Information Security and Regulation - Financial Sector

Information Security and Regulation - Financial Sector

The goal of information security is to protect an organization's information and assets from loss, leakage, unauthorized access, theft, natural disasters, or other threats so that the information and assets remain useful only to their users.  

 

Information vs. Cyber Security at BDO

At BDO, we offer both information and cyber security services. As part of information security, we can help you secure your information and assets to minimize potential threats. We comply with legislative requirements, in particular ISO standards and the Cybersecurity Act (ZKB).

 

The BDO approach

We will help you build information security in your organization from the ground up, starting with complete preparation and ending with final implementation. If you already have some parts implemented we will perform a complete audit in individual areas e.g. ISMS or compliance with the ZKB. At the same time, we also provide consulting services in sub-parts, such as the design of risk management methodologies, the establishment of security policies or the creation of security documentation.

 

The goal of information security is to protect an organization's information and assets from loss, leakage, unauthorized access, theft, natural disasters, or other threats so that the information and assets remain useful only to their users.  

How we can help you


At BDO, we offer both information and cyber security services. As part of information security, we can help you secure your information and assets to minimize potential threats. We comply with legislative requirements, in particular ISO standards and the Cybersecurity Act (ZKB).

The BDO approach


We will help you build information security in your organization from the ground up, starting with complete preparation and ending with final implementation. If you already have some parts implemented we will perform a complete audit in individual areas e.g. ISMS or compliance with the ZKB. At the same time, we also provide consulting services in sub-parts, such as the design of risk management methodologies, the establishment of security policies or the creation of security documentation.

Information Security and Regulation - Financial Sector

To ensure consistency across the financial system, the Regulation will apply to a number of EU regulated financial institutions, including credit institutions, payment institutions, securities dealers, insurance companies including intermediaries, etc. It will also apply to third party ICT service providers. Under the proposal, this category will include in particular cloud service providers, software, data centres and others. For example, some operators of payment systems with irrevocable settlement will not be included under DORA.

Which subjects are affected by DORA?


The Regulation applies to a number of financial institutions regulated by the EU, including credit institutions, payment institutions, securities dealers, insurance companies, etc. It will also apply to ICT service providers. This category includes, for example, suppliers of cloud services, software, data centres. On the other hand, certain operators of payment and credit card systems are exempted. In particular, micro-enterprises (up to 10 persons, with an annual turnover of less than EUR 2 million) are granted significant relief from some obligations. For example, they are not obliged to establish, maintain and review a so-called comprehensive digital operational resilience testing programme.

The BDO approach


If your organization follows the Dora Directive, we can provide audit work and verify the correct setup of the Dora requirements. If you would like to bring your organization into Dora compliance, we can help you with the complete A to Z implementation process.

Almost everyone comes into contact with the banking sector nowadays. In recent years, we have seen a significant boom in banking applications and the associated increase in payments via smartphones and online banking. Along with this trend, the number of frauds and risks is growing significantly. Therefore, in an effort to strengthen the security of the banking sector, the European Union has come up with the PSD2 directive.  

What is PSD2?


PSD2 is the EU's second directive on payment services. It follows on from the previous poorly defined PSD, which included, for example, different fees in Member States or a lack of standardisation of payment services and security systems. The revised PSD2 has helped to address previous shortcomings and has had a significant impact on the banking sector and third parties. It brought, among other things, the requirement for strong customer authentication or multibanking.

Why do we need PSD2?


PSD2 brings with it many benefits for both banking or financial institutions and third parties. If your organisation is PSD2 compliant, you can bring greater convenience to your clients, but especially security, which is almost crucial for clients these days, especially in the banking and financial sector.

The BDO approach


If your organisation is PSD2 compliant, we can provide audit work and verify the correct setup of PSD2 requirements. If you would like to bring your organisation into PSD2 compliance, we can help you with the full A to Z implementation process

SWIFT (Society for Worldwide Interbank Financial Telecommunication) is an independent society for worldwide interbank financial telecommunication. SWIFT was founded by major European and North American banks in 1973 to facilitate and execute financial transactions in international payments.Currently, up to 11,000 banks and financial companies from 200 countries use these services. It is the SWIFTNet telecommunications network that handles these transactions.

SWIFT enables the transfer of funds between banks and financial institutions through the exchange of standardised financial messages in a secure and reliable manner. SWIFT operates a messaging network that exchanges standardised financial transactions and messages between financial institutions, facilitating cross-border payments, trade finance and treasury operations. 

Why you need Swift?


All member companies wishing to use the SWIFT architecture are required to perform health checks against current cyber threats. Mandatory security checks create a security foundation for the entire community. SWIFT has chosen to prioritize these mandatory controls to set a realistic goal for short-term, tangible security gains and risk reduction.

The BDO approach


BDO helps companies to ensure compliance with these controls, either from the outset or to revise or consult on existing arrangements in place. The first step is to study the documentation, processes and procedures in place, followed by the actual verification against the SWIFT framework. Our output is a report that includes compliance parts according to the SWIFT architecture.

Main contacts