Here is another list:
https://www.compliancecohort.com/banking-regulations-listI got this from someone at University Bank who is a member of the ANSI X9F4 subcommittee -- they are working right now on a standard called X.125, which is about guidance to cloud adoption by financial institutions. I've been e-meeting with them twice a month to help them incorporate feedback from the Object Management Group's Cloud Working Group. Don't expect X.125 to be super-detailed in a way that would really help you. It is rather generic in its advice about what to consider when choosing to move to the cloud. In fact, there is relatively little in what I have seen that is really unique to financial institutions. But it is still work in progress, so it may get better.
Also, note that ANSI is U.S.-focused, and financial regulations vary widely from country to country, as you are well aware. When it comes to the cloud, a lot of countries specify that banking data
shall be stored within the country. Sometimes there is a process to apply for a waiver, sometimes not. Some years ago, a Danish bank got a waiver to store data at a cloud provider in the UK (I think) simply because there was no cloud provider in Denmark. This is the exception rather than the rule. If you're interested in this data residency issue, there was a fairly complete appendix of the rules that existed at the time in several major countries in OMG's 2017 paper on
Data Residency Challenges (it says "Cloud Standards Customer Council" on the paper, but this has since morphed into the Cloud Working Group of OMG). Various countries' laws have undoubtedly evolved since the paper was written, and the implementation of RGPD in 2018 has in particular strengthened some of the restrictions related to the storage of personal information of EU residents.
------------------------------
Claude Baudoin
cébé IT Knowledge Management
Co-Chair, OMG Cloud Working Group
https://www.omg.org/cloud------------------------------
Original Message:
Sent: Feb 12, 2021 10:29:53 AM
From: Raji Krishnamoorthy
Subject: Regulatory Compliance in Retail Banking
I would like to know the various regulatory compliances that need to be satisfied from cloud security perspective in the Retail Banking sector. For e.g PCI DSS, SOC2, ISO/IEC 27001 are some. Is there any material that I could refer which talks on the compliances applicable for Distribution channels, CRM, Lending, Payments, Cards and other business functions? Any pointers would help.
------------------------------
Raji Krishnamoorthy AWS Solution Architect, CCSK
Cloud architect
Chennai
------------------------------