OCC 2013-29 Compliance: Why Secure File Sharing for Banks Needs to Include Partners

OCC 2013-29 compliance for banks

OCC 2013-29 compliance requires banks to take responsibility for the security practices of their key partners. This post explains OCC 2013-29 and how financial institutions can achieve compliance with secure file sharing for banks.

Secure File Sharing for Banks: The Weakest Link

According to a recent survey, bank executives were asked if their bank would be vulnerable in the event one of their vendors were to experience a cyberattack or data breach.

Almost half (44%) of all respondents answered “yes.” What’s equally concerning is that 34% said they were unsure their bank would be vulnerable. Only 21% of respondents said they don’t believe their bank would be vulnerable. (Note: these figures do not total one hundred percent due to rounding.)

As banks and other organizations incorporate partners and vendors into their workflows, it increasingly entails providing access to their networks. This requires opening a port for each vendor so that the vendor can access the information they need from outside the firewall. Naturally, the more ports these organizations open, the harder it is for banks to manage, monitor and defend their data. This is the present day challenge with secure file sharing for banks.

Citi and Scottrade Bank are just two examples of high profile data breaches involving banks and their business partners.

Secure File Sharing for Banks: OCC 2013-29 Compliance

Data breach prevention isn’t the only reason secure file sharing for banks must be a top priority. In 2013, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29, providing guidance for banks about their responsibility for the security of data entrusted to third parties.

The Bulletin lists several risk management requirements for banks to address, including assessing a third party’s information security program and the potential information security implications of a third party having access to a bank’s systems and its confidential information.

Specifically, a bank must determine whether the third party has sufficient experience in identifying, assessing, and mitigating current and potential threats and vulnerabilities. Banks must also evaluate the third party’s IT infrastructure and application security programs.

Ultimately, if a third party falls short in information security, OCC 2013-29 makes it clear the bank will bear some of the responsibility. Therefore, compliance or, more specifically, avoiding a compliance violation, is an additional driver of secure file sharing for banks.

Secure File Sharing for Banks: Achieve OCC 2013-29 Compliance with the Accellion Platform

The Accellion secure file sharing and governance platform provides a single, controlled interface that integrates with on-premise and cloud-based content systems so banks and other financial institutions share files securely with trusted third-parties, improving risk management practices for any work outsourced to a third party.

The Accellion platform delivers secure file sharing for banks with:

  • a hardened VM appliance that can be deployed in a private or hybrid cloud
  • encryption of content in transit and at rest
  • encryption key ownership
  • DLP integration

Banks also achieve the highest levels of governance with granular policy controls and role-based permissions that ensure sensitive information is only accessible by authorized users.

To learn more about Accellion and secure file sharing for banks, including compliance with OCC 2013-29, please visit our financial services solutions page.

Keep Reading about Secure File Sharing

DLP Integration and its Role in Secure File Sharing

DLP Integration and its Role in Secure File Sharing

by Bob Ertl
Data Loss or Data Leak Prevention, more commonly known as DLP, has been around a long time and it doesn’t take a computer scientist to understand why. Integrating DLP into your security infrastructure ensures all...