No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

How Regulatory Changes Will Affect Financial Services in 2020: 3 Predictions

by Michael Magrath
February 10, 2020
in Featured, Financial Services
illustration of man standing at opening of giant maze

What’s next for corporate compliance officers as they navigate balancing regulatory changes, technological advancement, digital fraud and higher customer experience expectations? OneSpan’s Michael Magrath shares his top corporate compliance predictions for the financial services industry in 2020.

The regulatory landscape is always changing. In perhaps no industry is that more evident than in financial services. Every new year brings a new set of regulations, challenges and changes.

In 2019 we saw the first examples of organizations receiving large fines for data privacy and security breaches under the European Union’s General Data Protection Regulation (GDPR). Last year also brought the concept of open banking to Europe, with the Payment Services Directive (PSD2) taking effect.

With these regulatory changes, coupled with the rapid pace of technological advancement happening in the industry, the growing challenge of fighting fraud in digital channels and ever-higher customer experience expectations, it becomes clear that financial institutions have their work cut out for them.

Organizations are continually being challenged with keeping up, and corporate compliance officers are left asking “What’s next?” With that in mind, I’d like to share three of my top corporate compliance predictions for the financial services industry in 2020:

1. The CCPA will spark a federal consumer privacy policy and data protection law in the U.S.

The CCPA took effect January 1 and has caught the attention of policymakers in the other 49 states and the U.S. Congress; as a result, it has been the catalyst for additional data privacy and security bills at the state level. For example, Washington State reintroduced its Washington Privacy Act on January 13. If signed into law, it would go into effect July 31, 2021. Additionally, New Hampshire and Illinois introduced their own consumer privacy bills in January. It’s only a matter of time before additional states follow in the footsteps of California and pass their own consumer privacy policy and data protection laws.

As one can imagine, however, if one-off, state-level bills continue to be introduced, having 50 state consumer privacy laws on the books will create a compliance nightmare for financial services organizations of all sizes. There needs to be a comprehensive consumer privacy and data protection law at the federal level in the U.S. to address the compliance issues. The legislation should also incorporate minimum security requirements for organizations to deploy to protect consumer data.

There have already been several data privacy-related bills introduced in Congress including the “Consumer Online Privacy Rights Act,” introduced in November 2019. It would be surprising if the Act becomes federal law in 2020, but it should generate some interesting debates, and lawmakers can expect pressure from the business community, especially after the CCPA’s enforcement begins in July.

2. Continued moves toward open banking in the U.S. will also spur new regulatory requirements for stronger security.

As it stands now, Open Banking is “on hold” in the U.S. due to an October 2019 federal court ruling in favor of the New York State Department of Financial Services (NYDFS) against the U.S. Office of the Comptroller of the Currency (OCC).

In 2018, the OCC announced that fintech providers could apply for special banking charters, which caught the ire of the banking industry concerned with an unequal regulatory playing field. Under the proposed charter, licensed fintech providers would have been able to perform certain banking activities, such as issuing loans. However, the judge ruled that the OCC may not accept applications for its “fintech bank charter.”

Still, there is a strong push by interested parties in the U.S. to move toward open banking, much like we’ve seen in Europe.

On December 19, 2019, the OCC filed an appeal in the 2nd Circuit Court of Appeals. Should the OCC appeal and win, open banking may yet be realized in the U.S., and fintech companies will quickly move in to provide banking services, much to the dismay of traditional financial institutions. If that happens, the U.S. Department of Treasury should follow the lead of the European Banking Authority to define regulatory technical standards and require strong customer authentication.

Security and trust are paramount for the financial system and a steadfast requirement for maintaining consumer confidence. In order to uphold confidence, regulatory requirements will need to include multi-factor authentication and dynamic linking, which counters man-in-the-middle attacks, to prevent alteration of a transaction after the payer authenticated the transaction-to-transaction risk analysis.

3. FTC changes will drive banks to adopt stronger identity verification, authentication and transaction risk analysis technologies.

In 2011, the Federal Trade Commission (FTC) began enforcing its Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Red Flags Rule. The Red Flags Rule requires that financial institutions take appropriate measures to “detect, prevent and mitigate” signs of identity theft affecting their customers. This year, the FTC is expected to recommend some potential changes which still remain to be seen, but I predict that these changes will include requirements for strong identity verification, authentication and transaction risk analysis.

