OneSpan Research: Half of Senior Banking Leaders Have Hit Hurdles Due to Regulatory Compliance

OneSpan™ (NASDAQ: OSPN), a global leader in digital banking security and e-signatures, today released its second annual Global Financial Regulations Report. In conjunction with comprehensive research into how the changing regulatory landscape is impacting the banking community, this year’s report also reveals how financial institutions are responding to new challenges presented by increasingly innovative hacking attacks, protecting sensitive data and evermore stringent regulations. 48% of financial institutions report that regulatory compliance has slowed digital transformation.

We spoke with Michael Magrath, VP of Global Regulations and Standards at OneSpan to dive deeper into the research and insights the industry can glean from this latest report.


Why are technology innovations such as AI, cryptocurrency, biometrics and blockchain outpacing Fintech regulations?


While innovation continues at rapid speed, the regulatory landscape has not yet fully accommodated the changes it has brought. In many cases, regulations have even slowed down the pace of innovation by imposing new requirements and obligations. In our recent report, half of banks report that the changing industry regulations are creating roadblocks or slowing progress in digital transformation. For example, the use of Artificial Intelligence continues to expand across all industries. To date, AI technology has largely gone unregulated, but changes are on the horizon, the EU may address this for the block and U.S. financial regulators are poised to introduce regulations for FIs in 2022 after issuing an RFI this past spring on the use of AI.


Just last month, the White House’s Office of Science and Technology Policy (OSTP) issued a Request for Information (RFI) on Public and Private Sector Uses of Biometric Technologies. OSTP hopes to “understand the extent and variety of biometric technologies in past, current, or planned use; the domains in which these technologies are being used; the entities making use of them; current principles, practices, or policies governing their use; and the stakeholders that are, or may be, impacted by their use or regulation.”


The COVID-19 pandemic was a double-edged sword in that, while it accelerated the development and deployment of digital transformation initiatives, it also exposed businesses to economic and financial vulnerabilities. While many elements of digitalization have been subject to clear and often exacting regulations, other areas have outpaced regulators, leaving industry with a lack of clarity or insufficient consumer protection.


Why is the US trailing, with respect to data protection and digital identity standards?


Although the United States is considered the most cybersecure country in the world, the U.S. falls behind the rest of the world when it comes to regulations. The United States has been progressive in fostering its digital economy, but it has yet to institute a national data protection framework, a national digital identity infrastructure or an open banking system.


States—including California, Colorado and Virginia—have enacted data protection frameworks, and a handful of other states are in the midst of legislation. When compared to other parts of the world, the E.U., Brazil, Australia, Thailand, China, and South Africa all have stronger, national-level consumer data protection laws than the U.S.


Additionally, the U.S. is behind in digital identity too. There is no national digital identity initiative. The expectation is that mobile/digital driver’s licenses issued by states may very well become the defacto digital ID, but only a few states have issued them, and it will be years before they are issued in all 50 states. If there were ever a catalyst for a national digital identity infrastructure, the pandemic put a big, bright spotlight on the issue. Online fraud related to identity theft has been rampant. With millions out of work in 2020, state unemployment programs were the target of cyber thieves. The amount stolen has been reported to be between $60 billion to as high as $400 billion in a partisan report.


What kind of data did you get from your recent report that gathered insights from 172 financial institutions unveiling the state of compliance and regulation?


The full results of the research are outlined in OneSpan’s second annual Global Financial Regulations Report, with interesting findings such as:

  • Half of bank leaders reported that the need to comply with industry regulations has created roadblocks or slowed progress on digital transformation.

  • 84% of financial institutions are preparing to adopt cutting-edge technologies like central bank digital currency (CBDC); half of banks are planning to implement mobile app shielding technologies to secure mobile apps in anticipation of upcoming CBDC initiatives.

  • Top challenges banks are facing to comply with government regulations include reducing or preventing cyber-attacks (53%), safeguarding sensitive data (47%) and keeping pace with changes in consumer privacy laws and industry regulations (41%)

  • To comply with industry regulations, almost half of banks are putting digital remote identity verification and biometrics in place. A further 41% are prioritizing emerging technologies like remote online notarization (RON).

  • Bank leaders are generally optimistic about crypto regulations. 67% of financial services leaders agree that crypto regulations make banks’ participation in the market more attractive.

What can banks do to better protect their customers?

  • Secure the mobile channel: To be confident that mobile applications are safe from the many digital threats, banks and FIs must incorporate mobile application shielding. This way, even if the device has been compromised in some way, the applications themselves will remain protected. 41% of U.S. bank leaders have put in place application shielding technology to help comply with industry regulations.

  • Enable multi-factor authentication: On October 27th, the FTC published an update to the Safeguards Rule under the Gramm-Leach-Bliley Act. The revised rule includes a host of changes. Although most, if not all, FIs are using encryption today, the rule requires encryption for data at rest and in transit. It also requires multi-factor authentication “whenever any individual -- employee, customer or otherwise -- accesses an information system”. The revised rule goes into effect in a year.

  • Support remote banking with secure digital identity verification: Since the Financial Action Task Force published its Digital Identity Guidance in March 2020, which among other things highlighted the benefits of non-face-to-face onboarding of customers, many countries have updated their regulations to permit remote onboarding.

  • Rethink the customer journey: This requires an omni-channel approach to how customers/citizens/members interact with a commercial or non-profit organization or government agency. Identity verification should be holistic so an individual calling or accessing information online does not need their identity proofed with each encounter. This streamlines the process, increases customer satisfaction and reduces costs for organizations and agencies. The Internal Revenue Service is in the early stages of making improvements to the Taxpayer Journey and it will be interesting to see how they fare.

If organizations haven’t deployed electronic signature technology, the question is why not? e-Signatures add tremendous value to improving the customer journey while, expeditiously acquiring necessary signatures in a safe and secure manner. e-Signatures combined with frictionless online authentication will benefit all.


###