Financial services organizations operate under a host of regulatory standards. This makes sense, as the assets and information managed by these firms are valuable, sensitive, and targeted by sophisticated cyber attackers daily.
Compounding these challenges is the large volume of personally identifiable information (PII) that financial organizations handle regularly. PII is subject to many compliance regulations, notably the General Data Protection Regulation (GDPR), which regulates not only the processing of personal data, including PII, relating to individuals in the EU, for also any organization that processes personal data of EU residents.
For US banking consumers, Section 5 (Unfair or Deceptive Acts or Practices) of the Federal Trade Commission Act and numerous state regulations enforce basic consumer protections, which financial organizations must also uphold.