Courtesy of a rapid acceleration in Personally Identifiable Information (PII) regulations, banks are cracking down on their legal partners. The ensuing chaos has foreclosure and bankruptcy firms around the country scrambling to bring their IT up to snuff in order to prevent losing valuable relationships with the banks that send them business. Our clients are feeling this pain too.
Here are just 10 regulations we’ve seen from various bank lenders that could cost you big:
- If you’re running free-ware antivirus, kiss just about any lender goodbye; if you’re paying for anti-virus it needs to be up to date if/when your firm is audited
- You need a written anti-fraud policy, including procedures that address fraud risk
- Firm cannot engage in business transactions with parties prohibited by OFAC (Office of Foreign Assets Control)
- Your physical office space as well as your computing assets need to be locked and, in some cases, alarmed (your actual office, desk drawers, desktops, file cabinets, etc.)
- All hard drives and removable media need encryption
- You can’t have default vendor passwords, and some lenders require ‘strong-passwords’
- Strict no-use policy regarding peer-to-peer file sharing services (i.e., Limewire, Gnutella, etc.)
- Some financial institutions prohibit web-based backup services, and most if not all require encrypted back up and/or offsite storage
- Some lenders have indicated that they strongly discourage social networking sites
Keep in mind that each financial institution is different and there is no uniform guidebook across all lenders. Firms need to get in front of these problems as early as possible so don’t wait until you’re audited. Ask your lenders for their IT regulations checklists, call your Managed Services Provider / Internal IT Dept., and begin the compliance process now. You don’t want your lenders to stop sending business because you didn’t know having ‘password’ as your password violates their PII regulations.