The Top 10 Regulatory Issues of '09

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Red flags, vendor management, business continuity and disaster recovery. If banking/security leaders thought that 2008 was a challenging year for keeping up with regulatory mandates, the old rock and roll song's lyrics say it best: "You ain't seen nothing yet."

The state of the economy, failure of high-profile financial institutions and the dawn of a new Presidential administration all are signs that new regulations are coming. The only questions are "what?" and "when?"

"We're in a strange place right now, based on what just happened with the economy and the financial services industry," says George Tubin, analyst at TowerGroup, the Boston-based financial services research firm. "Something is going to happen. But the big question mark here is what will happen and how far will regulators go to change things?"

Data breach notification legislation, increased scrutiny of identity theft prevention measures and the possible overhaul of the federal banking regulatory structure are just a few of the items up for discussion on the short list as President-elect Barack Obama is sworn in on January 20, 2009. Obama has made fixing our economy his highest priority as he enters office.

"Beyond propping up the economy his administration will also be aggressively looking for ways to develop safeguards to make sure that what's happening now can't easily happen again," says David Schneier, director of professional services at Icons Inc, an information security services firm in Princeton, NJ. "That will translate into new laws, new controls, additional testing and related reporting."

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Based on expert insight, the following 10 regulatory issues are among the top concerns for financial institutions as 2009 approaches.

1. Future of Regulatory Agencies

The primary regulatory issue is: What becomes of the regulatory agencies themselves?

Anytime a new executive enters the White House, one expects change. But this is no ordinary year. We are officially in a world-wide recession. Banks have failed, been acquired, and brokerage houses have become reborn as depository institutions. According to the industry experts, the change that may be coming could be drastic, if not swift, when it comes to the regulations and structure of the federal agencies that oversee financial institutions.

This topic first arose last spring, with the announcement by Treasury of its blueprint for a restructuring of the federal banking agencies. Further, there has been recent discussion of perhaps merging regulatory agencies, or even creating one uber agency to oversee banking institutions.

"The regulators realize there is a lot of overlap and some revamping is needed. Internally, there will be change there, and regulators know it," says TowerGroup's Tubin. "Right now, everybody is trying to figure out what's going to happen. Regulators and banks alike don't want to do anything right now, in case it is not needed or becomes redundant."

2. ID Red Flags Rule
Next up is the continuing focus on the Identity Theft Red Flags Rule. Even though state-chartered credit unions and other businesses overseen by the Federal Trade Commission got an extension on enforcement until May 1, all other banks and credit unions overseen by federal banking regulators are now open to be examined for compliance with the new rule.

"Depending upon the surveys or research you look at, the cases of identity theft and identity fraud continue to increase," says Rebecca Herold, a privacy and information security expert. With the recent compliance date now past, regulators will look to ensure banks and other financials have implemented proper controls. "Training and ongoing awareness communications will be especially scrutinized, but a significant portion of organizations are weak in this area and will likely feel the impact from noncompliance sanctions," says Herold.

While the ID Theft Red Flags Rule may be the "new kid on the block" when compared to other older regulations, Schneier says not to discount its weight. "My very educated guess is that this is likely to become a growing issue as the year unfolds for many institutions who just haven't quite managed to wrap themselves around what they're supposed to be doing."

3. GLBA Requirements
With online transactions in the US nearing $130 billion for 2007, the need to properly implement the top security regulations continues to be a challenge for the banking community in 2009. "With the downturn in the economy, it has become even more attractive for cybercriminals to steal data for financial gain," says Yuval Ben-Itzhak, CTO of Finjan.