Regulatory Compliance Challenges for Financial Institutions
Regulations are constantly evolving to help financial institutions stay ahead of fraud attacks. To comply, FIs must continuously refine their compliance strategies and implement new technologies in complex IT environments.
Julie Conroy, research director at Aite Group, discusses how recent regulations impacts FIs’ fraud and authentication strategies.
Learn how Raiffeisen achieved PSD2 compliance
Raiffeisen Italy is the umbrella organization for 40 entities of Raiffeisen Bank in Italy.
The bank faced two challenges: PSD2 compliance and a legacy authentication system that customers found difficult to use.
- Achieved compliance with PSD2 requirements for Strong Customer Authentication (SCA) and protection of their mobile authenticator app
- Used their compliance initiative to innovate and improve the mobile experience
- Positive customer feedback and high adoption
The EU Payments Services Directive (PSD2) contains requirements related to Strong Customer Authentication (SCA). Financial institutions must comply with these requirements by September 2019. However, specific Payment Service Providers (PSPs) could qualify for an exceptional extension in the context of card payments for e-commerce according to a recent EBA Opinion.
The requirements include five compliance criteria:
- Strong Authentication
- Transaction Risk Analysis
- Replication Protection
- Dynamic Linking
- Independent Elements
Address Requirements for Risk Monitoring
Address compliance requirements with real-time monitoring of transaction risks
Meet PSD2 requirements by ensuring that transaction monitoring mechanisms take into account a number of risk-based factors, including:
- A list of compromised data
- Known fraud scenarios
- Malware infection detection
- Transaction amount
- Device/software access
Help Fast-track Compliance with Pre-configured Rules
Anti-fraud solutions with machine learning facilitate compliance out-of-the-box
A fraud detection and prevention tool should be able to detect fraud and ensure compliance right out-of-the-box. Pre-configured rule sets and predictive machine learning models tuned for specific applications, like mobile, online, and corporate banking, help accelerate compliance with local and industry regulations.
Protect against Mobile Threats
Help fulfill requirements for strong authentication and app security
Globally, regulators are introducing new security requirements to better protect mobile banking and mobile apps. Compliance can include a combination of advanced security measures such as:
- Dynamic linking
- Protection against app cloning
- Strong customer authentication
- App shielding
OneSpan can help you implement risk-mitigating controls such as tokenization, encryption for storage and transmission of data, and anti-malware countermeasures.
Capture Detailed Audit Trails
Audit trails help prove compliant practices were followed
In online and mobile processes such as account opening, loans, mortgages, and e-disclosure delivery, capture a detailed record of exactly what the applicant saw and did as part of the process, including steps such as:
- Digital identity verification
- Consent to processing personal information
- Signing financial agreements and other contracts
What Customers Are Saying About Audit Trails
The OneSpan Sign audit trail capability is great. We like how there is an audit trail for each loan, and how each screen is recorded in the audit trail with the time stamp. Our compliance department was very satisfied when we viewed that with them.
Commercial Portfolio Analyst
It was very important to have a technology partner with extensive PSD2 expertise. OneSpan was very aware of the legal aspects, as well as the aspects that had the potential to affect the customer.
Head Business Solutions – Digital Service Channels
Automate to Enforce a Consistent Process
Strengthen compliance by automating digital agreements
Financial agreements and contracts can be digitized to improve customer experience and reduce the risks of a paper-based workflow. Manual processes result in errors such as missing signatures, which expose an organization to risk.
Through e-signature technology, OneSpan automates signing workflows and enforces business rules. This ensures documents are submitted without errors or omissions.
More than half of the world’s top 100 global banks rely on OneSpan to help strengthen compliance
Leverage Our Expertise
OneSpan can help you achieve compliance while offering an exceptional and secure customer experience
The information on this site is for informational purposes only and does not constitute legal advice. We recommend that you seek independent professional advice. OneSpan does not accept liability for the contents of these materials.