Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on February 26, 2020

Corporate Compliance Insights for the Financial Services Industry in 2020

By Michael Magrath, Director, Global Standards & Regulations at OneSpan 

How Will Regulatory Changes Affect Business in the New Year?

Regulations are always changing and adapting to their market landscape, especially in the financial services industry.

Last year saw the first repercussions for breaching the European Union’s General Data Privacy Regulation (GDPR), as well as the introduction of the second Payment Services Directive (PSD2) and Open Banking.

These new regulations, combined with rapid technological advances, and the constant pressure to fight fraud without compromising customer experience, means financial institutions have their work cut out. must keep pace with these demands while compliance officers are continuing to ask, “what’s next?”

With that in mind, here are some corporate compliance predictions for the financial services industry in 2020:

The California Consumer Privacy Act will trigger a federal consumer privacy policy and data protection law in the U.S.

Michael Magrath

Michael Magrath

The CCPA has been the catalyst for numerous other data privacy and security laws at a state level, such as the Consumer Online Privacy Rights Act which was introduced into Congress in November 2019.

In 2020 we’re likely to see other stats follow California and pass their own consumer privacy policy and data protection laws. Several states have introduced consumer privacy legislation including New York, Washington, and New Hampshire to name a few. For example, Washington State re-introduced is Washington Privacy Act earlier this year, which, if signed into law, would go into effect July 31, 2021.

As written, the New York Privacy Bill (Senate Bill S5642) would “require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared; creates a special account to fund a new office of privacy and data protection.”  The CCPA limits its reach to companies doing business in California or applies to businesses that have gross annual revenues of at least $25 million or handle the personal information of 50,000 or more consumers. The New York Privacy Bill would apply to all companies operating in New York State, regardless of size.

One of the provisions contained in the bill is the “private right of action”.  This provision grants individual consumers the right to sue companies over violations of the proposed law. The state’s Attorney General Office could also bring litigation under the law.  Opponents of the bill raise real world concerns that the private right of action could lead to frivolous lawsuits that could bankrupt many small businesses.

Washington State introduced the Washington Privacy Act in 2019.  Although the GDPR-like bill died during the 2019 legislative calendar, it was re-introduced in January 2020.

New Hampshire’s bill, “relative to the collection of personal information by businesses” (HB 1680) is closely aligned with the CCPA and if passed would take effect January 1, 2021, with enforcement beginning as early as July 1, 2021.

However, 50 separate consumer privacy laws will create compliance chaos for organisations of all sizes, so there needs to be a comprehensive consumer privacy and data protection law at the federal level in the U.S. to address compliance issues. This legislation should also incorporate minimum security requirements for organisations to deploy to protect consumer data.

While it would be surprising if the Consumer Online Privacy Rights Act becomes federal law in 2020, this year will see U.S. lawmakers finally make progress in creating federal legislation protecting data privacy and security for consumers.

The Consumer Online Privacy Rights Act (COPRA) was introduced in the Senate in December 2019.  Like GDPR and the California Consumer Privacy Act (CCPA) COPRA would require companies furnish individuals data that has been stored upon request.  People could also have the opportunity to correct inaccuracies about the data or many cases delete it upon request.  In addition, COPRA includes biometrics including facial recognition data and geolocation data as sensitive information.

In November 2019, the Online Privacy Act of 2019 was introduced in the U.S. House of Representatives.  The bill resembles the Senate bill and adds for the creation of the U.S. Digital Privacy Agency (DPA) – an independent federal agency that would enforce privacy protections and investigate abuses.   If enacted, the bill also includes penalties and enforcement details and would empower state attorneys general to enforce violations and would permit private class action lawsuits against organizations.

Australian Data Privacy Regulations

The Consumer Data Right (CDR) was planned in late 2017 with a goal to provide Australians with greater access to and control over their own data.  By controlling their data, individuals could determine and share their data would any organization they wish to.  This applies to consumers as well as businesses.

The initial benefactor of the CDR are banking customers as the CDR has served as the foundation for open banking in Australia.   The CDR will initially apply to Australia’s “Big 4” banks (ANZ, Commonwealth Bank, NAB and Westpac) and in the first phase the banks are mandated to share “product reference data” with “accredited data recipients”.   The data shared would include fees, charges, interest rates, credit card and mortgage product eligibility criteria.  The Big 4 complied well ahead of schedule during the summer of 2019.  The following phase would include the sharing of transactional data for debit and credits, savings and checking accounts and the last phase would encompass mortgages and personal loans.

The deadline has been pushed out due to security concerns. Australia’s policymakers and regulators are well aware that that security is of the utmost.  Yet it is odd that open banking does not include the Strong Customer Authentication requirements that Europe has mandated for PSD2.  It’s imperative to use strong customer authentication regardless if that includes biometrics like facial recognition, behavioural biometrics or fingerprints, one-time passwords generated securely through a mobile app or hardware device or security keys based on public key cryptography such as those certified by the FIDO Alliance.

The regulatory landscape is constantly evolving, especially in highly regulated industries such as the financial services industry. Its likely that legislation at federal level won’t be implemented this coming year, we will see legislation introduced at a state level that will drive federal laws on consumer data privacy.

What we will see, are financial institutions working to improve data security and privacy, by adopting better tools for authentication, identity verification and risk analysis that will ultimately help prevent data breaches and fraud.

Recommended for you

  • German business associations pessimistic about 2025, IW says

  • China’s Nov industrial profits narrow decline but 2024 likely worst year in decades

  • South Korea Dec exports seen up for 15th month in row, but momentum slowing – Reuters poll