Finance & Banking , Governance & Risk Management , Industry Specific

New Privacy Risks for FIs in Age of Emerging Tech

Security Experts Share Strategies for Navigating Privacy Rules
Patrick Keating, CISO, Sterling Bank & Trust and a CyberEdBoard member, and David Anderson, vice president, cybersecurity, Woodruff Sawyer

Maintaining regulatory reporting requirements and implementing new AI technology are creating new challenges for U.S. financial institutions. Patrick Keating of Sterling Bank & Trust and David Anderson of Woodruff Sawyer discuss complexities banks of meeting privacy requirements in this evolving landscape. For example, data that the bank captures in the loan application and underwriting process must also comply with privacy requirements across up to 50 states.

See Also: Healthcare in The Cloud: Detecting and Overcoming Threats to Ensure Continuity & Compliance

"Banks are using session tracking to monitor applicants, for example, how many times someone changes their income in the little box that says, how much do you earn a year? Or they'll monitor how many times you go into a certain application and come out of it to try to come up with some sort of risk score," said Anderson, vice president of cyber at insurance brokerage and consulting firm Woodruff Sawyer.

"But we are seeing private action or lawsuits being brought by third parties against all types of entities for tracking how long they stayed on a website, what they inputted into a website, any sort of video they watched."

While banks have been following regulatory requirements to protect customers from fraud for years, "today we not only have to monitor transactions but we have to also monitor the privacy requirements overall and ensure that they are being accomplished," said Keating, CISO at Sterling Bank. "But we want to ensure that it is done in a way that protects the bank and protects the consumers."

In this video interview with Information Security Media Group, the Keating and Anderson discussed:

  • How banks can balance rigorous transaction monitoring and stringent privacy requirements;
  • The challenges of integrating new privacy regulations with existing legacy systems;
  • Strategies to help smaller banks navigate the complex landscape of state privacy laws.

Anderson, who leads cybersecurity at Woodruff Sawyer based in New York, has spent more than 11 years focused on complex cyber, privacy, technology and professional liability issues.

Keating is an information security executive working in the field for nearly 20 years. He has driven cybersecurity strategy for several organizations across different industries, including finance, insurance and transportation. He is also a CyberEdBoard member.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.