In the BFSI (banking, financial services and insurance) industry, choosing a managed file transfer solution is rather simplified as FTP alone is not enough to meet the necessary regulatory and compliance requirements.
Managed file transfer (MFT) software is the sole solution that allows an audit trail at all points of the data transfer process, whether that data is at rest or in transit. Of course, there are other benefits to managed file transfer for BFSI companies.
How do consumer demands drive data security requirements? Is consumer trust necessary in a global market?
Companies involved in banking, finance and insurance must demonstrate that they can handle personally identifiable information (PII) and especially financial transactions in a manner that protects all sensitive data and allows complete traceability across country borders (given the global nature of the financial processing system).
With MFT, security is a given. In the BFSI industry, file sharing is expected, as financial data and other information is shared between participating organizations. For example, if a credit card payment is made, the payer’s bank, payee’s bank and the credit card company are all involved. In fact, in a typical international transfer, there could be several additional banks involved in a wire transfer. It all depends on the workflow of the banks involved. One bank may have a regional HQ or partner bank to process foreign transfers in a specific country, which in turn are sent to the recipient’s local branch. At all points in this journey, the financial data is protected and rightly so, to protect against cybercriminals, who consider the BFSI industry an attractive target.
In BFSI, consumer trust is key to business success and if trust is lost, customers will seek an alternative service provider. A managed file transfer solution provides a full audit trail and in the event of a data breach (which usually involves informing the public) allows the organization to easily prove that they are not responsible for the incident. This level of analysis is not possible with an unmanaged solution. As authorization between sender and recipient is part and parcel of an MFT solution, organizations can confidently state that their process worked as expected.
Regardless of the BFSI segment involved, it is true that in a global market, required compliance can change banking processes. Compliance is not only essential, in many cases it is mandatory. Such compliance forces improvement, especially in smaller organizations that might delay technological improvements until absolutely necessary.
There are regulations for handling PII (data protection), credit card transactions (PCI-DSS) and other financial data. How easy it would be if one bank’s transactions were limited to that bank? Unfortunately, financial transactions span the globe, transferring files across national borders and banks. Each bank’s responsibility lies in compliance with standards and regulations in their own jurisdiction, usually their own country. When transactions become international, each country has regulations governing their BFSI segment and companies in the U.S. need not worry about other regional standards. There is one obvious exception, of course, the EU’s GPDR (General Data Protection Regulation) which protects the rights of EU residents, includes a ‘right to be forgotten’ and fines for companies that fail to notify of a data breach within three days of occurrence. All companies (worldwide) that have a physical presence in the EU or deal with EU residents must comply with GPDR.
Simplifying compliance challenges is possible with managed file transfers as an audit trail and reporting features can immediately verify adherence to regulations and standards.
Banks, financial services providers and insurance companies all need high levels of security as they are habitually attacked by cybercriminals with financial goals. It is universally accepted that in such an environment, FTP is not enough, as it does not allow organizations to definitively prove that data integrity between sender and recipient was maintained. Managed solutions allow this and more.
What else does a bank (or member of the BFSI segment) need from an MFT solution?
A solution that maintains customer trust is obvious but there are other features that an effective MFT solution must contain. These include but are not limited to:
While MFT is the only effective file transfer solution for banking and finance, best practice would indicate that management of FTP processes and workflows needs a designated responsible party from your IT team. This is necessary to ensure that current operational workflows are optimized and are in turn reflected accurately by MFT. Optimization may be achieved by involve removing permissions from lower level employees, for example, by improving response times to service outages or by monitoring file transfer patterns on multiple sites.
In conclusion, all MFT solutions are different and your chosen solution must complement existing workflows and cater for future business goals. Fraud detection is yet another consideration in this environment. Does your organization gather or plan to gather data sets to identify fraudulent activity? Is all sensitive data handled correctly or processed by third parties? Consider all these activities and, using your conclusions, select the ideal MFT package for your organization.
An Irishman based in Hong Kong, Michael O’Dwyer is a business & technology journalist, independent consultant and writer who specializes in writing for enterprise, small business and IT audiences. With 20+ years of experience in everything from IT and electronic component-level failure analysis to process improvement and supply chains (and an in-depth knowledge of Klingon,) Michael is a sought-after writer whose quality sources, deep research and quirky sense of humor ensures he’s welcome in high-profile publications such as The Street and Fortune 100 IT portals.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.