Finance & Banking , Governance & Risk Management , Industry Specific
New Privacy Risks for FIs in Age of Emerging Tech
Security Experts Share Strategies for Navigating Privacy RulesMaintaining regulatory reporting requirements and implementing new AI technology are creating new challenges for U.S. financial institutions. Patrick Keating of Sterling Bank & Trust and David Anderson of Woodruff Sawyer discuss complexities banks of meeting privacy requirements in this evolving landscape. For example, data that the bank captures in the loan application and underwriting process must also comply with privacy requirements across up to 50 states.
"Banks are using session tracking to monitor applicants, for example, how many times someone changes their income in the little box that says, how much do you earn a year? Or they'll monitor how many times you go into a certain application and come out of it to try to come up with some sort of risk score," said Anderson, vice president of cyber at insurance brokerage and consulting firm Woodruff Sawyer.
"But we are seeing private action or lawsuits being brought by third parties against all types of entities for tracking how long they stayed on a website, what they inputted into a website, any sort of video they watched."
While banks have been following regulatory requirements to protect customers from fraud for years, "today we not only have to monitor transactions but we have to also monitor the privacy requirements overall and ensure that they are being accomplished," said Keating, CISO at Sterling Bank. "But we want to ensure that it is done in a way that protects the bank and protects the consumers."
In this video interview with Information Security Media Group, the Keating and Anderson discussed:
- How banks can balance rigorous transaction monitoring and stringent privacy requirements;
- The challenges of integrating new privacy regulations with existing legacy systems;
- Strategies to help smaller banks navigate the complex landscape of state privacy laws.
Anderson, who leads cybersecurity at Woodruff Sawyer based in New York, has spent more than 11 years focused on complex cyber, privacy, technology and professional liability issues.
Keating is an information security executive working in the field for nearly 20 years. He has driven cybersecurity strategy for several organizations across different industries, including finance, insurance and transportation. He is also a CyberEdBoard member.