How the Pandemic Is Spurring New Financial Regulations
The COVID-19 pandemic pushed banks and credit unions to fast-track digital transformation plans as consumers nationwide stopped visiting branches and ATMs, and suddenly shifted to digital and mobile banking options. Many banks have navigated this transition successfully.
However, the pandemic has exposed shortcomings in both security and technical infrastructure across the financial sector. Cybersecurity threats and fraud have surged during the pandemic. Organized crime rings and fraudsters around the world saw the sudden move to digital channels and the trillions of dollars the U.S. government was injecting into the economy as a perfect opportunity for account takeover schemes, fake business loans and other criminal activity.
This jump in fraud has drawn attention to the ways in which the U.S. lags behind other regions of the world when it comes to data protection, cybersecurity and keeping our financial regulations apace with an increasingly digital world. And as banks have been increasingly using consumers’ biometric identifiers for identity verification and user authentication, there is growing concern that the U.S. does not have any federal laws governing how businesses must protect their customers’ biometric information.
To enable safer digital commerce, lawmakers and financial regulators have put in place, or are seeking to put in place, a number of new policies and regulations that would significantly impact the financial sector.
New regulations banks should know
One of the most significant developments has been put forth by the Financial Action Task Force (FATF), a global money laundering and terrorist financing watchdog. The FATF’s Guidance on Digital Identity details best practices for financial institutions to apply customer due diligence to digital identity verification and authentication for remote account opening and onboarding. It also describes how third-party reliance between regulated entities can be used by financial institutions to meet the requirements.
As consumers continue to stay home to avoid face-to-face interactions during the pandemic, the FATF’s guidance will prove critical for financial institutions seeking secure, consumer-friendly solutions that enable them to keep doing business, including remotely opening new accounts.
The increase in remote account opening during the pandemic also means that banks have increased their use of digital identity verification solutions that rely on biometrics like facial comparison technologies in order to meet Know Your Customer (KYC) requirements.
Consumer groups have raised concerns about whether financial institutions are doing enough to keep this sensitive data secure. The National Institute of Standards and Technology (NIST) and the FIDO Alliance are both working to develop frameworks that could soon be adopted at the national level to stipulate how banks must protect and store their customers’ biometric data.
The increase in fraud in the financial sector has also drawn increased awareness to the lack of a national data protection and privacy law in the U.S. Many countries around the world in 2020 adopted laws modeled after the European Union’s General Data Protection Regulation (GDPR). The Data Protection Act of 2020 proposed a federal data protection agency and monetary penalties for violations. The bill gained little traction on Capitol Hill, but given the post-election political changes in Washington, a similar proposal could see more success in 2021.
Other significant regulatory changes that may affect banks in the near future include proposed amendments to the Safeguards and Privacy Rules under the Gramm-Leach-Bliley Act. Last summer, the Federal Trade Commission held a virtual workshop pertaining to proposed new rules for the way banks must encrypt customer data and implement multifactor authentication for access to customer data. The proposed rules would have far-reaching consequences and could affect organizations outside of the traditional financial sector, including universities that provide financial assistance to students.
By understanding the most significant regulatory changes affecting the financial sector and adopting new processes and technologies, banks and credit unions can comply with regulations while ensuring that their customers’ sensitive data is secure.
They should take a multilayer approach to security that incorporates technologies such as adaptive multifactor authentication, real-time risk analytics for fraud detection and mobile application security to stop the fraud that runs rampant in digital channels. Only then will they be able to become the digital-first businesses they strive to be, while maintaining compliance and securely providing the online and mobile services their customer's desire.
This blog, written by Michael Magrath, Director of Global Regulations and Standards at OneSpan, was originally published on BAI.com on January 7, 2021.