web analytics

New Section 1033 Push Banks to Provide Customers with “Financial SIM Card” – Source: www.databreachtoday.com

new-section-1033-push-banks-to-provide-customers-with-“financial-sim-card”-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author:

Finance & Banking , Industry Specific

Authored by: Matt Kunkel, CEO, LogicGate Matt KunkelNovember 25, 2024    

New Section 1033 Push Banks to Provide Customers with “Financial SIM Card”

Not so long ago, swapping out your mobile device was a huge inconvenience. Did you lose your phone? Upgrade to a new model? Have fun spending hours manually re-entering the contact information for everyone you know. Naturally, consumers hated it. It was inconvenient, it was impractical, and it created significant friction in the mobile phone market. Sending a dozen “Sorry, new phone, who is this?” texts a day is nobody’s idea of a good time, after all. And it was a problem for mobile providers, too: if the transfer process is frustrating and cumbersome, consumers are less likely to spend money on new devices.

Thankfully, the advent of SIM cards changed all that. Want to change phones today? No problem. Just pop out your SIM card, slot it into your new device, and viola: your phone number is instantly transferred, and your contacts are automatically populated. Depending on the phone, some of your text messages might even transfer, too. It’s an added convenience—one that ensures you don’t need to leave your entire history behind when you change devices.

The Consumer Financial Protection Bureau (CFPB) recently finalized a set of rules that would bring a similar level of convenience to the financial world. These changes to Section 1033 of the Dodd-Frank Act make it significantly easier for customers to retain access to their financial history no matter which bank they transact with. For banks, that means it’s critical to ensure that the right data is being collected, and that it can be easily integrated with external systems.

Explaining the New Section 1033 Rules

Access to (and protection of) personal data has become a significant point of focus for regulators across the globe over the past several years, with major data privacy legislation like the EU’s GDPR and California’s CPRA establishing clear data collection and storage guidelines for businesses. Section 1033 deals with how customers access and share their financial data. Essentially, Section 1033 mandates that financial institutions need to make certain financial information reasonably available to customers and their representatives. That includes balance numbers, transaction history, and other important information. Section 1033 isn’t focused on privacy like GDPR or CPRA, but it’s clear that regulators are working to improve customers’ access to their own data.

SIM cards are a helpful metaphor, but it’s important to note that these new Section 1033 rules don’t involve a physical device customers will need to carry around. That said, it’s still a useful point of comparison. Like SIM cards, these new rules establish a set of standardized information-sharing practices that will be made available to customers securely and without additional charges. That means customers can access and share their own data through third-party financial applications, and it also means that when customers change banks or credit unions, they can take their data with them. No more calling around to old banks for transaction data—that information now comes along for the ride.

Will this have a major impact in practical terms? Well—maybe. Most banks have been trying to reduce friction for years (especially with the rise of mobile banking, investment apps, cryptocurrency exchanges, and other decentralized banking practices). The truth is, any bank that refuses to integrate with third-party applications or make customer data accessible is already at a significant competitive disadvantage in today’s market. These rules are still probably a net positive for consumers, but customers already expect banks to provide conveniences like this. In legal terms, rules like this are important. In practical terms, most consumers are unlikely to notice an impact.

Approaching Section 1033 from a Compliance Perspective

The CFPB’s jurisdiction only covers banks with revenue of $10 billion or greater, which means Section 1033 only applies to those banks—for now. But these rules have a way of expanding, and while the CFPB’s power may be somewhat curtailed under the incoming Trump administration, the rule will likely be extended to smaller banks in the future. And, again, it’s worth remembering that banks that fail to provide their customers with quality-of-life improvements like these are putting themselves at a disadvantage. In short, it’s probably a good idea to comply with Section 1033, even if it doesn’t technically apply to you. In particular, regional banks looking to make headway against larger competitors should seriously consider what they need to do to become compliant.

Not every bank has a common customer record, so it’s important for banks to start by ensuring they collect the common data elements specified within Section 1033. Most banks now use a customer information file (CIF) system, which is helping to enforce some level of standardization, but banks also tend to have a sprawling digital ecosystem with a wide range of systems, tools, and platforms that need to work together seamlessly. Banks need to ensure that their integration platform is capable of consuming the necessary information from those systems and packaging it in an easily shareable manner. That can be a time-consuming process, depending on how the bank integrates or layers tools and applications – and while it likely won’t be a problem for large banks, most of which tend to have fairly mature systems, smaller regional banks may need to upgrade their integration systems or make other significant changes.

The new Section 1033 rules should prompt financial institutions to further mature their approach to governance, risk, and compliance (GRC). Having a strong GRC foundation in place doesn’t just ensure banks can comply with new data regulations—it puts them in a position to be more agile in the future, as well. These new regulations come at a unique time, with AI solutions and integrated platforms adding to the already substantial list of systems and applications that banks need to manage, govern, and secure. These developments will need to be factored into the regulatory landscape at some point, and banks that already have a strong data governance program with standardized classification and categorization practices will be significantly more prepared to make the necessary adjustments. Complying with Section 1033 is important, but so is keeping one eye on the future.

Building a Long-Term Compliance Plan

As the CFPB continues to implement new rules, financial institutions should be mindful of the need to establish a solid GRC baseline. While rules like those in Section 1033 currently apply only to large banks, recent changes to Section 1071 impacting small business lending indicate that it is likely just a matter of time before these regulations are expanded to include banks of all sizes. Right now, banks can protect themselves by establishing comprehensive data collection and storage procedures, determining clear risk benchmarks, and communicating updates to their partners and customers in a thorough and timely manner. As data regulations become more stringent across the financial industry, it’s critical for banks to have a plan for long-term compliance success.

Original Post url: https://www.databreachtoday.com/blogs/new-section-1033-push-banks-to-provide-customers-financial-sim-card-p-3767

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Marcos Jaimovich
Nuevo Firewall para IA , un Cacharro nuevo para nuestro SOC y los equipos de Ciberseguridad !
Nuevo Firewall para IA ,...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos