Sifting through the Financial Industry’s Compliance Demands

Navigating One of the Most Complex Industry Compliance Landscapes

The financial industry is controlled by a considerable amount of oversight from a number of different regulators, and for good reason. It’s an industry that is tied to, and impacts, the whole U.S. economy. Keeping up requires dedicated compliance resources and close attention to operations.

ComputerWeekly explained that the financial services industry deals with one of the most complicated compliance landscapes that applies to organizations globally, primarily because it is subject to a multitude of both regulatory and legal mandates that span international boundaries and have implications for all practice areas of IT.

Further, things are changing in the industry—a significant amount of market disruption is taking place. Forbes stated that the financial industry is facing evolving customer behavior and a mass increase of digital technologies, which are contributing to an even more complicated regulatory environment. Cybercrime is an ever-present, ever-changing risk as well, and battling cybercriminals affects compliance.

Financial Services Compliance Drivers:

  • 75% of financial organizations currently offer customer portals
  • 75% of banks offer a mobile application; 50% of insurance companies do
  • Some financial organizations are lacking a mobile app, but many of those without one plan to implement within the next 12-24 months
  • 32% of financial institutions believe that hacking and socially engineered cyberattacks are the greatest threat currently

Financial Services Government Regulations

The list of government mandates and regulations having the greatest impact on financial IT organizations is long and winding. Participants in The Peak 10 Financial Services and IT Study: Tackling the Digital Transformation , cited the following regulatory bodies as the most highly impactful (though many others were mentioned):

  • SOX
  • FDIC
  • Dodd-Frank
  • GLBA
  • SEC
  • CFPB
  • SOX and HIPAA are affecting insurance more than banks, while banks are impacted more by Dodd Frank and FFIEC. Insurance providers mentioned that state and local regulations specific to insurance are significantly challenging. An IT practice considered permissible in one state may be prohibited in another, which makes juggling geographically disparate customers multifaceted.

    The sheer complexity of the industry’s compliance landscape heavily influences the amount of budget allocated toward compliance activities:

    • 20% of financial institutions’ IT budget goes toward satisfying government mandates and regulations.

    Dodd-Frank, FFIEC and Perceptions of the Government Regulations Reach

    While financial organizations are impacted by many industry and government regulatory bodies, Dodd-Frank and the FFIEC were the most frequently mentioned in Flexential’s Financial Services and IT Study.

    The Dodd-Frank Wall Street Reform and Consumer Protection Act, more commonly known as Dodd-Frank, is a U.S. federal law enacted in July 2010 that regulates the financial industry, aimed at preventing financial crisis through the implementation of new financial regulatory processes and procedures. Dodd-Frank is comprised of a number of statutes which enforce accountability, transparency and consumer protection, as defined by TechTarget Dodd-Frank includes governance concerned with IT and InfoSec practices, and is heavily affecting financial institutions, as evidenced by Flexential’s Financial Services and IT Study participant commentary:

    “The biggest regulation has been Dodd-Frank, which introduced about 10,000 pieces of regulations. Our legal team will go through and look at what we need to change in our process, and ultimately our IT systems, in order to accommodate it.”
    – Executive VP & CIO of US regional bank

    “Dodd-Frank is focused more specifically on the lending side, where there is more data that needs to be collected. It makes sure you don’t have customers that are transporting money to fund terrorism. We are having to implement additional safeguards to track and fulfill the regulations that are there. It puts a heavier load on us because we are having to review additional products.” – AVP of IT at large regional bank

    The FFIEC (Federal Financial Institutions Examination Council), enacted in October 2005, is focused specifically on cybersecurity risks, with emphasis on identification, assessment and mitigation in response to the continuously increasing volume and complexity of cyber threats.

    “On an average basis (IT budget $300 million a year) discretionary spend is about $100 million, and $38 million of that last year was bucketed as compliance mandated changes. These fines are just incredibly big.”
    – Executive VP & CIO of US regional bank

    Unsurprisingly, the industry is used to government regulations, but it’s not thrilled by them:

    • 55% of banking feels that the reach of government regulation is excessive
    • 28% of insurance feels that the reach of government regulation is excessive (Insurance is not subject to quite as many compliance demands)

    Adapting to Digitalization and Increasing Cybercrime to Achieve Compliance

    All in all, compliance means increased pressures and strains on resources due to the need to jump through extra hurdles to accomplish anything. Legal, compliance and procurement objectives are all met with established catch points implemented to prevent falling into traps because of the endless sea of regulations.

    However, financial institutions have the power to stay in control. Managing the changes that come with digitalization and advancing cybercrime is possible with the right adaptation strategy, including the following steps summarized by Forbes:

    1. Focusing on becoming data and insight-driven
    2. Since data can now be aggregated from a wide array of sources, such as controls performance, client transactions and employee conduct, taking advantage of analytics solutions can support compliance functions by enabling predictive insights.
    3. Collaboration
    4. Making use of shared services data processing will help standardize data and identify issues.

    Finding the Right Compliance Partner

    The technology and infrastructure behind financial organizations’ IT departments determine the success rate of meeting customer demands. Given the complexity compliance in financial services, working with a technology services provider who understands the industry landscape can be extremely beneficial for any number of IT initiatives, from solely compliance support to migration projects.

    Selecting a third-party partner who has architected cloud and data center services specifically to align with compliance in the financial sector is key. After all, financial technology services are responsible for powering applications efficiently, storing data securely and meeting the demands of industry and government compliance requirements.

    If your organization is interested in achieving and sustaining a compliant state in your technology practices, Flexential can help. We believe in a shared responsibility model for IT compliance, and our experts are available to answer your questions and explore your IT compliance practice. Visit or call (866) 473-2510.