Six-Part Blog Series: Managing Privacy and Risk in Financial Services

I came to ServiceNow from the financial services industry. I know, all too well, the regulatory struggles you face. ServiceNow technology combined with industry expertise has been essential in crafting strategies to manage your regulatory burden. Here, at ServiceNow, we’ve done just that. In this 2-week (Monday – Wednesday – Friday) blog series we’ll dive into both the regulatory details and compliance solutions.

The financial services industry is held to a higher standard.

Around half of digitally savvy customers were happy to share more data with their bank, if they got something in return, according to an EY Consumer Banking Survey. When a retailer, for example, uses data to offer shopping discounts on shoes, rarely is anyone concerned. However, if a bank or insurer uses the same data to calculate a cross-sell opportunity or insurance premium, it can feel invasive. Financial services organizations are not held to the same standard.

What are your intentions with my data?

This is when regulators step in and ask, “What are your intentions?” The EU is leading the charge on asking all organizations that process EU citizen data that very question.  The European General Data Protection Regulation (GDPR), which goes into effect next year, has set out to help clarify the rules on handling personal data.  If your organization works with anyone in the EU—such as a customer, employee, vendor, partner—you must comply with the GDPR or risk paying severe penalties of up to 4% of worldwide turnover for non-compliance. The GDPR is unique in that financial institutions aren’t the only ones that need to comply. We’re sharing the regulatory burden across all industries! However, much like the shoe shopping vs insurance scenario mentioned above, we will be scrutinized more harshly. It’s ok. We’re used to it.

No finger pointing! You are responsible for your friends (or vendors)!

In case you didn’t feel special and wanted regulations tailor-made just for you. . .On March 1, 2017, the New York State Department of Financial Services’ Cybersecurity Requirements went into effect. The regulation establishes minimum cybersecurity standards for banks, insurance companies and financial services organizations regulated by New York State. The law is crafted to ensure the safety and soundness of regulated entities and to protect their customers. This regulation applies to financial services companies licensed by New York, but not to nationally chartered institutions. However, because this is the first regulator issuing cybersecurity guidelines, it may provide a starting point for other state or even national regulators.  In other words, buckle up. . .more regulations may be coming. The highlights: you need to have a CISO, a cybersecurity program and process in place, an audit tail and you are responsible for the behavior of your vendors.  Vendor management, which is already a cumbersome task, just got a bit more complicated.

Easing regulatory pain.

At ServiceNow we’ve been discussing these regulations and many more to figure out ways to ease the regulatory pain for our financial services customers.  What’s the plan, you ask? ServiceNow equips you with a framework to help accelerate your journey to compliance. Over the next few weeks we’ll dig deeper into not only the issues but solutions our framework provides.

Please come back on Wednesday, September 27, for part Two of this Six-Part series on Managing Privacy and Risk in Financial Services.

Next Posts:

Part Two: A Single System of Record (Sarbanes-Oxley (SOX))

Part Three: The Cost of Non-Compliance (GDPR)

Part Four: Responsible for You and Your Friends (Vendor Risk)

Part Five: We Have a Plan (NY State Cyber Regulations)

Part Six: Rinse and Repeat (IT GRC)

Additional Resources:

Join us for our webinar, “Managing Privacy and Risk in Financial Services” on Tuesday, October 10 at 8:00am PDT/11:00am EDT. Experts from Nomura and ServiceNow will share their tips and strategies for managing compliance in the financial services industry.  Nomura will walk us through their case study on a recent NFA (National Futures Association) procedure and ServiceNow will offer GDPR compliance guidance and solutions to issues like vendor risk.