Important Regulatory Updates Influencing Your Training and Policy Management
2023 was extremely eventful in the financial services industry, and things are not expected to slow down throughout 2024. Several major regulatory issues are changing that will affect current training programs. As financial service leaders, it is important to remain informed and update all training programs and policies to ensure standards are met.
Here are three of the most significant regulations/trends to pay attention to throughout the year, ranging from recent actionable documents to proposed regulations.
NIST Cybersecurity Framework (CSF) 2.O
The National Institute of Technology (NIST) created the Cybersecurity Framework (CSF) 1.0 in February 2013 as a voluntary framework to provide organizations with guidance on preventing, detecting, and responding to cyberattacks to comply with Executive Order 13636. Initially, the framework was designed to help organizations identify, assess, and manage cyber risk cost-effectively. The framework was always intended to be a living document that evolves. In August 2023, NIST published the draft for a more significant update and requested that comments be submitted by November 2023. They received numerous comments from the global community.
On February 26, 2024, NIST published the final version of its Cybersecurity Framework 2.0.
The updated framework continues to guide industry, government agencies, and other organizations that manage cybersecurity risks. The CSF doesn’t dictate how increased cybersecurity should be achieved. Instead, it offers numerous resources that can support security efforts and be utilized as a guide for updating training programs.
More Requirements for Large Banks
During the spring of 2023, the industry experienced the collapse of four banks, causing a ripple effect worldwide. Regulators ' swift adjustments in monetary policy helped mitigate the impact and stabilize consumer confidence in the banking system. The repercussions of these bank failures underscored their importance to the stability of the U.S. banking system. In response, regulators suggest heightened capital and stress testing requirements, more robust corporate resolution plans, and increased long-term debt requirements for large banks with assets exceeding $100 million. Proposals and final rules are anticipated within the next 12-18 months. For banks that will be impacted, it is crucial to prioritize education and update policies to reflect the changes and ensure standards are being met.
Credit Card Competition Act
A decision on the Credit Card Competition Act was expected late last year, but voting continues to be pushed. The bill aims to increase competition with Visa and Mastercard within the industry. The issue will likely become a priority with Capital One’s deal to buy Discover.
The ultimate goals of the Act are to foster more choices for network providers, thus increasing competition for merchant business and effectively decreasing credit card and interchange fees, which would benefit consumers. Banks would be required to offer a second option for processing a credit transaction so merchants could decide to use the lower-priced network and lower out-of-pocket costs. There appear to be a few issues that need to be ironed out, but the Act seems to be heading toward a final rule within the next few months.
The financial industry constantly changes and requires evolving recommendations and rules to help regulate this multifaceted ecosystem. As financial service leaders who oversee the execution of services for banking customers, it is important to stay informed and prioritize the education of employees so they can be confident in their work and recommendations.
About Author:
Christopher Boersma, CRCM, CAMS, CISA, is a product manager at BAI, a nonprofit independent organization that delivers the financial services industry’s most actionable insights. For more information, visit www.bai.org.