Digital transformation brings more risk, and new regs

While many financial institutions navigated the digital transformation successfully, in some cases the rush to modernize outpaced security.

Amid the global pandemic, financial institutions have had to change the way they interact with their customers. As people stayed home and shifted to online and mobile banking channels, many had to fast-track their digital transformation plans in order to meet the new demand. They developed new ways to onboard customers remotely and verify identities through digital channels.

Cybersecurity attacks aimed at the financial sector have grown 238% and widespread fraud has cost the nation billions of dollars. In an effort to prevent fraud and enable safer digital banking, lawmakers and financial authorities have introduced several new policies and regulations. The combination of the rapid advancements in technology along with the much-needed wave of new regulations will drive some of the greatest changes to the financial sector since the recession of 2007 – 2008 – and banks need to prepare.

Specifically, U.S. financial institutions should prepare for potential new regulations around data privacy and protection, digital identity verification and the use of biometrics. Data privacy and consumer data protection are top concerns for federal and state regulators alike. Currently, the U.S. lags behind other industrialized nations by lacking a federal law governing the protection of consumers’ personally identifiable information (PII). This may soon change under the proposed Data Protection Act of 2020. Though it hasn’t been voted on yet, financial institutions should prepare for the issue to be picked up again in the new year and with the likelihood of passing in 2021.

Other significant data protection regulations include the recently passed California Privacy Rights Act of 2020 (CPRA) which replaces the previous California Consumer Privacy Act (CCPA) regulation and creates even tougher data privacy provisions. New York’s Stop HACKS and Improve Electronic Data Security (SHIELD) Act also took effect in 2020. These two states often serve as harbingers of what’s to come and banks should expect these state laws will be models for a potential data privacy law at the national level soon.

New developments around digital identity verification standards and biometrics also pose significant changes for the way institutions will operate in 2021 and beyond. During the pandemic, remote account opening skyrocketed because consumers could not visit branches in person.

As a result, the use of biometrics such as facial comparison technology grew rapidly as banks needed a way to positively verify new customers’ identities in digital channels. This has caused an increased focus on the need for both a national digital identity framework as well as regulations surrounding the protection of consumers’ biometric data. Additionally, the Financial Action Task Force (FATF) released new guidance for how financial institutions should verify identities in digital channels. With these and other proposals underway, banks should plan to strengthen their security practices pertaining to biometrics and identity verification in the new year.

The pandemic radically transformed the financial sector by spurring the adoption of new digital technologies. However, it also exposed security weaknesses in the industry and created unprecedented levels of fraud. The end result will be a wave of new legislation and industry regulations aimed at strengthening security, enabling digital processes and better protecting consumer data. By understanding the coming regulatory changes and adopting appropriate policies and technologies, financial institutions can deliver the digital services today’s consumers want while also maintaining compliance and stopping fraud in its tracks. In addition, in 2021 the incoming Biden Administration is expected to restore some of the regulations that were struck down during the Trump Administration as well as strengthening oversight by regulators including the Consumer Financial Protection Board.