Almost every country has special regulatory acts covering companies within the financial sector of the economy. The companies that operate in the national markets must comply with the requirements of local regulations. Large companies operating in international markets must deal with several sets of regulations. Here are just a few:

• Basel II (Basel Capital Accord) (ЕС). According to section 644 of Basel II, operational risks are defined as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.”

• SOX (Sarbanes-Oxley) (USA). This law determines the requirements for paperwork and financial reporting, establishes the personal responsibility of companies’ financial and general directors, and introduces a procedure for regular independent audit. One of its main goals is the protection of investors’ interests and prevention of corporate fraud. The act regulates the activities of companies represented on the US stock market, most other countries have the similar laws: Financial Security Law of France ”Loi sur la Securite Financiere”) in France, L262/2005 (“Disposizioni per la tutela del risparmio e la disciplina dei mercati finanziari” in Italy and etc.

Payment Card Industry Data Security Standard (PCI DSS) . This standard includes the requirements for information protection developed and enacted in January 2005 by the Visa and MasterCard international payment systems. The participants of the payment systems which developed this standard who fail to comply with the security requirements may be liable to pay fines of up to 100,000 USD per month of failure to comply with the PCI DSS requirements.

At the same time, there are laws that control the use of personal data and deeply influence the activities of the financial companies along with these special regulatory acts. Along with insurance and healthcare companies, financial companies, banks in particular, accumulate and use a lot of personal data every day. According to the table below, the given regulatory acts are mainly intended to prevent unauthorized distribution of personal data.

Regulation	Requirements
Data Protection Directive (EU)	Article 17 Section VIII Item 2: “Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”.
Data Protection Act (Great Britain)	Schedule 1, Part 1, Principle 7: Each company must take “appropriate technical and organizational measures … against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”. Schedule 1, Part 2, Principle 9: Each company must implement appropriate technical measures to prevent Customers’ losses which may arise out of the unauthorized or unlawful processing of, loss or destruction of, or damage to, personal data. Moreover, each company must take reasonable steps to ensure the reliability of any employees of his who have access to the personal data.

Why does a financial company have to protect personal data aside from the requirements of the laws that must be followed to avoid prosecution for non-compliance?

Individuals are uneasy about revealing and sharing their personal information. Consequently, the protection of personal data will give the company competitive advantages in customers’ eyes. The personal data of the customers and employees can be used by competitors for unfair competition or by criminals for fraudulent actions.

Finally, when a leak of personal data comes to light, it may damage company’s reputation.

Hereafter you can find types of confidential data typical for the financial sector:

• Bank account information
• Account transaction data
• Other data considered secret by bank
• Credit card information
• Sensitive marketing information

Besides the above listed types of sector-specific information that banks have to protect there is also a list of general documents that can be classified as ‘confidential’:

• List of shareholders
• Shareholders’ personal data
• Financial and accounting information
• Strategic development documents
• Business development forecasts
• Market analytics, including those procured
• Internal documents of competition analysis
• Internal rules of client inquiry processing
• Reports and minutes of meetings and councils
• Internal orders, instructions, and directions
• Human resources records management
• Employees’ personal data
• Lists of internal phone numbers and e-mail addresses of personnel
• Personnel job descriptions for certain departments
• Descriptions of personnel motivational schemes
• Supplier agreements
• Client database information
• Agreement/contract & report templates (for law firms and audit companies)
• Project data (schemes, diagrams, calculations, road maps, etc.)
• Project realization reports
• Quality control reports
• Internal business process reports
• Flow charts and communications layouts
• Informational system architecture

In this list you see the most typical types of confidential information, the compromising or theft of which could turn into direct or indirect losses for a company. In order to protect an organization from these types of risks, the leading banks implement complex information protection systems against internal threats. (See Solutions.) In order to gain a clearer understanding of how our solutions can protect information in your financial institution, please contact us by phone or by e-mail, as listed here .