OCC 2013-29 Compliance: Why Secure File Sharing for Banks Needs to Include Partners

OCC 2013-29 compliance requires banks to take responsibility for the security practices of their key partners. Financial institutions can achieve compliance with OCC 2013-29 and other regulations with secure file sharing for banks.

The Weakest Link

According to a recent survey, bank executives were asked if their bank would be vulnerable in the event one of their vendors were to experience a cyberattack or data breach.

Almost half (44%) of all respondents answered “yes.” What’s equally concerning is that 34% said they were unsure their bank would be vulnerable. Only 21% of respondents said they don’t believe their bank would be vulnerable. (Note: these figures do not total one hundred percent due to rounding.)

As banks and other organizations incorporate partners and vendors into their workflows, it increasingly entails providing access to their networks. This requires opening a port for each vendor so that the vendor can access the information they need from outside the firewall. Naturally, the more ports these organizations open, the harder it is for banks to manage, monitor and defend their data. This is the present day challenge with secure file sharing for banks.

Citi and Scottrade Bank are just two examples of high profile data breaches involving banks and their business partners.

OCC 2013-29 Compliance

Data breach prevention isn’t the only reason secure file sharing for banks must be a top priority. In 2013, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29, providing guidance for banks about their responsibility for the security of data entrusted to third parties.

The Bulletin lists several risk management requirements for banks to address, including assessing a third party’s information security program and the potential information security implications of a third party having access to a bank’s systems and its confidential information.

Specifically, a bank must determine whether the third party has sufficient experience in identifying, assessing, and mitigating current and potential threats and vulnerabilities. Banks must also evaluate the third party’s IT infrastructure and application security programs.

Ultimately, if a third party falls short in information security, OCC 2013-29 makes it clear the bank will bear some of the responsibility. Therefore, compliance or, more specifically, avoiding a compliance violation, is an additional driver of secure file sharing for banks.

Achieve OCC 2013-29 Compliance with Secure File Sharing

A secure file sharing solution, such as the Kiteworks secure file sharing and governance platform, provides a single, controlled interface that integrates with on-premise and cloud-based content systems so banks and other financial institutions share files securely with trusted third-parties, improving risk management practices for any work outsourced to a third party.

Secure file sharing for banks is achieved with:

  • a hardened VM appliance that can be deployed in a private or hybrid cloud
  • encryption of content in transit and at rest
  • encryption key ownership
  • ATP and DLP integrations to prevent malicious files from coming in and customer data from leaking out

Banks also achieve the highest levels of file sharing governance with granular policy controls and role-based permissions that ensure sensitive information is only accessible by authorized users.

Protecting customer data and demonstrating compliance with OCC 2013-29 is mandatory for banks and other financial institutions. Secure file sharing for banks and other financial institutions is the critical path to achieving data privacy and regulatory compliance.

Additional Resources

 

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Share
Tweet
Share
Explore Kiteworks