APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Banking
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Will Finance Automation Prove to be the Merger of the COO & CFO Roles?

    Amit Agrawal, Delivery Manager, NTT Data

    Asian Development Bank: Using Emerging Digital Technologies for the Common Good

    Shirin Hamid, CIO, & CTO, Asian Development Bank

    An In-depth Sight on Banking Technology

    Sandeep Khera, Chief Information Officer, XAC Bank

    Where was the Cloud when I was Younger?

    John Ferlito, Chief Technical Officer, Bulletproof

    Synergistic Opportunities for Banks and Fintech Companies

    Patrick Maes, CTO,

    Data Analytics: Bringing In A New Level Of Detail And Visibility

    David H. Robinson, SVP & Chief Information Officer, Lockton

    Demonstrating Business Value is Key To Success

    Mark Schlesinger, SVP & CIO, Broadridge

    Why Your Payments Strategy is the Key to Your Digital Future

    Tina Giorgio, President and CEO, ICBA Bancard

    right

    Compliance-Not Only For Banks

    Bassam Alousi, Director-Technology, White Clarke Group

    Tweet
    content-image

    Bassam Alousi, Director-Technology, White Clarke Group

    Due to the global finance market regulations, Banks and Financial Institutions are forced to comply with several regulatory requirements. In the past, these regulatory requirements were specific to the Banking and Financing Organizations.

    In the past few years, many financial institutions have been outsourcing several functions to external service provider (ASP-Application Service Provider, SaaS-Software as a Service, or Cloud Service Provider). These financial functions are not limited to: accounting (receivable, payable), financing (loan origination and contract management), document management, IT (network, storage, backup, hosting, co-location) and payroll. Due to the delegation and outsourcing of these financial functions, the financial institutions not only depend on the quality and accuracy of these financial transactions, they depend on the service provider to securely process and store the confidential and sensitive information (such as customer personal information). Lately, the service providers are being requested to go through increased compliance requirements to demonstrate a controlled environment for the outsourced functions. Three years ago, the Consumer Financial Protection Bureau (CFPB) announced that it expects supervised banks and non-banks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law which is designed to protect the interest of consumers and avoid consumer harm.

    A major part of theses regulatory requirements can be satisfied by SSAE 16 SOC 1 which is produced by an independent audit firm. SSAE 16 is playing an important role for the external service provider by providing the credibility, trust and compliance standard with the banks or financial institutions. In simple words SOC 1 audit tells the bank of the service provider is doing what they promised. In technical terms, the SOC 1 reports includes a review and audit to the following major areas:

    1. Control Environment: This is foundation of other areas of internal control; it sets the tone of the organization and influences the control consciousness of its personnel. The component of the control environment factors include Integrity and Ethical Values, management’s commitment to competence, organizational structure (assignment of authority and responsibility), and oversight and directions from management.

    2.

    Security: The protection of information systems and data

    a. Physical & Environmental Security: to protect the information system from physical or environmental threats.

    b. Logical Access (Information Security): to provide reasonable assurance that system information is protected from unauthorized use, modification, addition or deletion.

    c. Data Security: this is to ensure that the data maintains its integrity and security as it is being processed, transmitted (between systems), and stored.

    3. Risk Assessment: This includes identifying the risks that threaten achievement of control objective, estimating the significance of identified risks, assessing the likelihood of their occurrence, and deciding about actions to address these risks.

    4. System (Computer) Operations: To address the identified risks and to deliver functions that the system is required to provide, a set of control activities need to be placed into operation to ensure that the actions carried out properly and efficiently. This includes:

    a. Data Backups: this is to provide reasonable assurance that application and data backup processes are in place and being monitored.

    b. System Availability: this is to provide reasonable assurance that system are maintained in a manner that helps ensure the required system availability.

    c. Job Processing: this is to provide a reasonable assurance that any batch jobs are scheduled and monitored to ensure successful completion or processing problems are resolved.

    5. Change Control: this is to provide reasonable assurance that changes to the production system or application are authorized, tested, approved, properly implemented and documented.

    There are two type of SOC 1 Report:

    • Type 1 Report is a report on policies and procedures placed in operation as of a specified point in time. SOC 1 Type 1 reports evaluate the design effectiveness of a service provider’s controls and then confirms that the controls have been placed in operation as of a specific date (point in time).

    • Type 2 Report is a report on policies and procedures placed in operation and tests of operating effectiveness for a period of time. SOC 1 Type 2 reports include the examination and confirmation steps involved in a Type 1 examination plus include an evaluation of the operating effectiveness of the controls for a period of at least six consecutive calendar months.

    The scope of the SOC 1 audit is determined by the service provider. Making sure to scope the audit properly would clearly demonstrate the service provider quality of service and ensure that sufficient information is provided to the service provider’s clients.

    The SOC 1 Audit Process can go through five major phases:

    1. Discovery and Compliance Awareness: in this phase the service provider needs to prepare their internal team for the audit process by providing the relevant compliance information and requirements to team members.

    2. Scoping & planning: each service provider have different types of services that they offer to financial institutes. The scope of the audit varies based on the services being offered.

    3. Planning: as any project the SOC 1 Audit Process detailed planning need to be performed in the early stages of the project to make sure that all resources required in the scope are available and all required skills for this project do exist.

    4. Type 1 Assessment & Action Plan: here you involve a certified third party vendor to perform the Point In Time Assessment to provide the SOC 1 Type 1 Report. The next part of this phase is to review and implement the recommended improvement to your Processes.

    5. Type 2 Assessment: once the process improvement have been applied then you are ready for the final audit.

    Demand for SSAE 16 SOC Reports should increase in the coming years because of the higher growth in outsourcing financial functions. Service providers need to pro-actively perform the SSAE Audit and get a clean SOC 1 Type 2 report to increase their chances of getting business from Banks and Financial Institutions.

    tag

    Financial

    Data Security

    Information Security

    SaaS

    Document Management

    Weekly Brief

    loading
    Top 10 Banking Technology Companies - 2020
    ON THE DECK

    Banking 2020

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    The Blueprint behind Modernizing Branch Networks

    The Blueprint behind Modernizing Branch Networks

    Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
    The Blueprint behind Modernizing Branch Networks

    The Blueprint behind Modernizing Branch Networks

    Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
    Meeting Business Travel Demands with Intelligent Platforms

    Meeting Business Travel Demands with Intelligent Platforms

    Zamil Murji, Chief Technology Officer, Corporate Travel Management – Asia
    From Friction to Function: How Winc Turned Customer Feedback into Business Growth

    From Friction to Function: How Winc Turned Customer Feedback into Business Growth

    Cara Pring, Digital & Cx Director, Winc Australia
    Why Contact Centres are Becoming Strategic Hubs for Social Insight

    Why Contact Centres are Becoming Strategic Hubs for Social Insight

    Cindy Chaimowitz, GM Wholesale & Customer Service and Karen Smith, Head of Customer Service, Foodstuffs North Island
    Why Compliance Needs a Seat at the Strategy Table

    Why Compliance Needs a Seat at the Strategy Table

    David Koh, Head, Legal & Compliance (Singapore) and Operational Risk Management Country Lead, Perpetual Limited
    Streamlining Operations and Empowering Teams in Facilities Management

    Streamlining Operations and Empowering Teams in Facilities Management

    Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
    Technocreativity: The Synergy Of Technology And Creativity

    Technocreativity: The Synergy Of Technology And Creativity

    Tran Nguyen Phi Long, Group Head Of Retail Marketing, Pnj Group
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://banking.apacciooutlook.com/cxoinsights/compliancenot-only-for-banks-nwid-756.html