With so many large-scale breaches spanning multiple vertical markets, millions of consumers have been victimized in one or more of them, leaving their personally identifiable information (PII) exposed and for sale on the dark web. In February 2019, state attorneys general from 31 states signed a letter to the FTC noting that “with information gleaned from data breaches or publicly available on social media sites, identity thieves can be better than consumers at answering knowledge-based authentication questions, because they have the data in front of them, whereas consumers need to try to recollect events that happened years prior. Thus, even if a person can provide some authenticating information, identity thieves may not be sufficiently screened from opening or accessing an account.” The letter calls for financial institutions to adopt more modern forms of authentication, such as multi-factor authentication.

Separately, in March 2019, the FTC issued proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act that require financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. Under the Safeguards Rule, financial institutions (FIs) must have measures in place to keep customer information secure and take steps to ensure that their affiliates and service providers safeguard customer information in their care. The Privacy Rule requires an FI to inform customers about its information-sharing practices and allow customers to opt out of having their information shared with certain third parties.

The proposed changes to the Safeguards Rule and the Privacy Rule generally would require all financial institutions to encrypt all customer data, to implement access controls to prevent unauthorized users from accessing customer information and to use multi-factor authentication to access customer data. As the proposed rules are modelled after New York’s Department of Financial Services (NYDFS) Cybersecurity Regulations, however, the reality is that not every financial institution in the U.S. would be subject to the regulations. But every financial institution in the U.S. is governed by the FTC, meaning that the FTC’s proposed regulations and changes to the Identity Theft Red Flags Rule will eliminate, by my prediction, any and all gaps.

Additionally, the Financial Action Task Force is working to publish its Guidance on Digital Identity this year, which will further drive banks to adopt stronger identity verification and authentication. The guidance explains how digital identity systems can be used for customer due diligence (CDD), a key component that nations around the world require to combat anti-money laundering and counter-terrorist financing. The guidance also includes electronic document verification to ensure that the document is valid and also promotes the use of two-factor authentication.

2020: The Year of Change

The regulatory landscape is always evolving, particularly in heavily regulated industries like financial services. While federal legislation likely won’t be implemented this year, we will see more legislation on states, which will ultimately bring us closer to a federal consumer data privacy law.

Fortunately, the regulatory changes that I believe we’ll see happen in 2020 will benefit us all by encouraging financial institutions to strengthen data security and privacy and adopt stronger, more secure methods for identity verification, authentication and risk analysis. These changes will ultimately help protect consumers and the financial institutions themselves from unwanted fraud and data breaches.


Tags: BankingCalifornia Consumer Privacy Act (CCPA)FinTech
Previous Post

Any Risk is a Business Risk

Next Post

The Elements of Good Judgment for a Compliance Professional

Michael Magrath

Michael Magrath

Michael Magrath is vice president of global standards and regulations at OneSpan and is responsible for aligning OneSpan’s solution roadmap with standards and regulatory requirements globally. He is co-chair of the FIDO Alliance’s government deployment working group and is on the board of directors of the Electronic Signature and Records Association (ESRA). He also served as a member of the board of directors for the Identity Ecosystem Steering Group’s (IDESG) and was chair of the Health Information Management Systems Society (HIMSS) identity management task force. Prior to OneSpan, he served as director for identity solutions for DrFirst, a leading U.S. health IT solution provider and focused on streamlining and securing the identity management process for healthcare providers nationwide and increasing the adoption of electronically prescribing controlled substances (EPCS).

Related Posts

cfpb building sign

What Does Weakened CFPB Mean for FinServ Compliance?

by Carrie Pallardy
April 30, 2025

Federal deregulation doesn't mean compliance professionals can relax. CCI contributing writer Carrie Pallardy investigates the implications of a weakened Consumer...

federal trade commission building

[Q&A] Big Tech & Free Speech Under the Microscope: FTC’s New Direction

by FTI Consulting
April 28, 2025

What compliance teams need to know about the changing approach to consumer protection and data privacy

data governance concept

The US Still Lacks Its Own GDPR, But That Doesn’t Mean Data Privacy Enforcement Isn’t Happening

by Brian McGinnis and Maddie San Jose
April 16, 2025

Despite the absence of comprehensive federal privacy legislation, American businesses face mounting regulatory pressure from multiple directions. Brian McGinnis and...

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

Next Post
hands making a thumbs-up in the air

The Elements of Good Judgment for a Compliance Professional

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights