahead

    Financial security pros will need to step it up in light of President Obama's plan to overhaul the financial regulatory system, David Schneier writes.

  • Red Flags Rule compliance

    Learn about Red Flags Rule compliance from John Carlson, senior vice president of regulatory affairs for BITS, a division of the Financial Services Roundtable. Carlson offers insight on common compliance pitfalls and the state of compliance in the financial services industry.

  • FTC extends Red Flags Rule deadline

    Extension gives non-banking creditors and state-chartered credit unions more time to develop an identity theft prevention program.

  • VIEW MORE ON : FACTA law requirements
  • New FFIEC exam procedures for remote deposit capture risks

    Learn how to prepare for new exam procedures on managing remote deposit capture risks that are included in the updated FFIEC IT examination handbook for retail payment systems.

  • Aite Group: Take action now to manage remote deposit capture risks

    Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.

  • Regulators revisit authentication advice to thwart online banking fraud

    t's been nearly five years since the Federal Financial Institutions Examination Council (FFIEC) issued its authentication guidance for online banking. Since then, cybercriminals have developed sophisticated malware that can circumvent multifactor authentication to hijack and loot online bank accounts. In the wake of the online banking fraud surge, which has targeted small and midsize businesses, federal regulators are revisiting their 2005 authentication guidance. SearchFinancialSecurity.com met with Jeffrey Kopchik, a senior policy analyst at the FDIC, to learn more about the effort.

  • Gartner's Avivah Litan on the online banking fraud surge

    The recent surge in online banking fraud and unauthorized Automated Clearing House (ACH) transfers has led to an astounding $100 million in attempted losses from small and midsize businesses so far this year, according to the FBI. SearchFinancialSecurity.com recently met with Avivah Litan, a vice president and distinguished analyst at Gartner Inc., to get her thoughts on the alarming trend and some insight into how banks can protect their customers' accounts. Litan is an expert in financial fraud, authentication, identity theft, and fraud detection and prevention technology.

  • Multifactor authentication options to secure online banking

    Banks are required to deploy multifactor authentication to secure online banking and meet FFIEC requirements. In this tip, Dave Shackleford describes some of the pros and cons associated with traditional forms of multifactor authentication as well as the benefits and drawbacks of newer systems.

  • Bank Secrecy Act (BSA)

    The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in 1970 that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected money laundering and fraud.

  • FTC Red Flags Rules: How to create an identity theft prevention plan

    Under FTC's Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. But who is a creditor and what is a covered account? Learn more in this expert tip.

  • Five mistakes banks make in pandemic planning

    Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreak

  • remote deposit capture (RDC)

    Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection. When the bank receives a check image from the customer, it posts the deposit to the customer's account and makes the funds available based upon the customer's particular availability schedule.

  • Data breach lawsuit puts spotlight on bank's security measures

    Couple victimized by a data security breach alleges their bank's online security lagged industry standards.

  • VIEW MORE ON : FFIEC compliance guidelines
  • Generally Accepted Recordkeeping Principles

    Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.

  • international financial reporting standards (IFRS)

    International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union.

  • Standardization key to Credit Suisse information security governance framework

    The CISO of financial giant Credit Suisse says the key to successful global security and risk management is a uniform governance system supported by a common policy framework.

  • Vendor management process for financial services

    In this video get tips from expert Eric Holmquist on how to handle vendors to optimize security and minimize risk. Topics include risk assessment, due diligence best practices, common mistakes financial firms make in their vendor management programs, and managing cloud service providers.

  • Red Flags Rule (RFR)

    The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.

  • How to manage security risks in vendor contracts

    Financial institutions face numerous regulatory requirements for managing vendor risk. Learn what financial firms need to include in their vendor contracts in order to conform with regulatory guidance and industry best practices for vendor risk management.

  • Vendor risk management: process and documentation

    As part of the vendor risk management process, regulators expect information security officers will document vendor relationships and have proper vendor documentation.

  • Controls monitoring helps with governance, risk and compliance

    Gartner says continuous controls monitoring for transactions is a GRC technology that promises to reduce compliance costs and improve financial governance.

  • An advancement in GRC

    David Schneier says he found a product that takes governance, risk, and compliance (GRC) to a new level.

  • Advocacy group looks to foster trust in foreign service providers

    A formal agreement with two Indian technology organizations expands the reach of the BITS program, with the goal of fostering trust in the security controls of international service providers.

  • VIEW MORE ON : Risk frameworks, metrics and strategy
  • Keeping up with state data protection laws

    In addition to regulatory requirements and industry standards, financial institutions need to comply with applicable state data protection laws. In this podcast, legal expert Andrew Baer discusses new requirements in Massachusetts, Nevada and California, and offers advice for managing changing data protection rules. He also addresses the potential for a national data breach notification law.

  • Massachusetts data protection law has mixed impact on financials

    Many financial institutions are already meeting new law's requirements for protecting state residents' personal information, but some have work to do.

  • Download presentations from Financial Information Security Decisions 2009

    Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference.

  • Understanding the impact of new state data protection laws

    States have passed new regulations to boost data security, requiring financial-services firms and other companies to encrypt data at rest, in transit and even on portable devices like laptops. In this tip, Robert Mullins explains the impact of the new laws and how a financial industry expert believes they will add an additional costly auditing burden to an industry that's already heavily regulated.

  • Data breaches jumped in 2008, ITRC report finds

    The financial-services industry is better at security than others, but it still sees an uptick in breach reports, according to a new study.

  • Data breach law could put financial burden on retailers

    Legislation being considered in Massachusetts would shift the financial burden associated with a data breach onto retailers. It would be the first of its kind in the United States.

  • Governor rejects data security law

    California Gov. Arnold Schwarzenegger rejected a bill that would have placed more liability on businesses in that state to protect credit card data.

  • Flurry of state disclosure laws creates confusion for CISOs

    Now that nearly three dozen states have enacted breach disclosure laws, national companies face the challenge of reconciling a vast array of guidelines and their implications.

  • Complying with breach notification laws

    Learn the general requirements of breach notification laws modeled after the California Security Breach Information Act and strategies for compliance.

  • Opinion: Government misses its chance to protect data

    The unending stream of corporate and government data breaches shows no signs of slowing, and News Director Dennis Fisher writes that lawmakers and government officals are missing their chance to fill the breach.