OCC 2013-29 Compliance: Why Secure File Sharing for Banks Needs to Include Partners
OCC 2013-29 compliance requires banks to take responsibility for the security practices of their key partners. This post explains OCC 2013-29 and how financial institutions can achieve compliance with secure file sharing for banks.
The Weakest Link
According to a recent survey, bank executives were asked if their bank would be vulnerable in the event one of their vendors were to experience a cyberattack or data breach.
Almost half (44%) of all respondents answered “yes.” What’s equally concerning is that 34% said they were unsure their bank would be vulnerable. Only 21% of respondents said they don’t believe their bank would be vulnerable. (Note: these figures do not total one hundred percent due to rounding.)
As banks and other organizations incorporate partners and vendors into their workflows, it increasingly entails providing access to their networks. This requires opening a port for each vendor so that the vendor can access the information they need from outside the firewall. Naturally, the more ports these organizations open, the harder it is for banks to manage, monitor and defend their data. This is the present day challenge with secure file sharing for banks.
OCC 2013-29 Compliance
Data breach prevention isn’t the only reason secure file sharing for banks must be a top priority. In 2013, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29, providing guidance for banks about their responsibility for the security of data entrusted to third parties.
The Bulletin lists several risk management requirements for banks to address, including assessing a third party’s information security program and the potential information security implications of a third party having access to a bank’s systems and its confidential information.
Specifically, a bank must determine whether the third party has sufficient experience in identifying, assessing, and mitigating current and potential threats and vulnerabilities. Banks must also evaluate the third party’s IT infrastructure and application security programs.
Ultimately, if a third party falls short in information security, OCC 2013-29 makes it clear the bank will bear some of the responsibility. Therefore, compliance or, more specifically, avoiding a compliance violation, is an additional driver of secure file sharing for banks.
Achieve OCC 2013-29 Compliance with Secure File Sharing
A secure file sharing solution, such as the Accellion secure file sharing and governance platform, provides a single, controlled interface that integrates with on-premise and cloud-based content systems so banks and other financial institutions share files securely with trusted third-parties, improving risk management practices for any work outsourced to a third party.
Secure file sharing for banks is achieved with:
- a hardened VM appliance that can be deployed in a private or hybrid cloud
- encryption of content in transit and at rest
- encryption key ownership
- ATP and DLP integrations to prevent malicious files from coming in and customer data from leaking out
Banks also achieve the highest levels of governance with granular policy controls and role-based permissions that ensure sensitive information is only accessible by authorized users.
Protecting customer data and demonstrating compliance with OCC 2013-29 is mandatory for banks and other financial institutions. Secure file sharing for banks and other financial institutions is the critical path to achieving data privacy and regulatory compliance.