The Inner Circle

 View Only
  • 1.  Regulatory Compliance in Retail Banking

    Posted Feb 12, 2021 10:30:00 AM
    I would like to know the various regulatory compliances that need to be satisfied from cloud security perspective in the Retail Banking sector. For e.g PCI DSS, SOC2, ISO/IEC 27001 are some. Is there any material that I could refer which talks on the compliances applicable for Distribution channels, CRM, Lending, Payments, Cards and other business functions? Any pointers would help.

    ------------------------------
    Raji Krishnamoorthy AWS Solution Architect, CCSK
    Cloud architect
    Chennai
    ------------------------------


  • 2.  RE: Regulatory Compliance in Retail Banking

    Posted Feb 15, 2021 11:37:00 AM
    Raj,

    This is a good place to start:
    https://ithandbook.ffiec.gov/laws,-regulations,-guidance.aspx

    General info: 
    https://www.ffiec.gov/default.htm

    Thanks,
    Matt Silveira,
    CISSP, AWS Certified Solutions Architect- Associate, TOGAF v9

    ------------------------------
    Matt Silveira
    OBS inc
    OBS inc
    ------------------------------



  • 3.  RE: Regulatory Compliance in Retail Banking

    Posted Feb 16, 2021 02:39:00 PM
    Edited by Claude Baudoin Feb 16, 2021 02:40:11 PM
    Here is another list:
    https://www.compliancecohort.com/banking-regulations-list

    I got this from someone at University Bank who is a member of the ANSI X9F4 subcommittee -- they are working right now on a standard called X.125, which is about guidance to cloud adoption by financial institutions. I've been e-meeting with them twice a month to help them incorporate feedback from the Object Management Group's Cloud Working Group. Don't expect X.125 to be super-detailed in a way that would really help you. It is rather generic in its advice about what to consider when choosing to move to the cloud. In fact, there is relatively little in what I have seen that is really unique to financial institutions. But it is still work in progress, so it may get better.

    Also, note that ANSI is U.S.-focused, and financial regulations vary widely from country to country, as you are well aware. When it comes to the cloud, a lot of countries specify that banking data shall be stored within the country. Sometimes there is a process to apply for a waiver, sometimes not. Some years ago, a Danish bank got a waiver to store data at a cloud provider in the UK (I think) simply because there was no cloud provider in Denmark. This is the exception rather than the rule. If you're interested in this data residency issue, there was a fairly complete appendix of the rules that existed at the time in several major countries in OMG's 2017 paper on Data Residency Challenges (it says "Cloud Standards Customer Council" on the paper, but this has since morphed into the Cloud Working Group of OMG). Various countries' laws have undoubtedly evolved since the paper was written, and the implementation of RGPD in 2018 has in particular strengthened some of the restrictions related to the storage of personal information of EU residents.

    ------------------------------
    Claude Baudoin
    cébé IT Knowledge Management
    Co-Chair, OMG Cloud Working Group
    https://www.omg.org/cloud
    ------------------------------



  • 4.  RE: Regulatory Compliance in Retail Banking

    Posted Feb 17, 2021 10:18:00 AM
    Thank you Claude and Matt.

    ------------------------------
    Raji Krishnamoorthy AWS Solution Architect, CCSK
    Cloud architect
    Chennai
    ------------------------------