Thank you for Subscribing to CIO Applications Europe Weekly Brief
Technology to aid the banks to be compliant and profitable
Banking and financial services companies handle the data of millions of consumers, including businesses and governments. Consequently, the sector has the heaviest regulations to follow to keep his data safe and out of the reach of malicious activities. However, with so many rules and regulations flooding the space and contradicting the relevance of one another, compliance today has become a tricky endeavor for the financial sector in general.
The key to compliance usually lies in the right blend of procedures, policies, and data management, which like in significant cases need a technological application to be perfected and simplified.
Suggested Read: The Rise of Banking Biometrics
By Artem Tymoshenko, CEO,Maxpay LLC
Following are the approaches that determine how technology has a part to play in the whole compliance spectrum.
Leaving Data on the Mainframe
PSD2, which is commonly known as open banking regulation, requires banks to share some of their customer data with other financial institutions. However, sharing data by transferring it from mainframes might significantly compromise the security and the integrity of it. By using APIs instead, modern digital applications can run using existing mainframe databases, while also ensuring that the data can remain in place, where it can be secured at the source. APIs are already used to connect mobile and online banking services to a variety of customer databases and can be applied in a similar fashion to enable third parties to access information in accordance with PSD2.
Another option is using data virtualization tools. These tools can enable the analysis of data “virtually,” while leaving the original records undisturbed in the database. Not only this, but you can also extract data from unstructured data sources in “green screen” terminal-based applications, by emulating the terminal data querying, in an automated process that accesses data and then encrypts it as it is transferred to a new system.
This approach also addresses many of the issues thrown up by the EU GDPR, which insists on the privacy and protection of personal information – a requirement that at first glance appears to be in direct contradiction with PSD2. By keeping only one version of each record on a database and avoiding duplication, it is much easier for banks to ensure the security of customer information. It also simplifies the process of deletion if a customer chooses to exercise their GDPR “right to be forgotten”.
Finally, keeping data on the mainframe helps with compliance with the element of the GDPR stipulating that banks must keep detailed records of which third parties they share customer data with and why. Banks must complete full audits of their Open Banking practices, a lengthy and costly process, especially given that most organizations already spend 20 to 30 percent of their IT budgets on audit reporting and preparation. By keeping the data in place and creating a secure gateway through which third parties can access it, banks can remain compliant with both the PSD2 and the EU GDPR.
You may like: Pushing the Needle of Innovation in Banking
By Jojo Seva, CIO, NEFCU